Changeset 745 for trunk/server/source3/smbd/open.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/smbd/open.c (modified) (105 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/smbd/open.c
r620 r745 5 5 Copyright (C) Jeremy Allison 2001-2004 6 6 Copyright (C) Volker Lendecke 2005 7 7 8 8 This program is free software; you can redistribute it and/or modify 9 9 it under the terms of the GNU General Public License as published by 10 10 the Free Software Foundation; either version 3 of the License, or 11 11 (at your option) any later version. 12 12 13 13 This program is distributed in the hope that it will be useful, 14 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 16 GNU General Public License for more details. 17 17 18 18 You should have received a copy of the GNU General Public License 19 19 along with this program. If not, see <http://www.gnu.org/licenses/>. … … 21 21 22 22 #include "includes.h" 23 #include "system/filesys.h" 24 #include "printing.h" 25 #include "smbd/smbd.h" 23 26 #include "smbd/globals.h" 24 25 extern struct current_user current_user; 27 #include "fake_file.h" 28 #include "../libcli/security/security.h" 29 #include "../librpc/gen_ndr/ndr_security.h" 30 #include "auth.h" 31 #include "messages.h" 32 26 33 extern const struct generic_mapping file_generic_mapping; 27 34 28 35 struct deferred_open_record { 29 30 36 bool delayed_for_oplocks; 37 struct file_id id; 31 38 }; 32 33 static NTSTATUS create_file_unixpath(connection_struct *conn,34 struct smb_request *req,35 struct smb_filename *smb_fname,36 uint32_t access_mask,37 uint32_t share_access,38 uint32_t create_disposition,39 uint32_t create_options,40 uint32_t file_attributes,41 uint32_t oplock_request,42 uint64_t allocation_size,43 struct security_descriptor *sd,44 struct ea_list *ea_list,45 46 files_struct **result,47 int *pinfo);48 39 49 40 /**************************************************************************** … … 51 42 ****************************************************************************/ 52 43 53 NTSTATUS smb1_file_se_access_check( connection_struct *conn,54 55 const NT_USER_TOKEN*token,56 57 44 NTSTATUS smb1_file_se_access_check(struct connection_struct *conn, 45 const struct security_descriptor *sd, 46 const struct security_token *token, 47 uint32_t access_desired, 48 uint32_t *access_granted) 58 49 { 59 50 *access_granted = 0; 60 51 61 if ( conn->server_info->utok.uid == 0 || conn->admin_user) {52 if (get_current_uid(conn) == (uid_t)0) { 62 53 /* I'm sorry sir, I didn't know you were root... */ 63 54 *access_granted = access_desired; … … 86 77 NTSTATUS status; 87 78 struct security_descriptor *sd = NULL; 79 uint32_t rejected_share_access; 80 81 rejected_share_access = access_mask & ~(conn->share_access); 82 83 if (rejected_share_access) { 84 *access_granted = rejected_share_access; 85 return NT_STATUS_ACCESS_DENIED; 86 } 88 87 89 88 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) { … … 98 97 99 98 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, 100 ( OWNER_SECURITY_INFORMATION|101 GROUP_SECURITY_INFORMATION|102 DACL_SECURITY_INFORMATION),&sd);99 (SECINFO_OWNER | 100 SECINFO_GROUP | 101 SECINFO_DACL),&sd); 103 102 104 103 if (!NT_STATUS_IS_OK(status)) { … … 112 111 status = smb1_file_se_access_check(conn, 113 112 sd, 114 conn->server_info->ptok,113 get_current_nttok(conn), 115 114 access_mask, 116 115 access_granted); … … 191 190 int ret; 192 191 192 if (fsp->dptr) { 193 dptr_CloseDir(fsp); 194 } 193 195 if (fsp->fh->fd == -1) { 194 196 return NT_STATUS_OK; /* What we used to call a stat open. */ … … 231 233 smb_fname_str_dbg(smb_fname_parent), 232 234 strerror(errno))); 235 TALLOC_FREE(smb_fname_parent); 236 return; 237 } 238 239 if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) { 240 /* Already this uid - no need to change. */ 241 DEBUG(10,("change_file_owner_to_parent: file %s " 242 "is already owned by uid %d\n", 243 fsp_str_dbg(fsp), 244 (int)fsp->fsp_name->st.st_ex_uid )); 245 TALLOC_FREE(smb_fname_parent); 233 246 return; 234 247 } … … 247 260 "parent directory uid %u.\n", fsp_str_dbg(fsp), 248 261 (unsigned int)smb_fname_parent->st.st_ex_uid)); 249 250 262 /* Ensure the uid entry is updated. */ 251 263 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid; … … 333 345 } 334 346 347 if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) { 348 /* Already this uid - no need to change. */ 349 DEBUG(10,("change_dir_owner_to_parent: directory %s " 350 "is already owned by uid %d\n", 351 fname, 352 (int)smb_fname_cwd->st.st_ex_uid )); 353 status = NT_STATUS_OK; 354 goto chdir; 355 } 356 335 357 become_root(); 336 ret = SMB_VFS_ CHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,358 ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid, 337 359 (gid_t)-1); 338 360 unbecome_root(); … … 350 372 "directory %s to parent directory uid %u.\n", 351 373 fname, (unsigned int)smb_fname_parent->st.st_ex_uid )); 352 353 /* Ensure the uid entry is updated. */354 psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;355 374 356 375 chdir: … … 592 611 593 612 if (file_created) { 613 bool need_re_stat = false; 594 614 /* Do all inheritance work after we've 595 615 done a successful stat call and filled … … 601 621 smb_fname->base_name, 602 622 unx_mode); 623 need_re_stat = true; 603 624 } 604 625 … … 607 628 change_file_owner_to_parent(conn, parent_dir, 608 629 fsp); 630 need_re_stat = true; 631 } 632 633 if (need_re_stat) { 634 if (fsp->fh->fd == -1) { 635 ret = SMB_VFS_STAT(conn, smb_fname); 636 } else { 637 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st); 638 /* If we have an fd, this stat should succeed. */ 639 if (ret == -1) { 640 DEBUG(0,("Error doing fstat on open file %s " 641 "(%s)\n", 642 smb_fname_str_dbg(smb_fname), 643 strerror(errno) )); 644 } 645 } 609 646 } 610 647 … … 639 676 True : False; 640 677 } 641 fsp->print_file = False;678 fsp->print_file = NULL; 642 679 fsp->modified = False; 643 680 fsp->sent_oplock_break = NO_BREAK_SENT; … … 652 689 653 690 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n", 654 conn->se rver_info->unix_name,691 conn->session_info->unix_name, 655 692 smb_fname_str_dbg(smb_fname), 656 693 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write), … … 747 784 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA, 748 785 entry->share_access, FILE_SHARE_WRITE); 749 786 750 787 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE, 751 788 share_access, FILE_SHARE_READ); … … 763 800 764 801 #if defined(DEVELOPER) 765 static void validate_my_share_entries(int num, 802 static void validate_my_share_entries(struct smbd_server_connection *sconn, 803 int num, 766 804 struct share_mode_entry *share_entry) 767 805 { … … 785 823 } 786 824 787 fsp = file_find_dif(s hare_entry->id,825 fsp = file_find_dif(sconn, share_entry->id, 788 826 share_entry->share_file_id); 789 827 if (!fsp) { … … 845 883 static NTSTATUS open_mode_check(connection_struct *conn, 846 884 struct share_mode_lock *lck, 885 uint32_t name_hash, 847 886 uint32 access_mask, 848 887 uint32 share_access, … … 860 899 /* A delete on close prohibits everything */ 861 900 862 if ( lck->delete_on_close) {901 if (is_delete_on_close_set(lck, name_hash)) { 863 902 return NT_STATUS_DELETE_PENDING; 864 903 } … … 873 912 * Check if the share modes will give us access. 874 913 */ 875 914 876 915 #if defined(DEVELOPER) 877 916 for(i = 0; i < lck->num_share_modes; i++) { 878 validate_my_share_entries(i, &lck->share_modes[i]); 917 validate_my_share_entries(conn->sconn, i, 918 &lck->share_modes[i]); 879 919 } 880 920 #endif … … 898 938 } 899 939 } 900 940 901 941 return NT_STATUS_OK; 902 942 } … … 914 954 static NTSTATUS send_break_message(files_struct *fsp, 915 955 struct share_mode_entry *exclusive, 916 uint 16mid,956 uint64_t mid, 917 957 int oplock_request) 918 958 { … … 931 971 932 972 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) { 933 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE); 934 } 935 936 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid, 973 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET, 974 exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE); 975 } 976 977 status = messaging_send_buf(fsp->conn->sconn->msg_ctx, exclusive->pid, 937 978 MSG_SMB_BREAK_REQUEST, 938 979 (uint8 *)msg, … … 947 988 948 989 /* 949 * 1) No files open at all or internal open: Grant whatever the client wants. 950 * 951 * 2) Exclusive (or batch) oplock around: If the requested access is a delete 952 * request, break if the oplock around is a batch oplock. If it's another 953 * requested access type, break. 954 * 955 * 3) Only level2 around: Grant level2 and do nothing else. 990 * Return share_mode_entry pointers for : 991 * 1). Batch oplock entry. 992 * 2). Batch or exclusive oplock entry (may be identical to #1). 993 * bool have_level2_oplock 994 * bool have_no_oplock. 995 * Do internal consistency checks on the share mode for a file. 956 996 */ 957 997 958 static bool delay_for_oplocks(struct share_mode_lock *lck, 959 files_struct *fsp, 960 uint16 mid, 961 int pass_number, 962 int oplock_request) 998 static void find_oplock_types(files_struct *fsp, 999 int oplock_request, 1000 struct share_mode_lock *lck, 1001 struct share_mode_entry **pp_batch, 1002 struct share_mode_entry **pp_ex_or_batch, 1003 bool *got_level2, 1004 bool *got_no_oplock) 963 1005 { 964 1006 int i; 965 struct share_mode_entry *exclusive = NULL; 966 bool valid_entry = false; 967 bool have_level2 = false; 968 bool have_a_none_oplock = false; 1007 1008 *pp_batch = NULL; 1009 *pp_ex_or_batch = NULL; 1010 *got_level2 = false; 1011 *got_no_oplock = false; 1012 1013 /* Ignore stat or internal opens, as is done in 1014 delay_for_batch_oplocks() and 1015 delay_for_exclusive_oplocks(). 1016 */ 1017 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) { 1018 return; 1019 } 1020 1021 for (i=0; i<lck->num_share_modes; i++) { 1022 if (!is_valid_share_mode_entry(&lck->share_modes[i])) { 1023 continue; 1024 } 1025 1026 if (lck->share_modes[i].op_type == NO_OPLOCK && 1027 is_stat_open(lck->share_modes[i].access_mask)) { 1028 /* We ignore stat opens in the table - they 1029 always have NO_OPLOCK and never get or 1030 cause breaks. JRA. */ 1031 continue; 1032 } 1033 1034 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) { 1035 /* batch - can only be one. */ 1036 if (*pp_ex_or_batch || *pp_batch || *got_level2 || *got_no_oplock) { 1037 smb_panic("Bad batch oplock entry."); 1038 } 1039 *pp_batch = &lck->share_modes[i]; 1040 } 1041 1042 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) { 1043 /* Exclusive or batch - can only be one. */ 1044 if (*pp_ex_or_batch || *got_level2 || *got_no_oplock) { 1045 smb_panic("Bad exclusive or batch oplock entry."); 1046 } 1047 *pp_ex_or_batch = &lck->share_modes[i]; 1048 } 1049 1050 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) { 1051 if (*pp_batch || *pp_ex_or_batch) { 1052 smb_panic("Bad levelII oplock entry."); 1053 } 1054 *got_level2 = true; 1055 } 1056 1057 if (lck->share_modes[i].op_type == NO_OPLOCK) { 1058 if (*pp_batch || *pp_ex_or_batch) { 1059 smb_panic("Bad no oplock entry."); 1060 } 1061 *got_no_oplock = true; 1062 } 1063 } 1064 } 1065 1066 static bool delay_for_batch_oplocks(files_struct *fsp, 1067 uint64_t mid, 1068 int oplock_request, 1069 struct share_mode_entry *batch_entry) 1070 { 1071 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) { 1072 return false; 1073 } 1074 1075 if (batch_entry != NULL) { 1076 /* Found a batch oplock */ 1077 send_break_message(fsp, batch_entry, mid, oplock_request); 1078 return true; 1079 } 1080 return false; 1081 } 1082 1083 static bool delay_for_exclusive_oplocks(files_struct *fsp, 1084 uint64_t mid, 1085 int oplock_request, 1086 struct share_mode_entry *ex_entry) 1087 { 1088 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) { 1089 return false; 1090 } 1091 1092 if (ex_entry != NULL) { 1093 /* Found an exclusive or batch oplock */ 1094 bool delay_it = is_delete_request(fsp) ? 1095 BATCH_OPLOCK_TYPE(ex_entry->op_type) : true; 1096 if (delay_it) { 1097 send_break_message(fsp, ex_entry, mid, oplock_request); 1098 return true; 1099 } 1100 } 1101 return false; 1102 } 1103 1104 static void grant_fsp_oplock_type(files_struct *fsp, 1105 const struct byte_range_lock *br_lck, 1106 int oplock_request, 1107 bool got_level2_oplock, 1108 bool got_a_none_oplock) 1109 { 969 1110 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) && 970 1111 lp_level2_oplocks(SNUM(fsp->conn)); 971 1112 1113 /* Start by granting what the client asked for, 1114 but ensure no SAMBA_PRIVATE bits can be set. */ 1115 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK); 1116 972 1117 if (oplock_request & INTERNAL_OPEN_ONLY) { 1118 /* No oplocks on internal open. */ 973 1119 fsp->oplock_type = NO_OPLOCK; 974 } 975 976 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) { 977 return false; 978 } 979 980 for (i=0; i<lck->num_share_modes; i++) { 981 982 if (!is_valid_share_mode_entry(&lck->share_modes[i])) { 983 continue; 984 } 985 986 /* At least one entry is not an invalid or deferred entry. */ 987 valid_entry = true; 988 989 if (pass_number == 1) { 990 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) { 991 SMB_ASSERT(exclusive == NULL); 992 exclusive = &lck->share_modes[i]; 993 } 994 } else { 995 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) { 996 SMB_ASSERT(exclusive == NULL); 997 exclusive = &lck->share_modes[i]; 998 } 999 } 1000 1001 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) { 1002 SMB_ASSERT(exclusive == NULL); 1003 have_level2 = true; 1004 } 1005 1006 if (lck->share_modes[i].op_type == NO_OPLOCK) { 1007 have_a_none_oplock = true; 1008 } 1009 } 1010 1011 if (exclusive != NULL) { /* Found an exclusive oplock */ 1012 bool delay_it = is_delete_request(fsp) ? 1013 BATCH_OPLOCK_TYPE(exclusive->op_type) : true; 1014 SMB_ASSERT(!have_level2); 1015 if (delay_it) { 1016 send_break_message(fsp, exclusive, mid, oplock_request); 1017 return true; 1018 } 1120 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n", 1121 fsp->oplock_type, fsp_str_dbg(fsp))); 1122 return; 1123 } else if (br_lck && br_lck->num_locks > 0) { 1124 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n", 1125 fsp_str_dbg(fsp))); 1126 fsp->oplock_type = NO_OPLOCK; 1127 } 1128 1129 if (is_stat_open(fsp->access_mask)) { 1130 /* Leave the value already set. */ 1131 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n", 1132 fsp->oplock_type, fsp_str_dbg(fsp))); 1133 return; 1019 1134 } 1020 1135 … … 1024 1139 */ 1025 1140 1026 if (!valid_entry) { 1027 /* All entries are placeholders or deferred. 1028 * Directly grant whatever the client wants. */ 1029 if (fsp->oplock_type == NO_OPLOCK) { 1030 /* Store a level2 oplock, but don't tell the client */ 1031 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK; 1032 } 1033 } else if (have_a_none_oplock) { 1141 if (got_a_none_oplock) { 1034 1142 fsp->oplock_type = NO_OPLOCK; 1035 } else if ( have_level2) {1143 } else if (got_level2_oplock) { 1036 1144 if (fsp->oplock_type == NO_OPLOCK || 1037 1145 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) { … … 1042 1150 } 1043 1151 } else { 1044 /* This case can never happen. */ 1045 SMB_ASSERT(1); 1152 /* All share_mode_entries are placeholders or deferred. 1153 * Silently upgrade to fake levelII if the client didn't 1154 * ask for an oplock. */ 1155 if (fsp->oplock_type == NO_OPLOCK) { 1156 /* Store a level2 oplock, but don't tell the client */ 1157 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK; 1158 } 1046 1159 } 1047 1160 … … 1054 1167 } 1055 1168 1056 DEBUG(10,(" delay_for_oplocks: oplock type 0x%x on file %s\n",1169 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n", 1057 1170 fsp->oplock_type, fsp_str_dbg(fsp))); 1058 1059 /* No delay. */1060 return false;1061 1171 } 1062 1172 … … 1093 1203 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) { 1094 1204 DEBUG(0, ("Trying to defer an already deferred " 1095 "request: mid=%d, exiting\n", req->mid)); 1205 "request: mid=%llu, exiting\n", 1206 (unsigned long long)req->mid)); 1096 1207 exit_server("attempt to defer a deferred request"); 1097 1208 } … … 1101 1212 1102 1213 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred " 1103 "open entry for mid % u\n",1214 "open entry for mid %llu\n", 1104 1215 (unsigned int)request_time.tv_sec, 1105 1216 (unsigned int)request_time.tv_usec, 1106 (unsigned int)req->mid)); 1107 1108 if (!push_deferred_smb_message(req, request_time, timeout, 1109 (char *)state, sizeof(*state))) { 1110 exit_server("push_deferred_smb_message failed"); 1111 } 1112 add_deferred_open(lck, req->mid, request_time, state->id); 1217 (unsigned long long)req->mid)); 1218 1219 if (!push_deferred_open_message_smb(req, request_time, timeout, 1220 state->id, (char *)state, sizeof(*state))) { 1221 exit_server("push_deferred_open_message_smb failed"); 1222 } 1223 add_deferred_open(lck, req->mid, request_time, 1224 sconn_server_id(req->sconn), state->id); 1113 1225 } 1114 1226 … … 1182 1294 "file %s.\n", smb_fname_str_dbg(smb_fname))); 1183 1295 1184 for(fsp = file_find_di_first( id); fsp;1296 for(fsp = file_find_di_first(conn->sconn, id); fsp; 1185 1297 fsp = file_find_di_next(fsp)) { 1186 1298 … … 1232 1344 uint32 *pshare_mode, 1233 1345 uint32 *pcreate_disposition, 1234 uint32 *pcreate_options) 1346 uint32 *pcreate_options, 1347 uint32_t *pprivate_flags) 1235 1348 { 1236 1349 uint32 access_mask; … … 1238 1351 uint32 create_disposition; 1239 1352 uint32 create_options = FILE_NON_DIRECTORY_FILE; 1353 uint32_t private_flags = 0; 1240 1354 1241 1355 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, " … … 1276 1390 create_disposition = FILE_OPEN_IF; 1277 1391 break; 1278 1392 1279 1393 case OPENX_FILE_EXISTS_TRUNCATE: 1280 1394 create_disposition = FILE_OVERWRITE; … … 1295 1409 return False; 1296 1410 } 1297 1411 1298 1412 /* Create the NT compatible share modes. */ 1299 1413 switch (GET_DENY_MODE(deny_mode)) { … … 1315 1429 1316 1430 case DENY_DOS: 1317 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;1431 private_flags |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS; 1318 1432 if (is_executable(smb_fname->base_name)) { 1319 1433 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE; … … 1328 1442 1329 1443 case DENY_FCB: 1330 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;1444 private_flags |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB; 1331 1445 share_mode = FILE_SHARE_NONE; 1332 1446 break; … … 1340 1454 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, " 1341 1455 "share_mode = 0x%x, create_disposition = 0x%x, " 1342 "create_options = 0x%x \n",1456 "create_options = 0x%x private_flags = 0x%x\n", 1343 1457 smb_fname_str_dbg(smb_fname), 1344 1458 (unsigned int)access_mask, 1345 1459 (unsigned int)share_mode, 1346 1460 (unsigned int)create_disposition, 1347 (unsigned int)create_options )); 1461 (unsigned int)create_options, 1462 (unsigned int)private_flags)); 1348 1463 1349 1464 if (paccess_mask) { … … 1358 1473 if (pcreate_options) { 1359 1474 *pcreate_options = create_options; 1475 } 1476 if (pprivate_flags) { 1477 *pprivate_flags = private_flags; 1360 1478 } 1361 1479 … … 1405 1523 ****************************************************************************/ 1406 1524 1407 static NTSTATUScalculate_access_mask(connection_struct *conn,1408 1409 1410 1411 1525 NTSTATUS smbd_calculate_access_mask(connection_struct *conn, 1526 const struct smb_filename *smb_fname, 1527 bool file_existed, 1528 uint32_t access_mask, 1529 uint32_t *access_mask_out) 1412 1530 { 1413 1531 NTSTATUS status; 1532 uint32_t orig_access_mask = access_mask; 1533 uint32_t rejected_share_access; 1414 1534 1415 1535 /* … … 1427 1547 1428 1548 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, 1429 ( OWNER_SECURITY_INFORMATION|1430 GROUP_SECURITY_INFORMATION|1431 DACL_SECURITY_INFORMATION),&sd);1549 (SECINFO_OWNER | 1550 SECINFO_GROUP | 1551 SECINFO_DACL),&sd); 1432 1552 1433 1553 if (!NT_STATUS_IS_OK(status)) { 1434 DEBUG(10, ("calculate_access_mask: Could not get acl"1435 " on file %s: %s\n",1554 DEBUG(10,("smbd_calculate_access_mask: " 1555 "Could not get acl on file %s: %s\n", 1436 1556 smb_fname_str_dbg(smb_fname), 1437 1557 nt_errstr(status))); … … 1441 1561 status = smb1_file_se_access_check(conn, 1442 1562 sd, 1443 conn->server_info->ptok,1563 get_current_nttok(conn), 1444 1564 access_mask, 1445 1565 &access_granted); … … 1448 1568 1449 1569 if (!NT_STATUS_IS_OK(status)) { 1450 DEBUG(10, ("calculate_access_mask: Access denied on " 1451 "file %s: when calculating maximum access\n", 1570 DEBUG(10, ("smbd_calculate_access_mask: " 1571 "Access denied on file %s: " 1572 "when calculating maximum access\n", 1452 1573 smb_fname_str_dbg(smb_fname))); 1453 1574 return NT_STATUS_ACCESS_DENIED; … … 1458 1579 access_mask = FILE_GENERIC_ALL; 1459 1580 } 1581 1582 access_mask &= conn->share_access; 1583 } 1584 1585 rejected_share_access = access_mask & ~(conn->share_access); 1586 1587 if (rejected_share_access) { 1588 DEBUG(10, ("smbd_calculate_access_mask: Access denied on " 1589 "file %s: rejected by share access mask[0x%08X] " 1590 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n", 1591 smb_fname_str_dbg(smb_fname), 1592 conn->share_access, 1593 orig_access_mask, access_mask, 1594 rejected_share_access)); 1595 return NT_STATUS_ACCESS_DENIED; 1460 1596 } 1461 1597 1462 1598 *access_mask_out = access_mask; 1463 1599 return NT_STATUS_OK; 1600 } 1601 1602 /**************************************************************************** 1603 Remove the deferred open entry under lock. 1604 ****************************************************************************/ 1605 1606 void remove_deferred_open_entry(struct file_id id, uint64_t mid, 1607 struct server_id pid) 1608 { 1609 struct share_mode_lock *lck = get_share_mode_lock(talloc_tos(), id, 1610 NULL, NULL, NULL); 1611 if (lck == NULL) { 1612 DEBUG(0, ("could not get share mode lock\n")); 1613 } else { 1614 del_deferred_open_entry(lck, mid, pid); 1615 TALLOC_FREE(lck); 1616 } 1617 } 1618 1619 /**************************************************************** 1620 Ensure we get the brlock lock followed by the share mode lock 1621 in the correct order to prevent deadlocks if other smbd's are 1622 using the brlock database on this file simultaneously with this open 1623 (that code also gets the locks in brlock -> share mode lock order). 1624 ****************************************************************/ 1625 1626 static bool acquire_ordered_locks(TALLOC_CTX *mem_ctx, 1627 files_struct *fsp, 1628 const struct file_id id, 1629 const char *connectpath, 1630 const struct smb_filename *smb_fname, 1631 const struct timespec *p_old_write_time, 1632 struct share_mode_lock **p_lck, 1633 struct byte_range_lock **p_br_lck) 1634 { 1635 /* Ordering - we must get the br_lck for this 1636 file before the share mode. */ 1637 if (lp_locking(fsp->conn->params)) { 1638 *p_br_lck = brl_get_locks_readonly(fsp); 1639 if (*p_br_lck == NULL) { 1640 DEBUG(0, ("Could not get br_lock\n")); 1641 return false; 1642 } 1643 /* Note - we don't need to free the returned 1644 br_lck explicitly as it was allocated on talloc_tos() 1645 and so will be autofreed (and release the lock) 1646 once the frame context disappears. 1647 1648 If it was set to fsp->brlock_rec then it was 1649 talloc_move'd to hang off the fsp pointer and 1650 in this case is guarenteed to not be holding the 1651 lock on the brlock database. */ 1652 } 1653 1654 *p_lck = get_share_mode_lock(mem_ctx, 1655 id, 1656 connectpath, 1657 smb_fname, 1658 p_old_write_time); 1659 1660 if (*p_lck == NULL) { 1661 DEBUG(0, ("Could not get share mode lock\n")); 1662 TALLOC_FREE(*p_br_lck); 1663 return false; 1664 } 1665 return true; 1464 1666 } 1465 1667 … … 1477 1679 int oplock_request, /* internal Samba oplock codes. */ 1478 1680 /* Information (FILE_EXISTS etc.) */ 1681 uint32_t private_flags, /* Samba specific flags. */ 1479 1682 int *pinfo, 1480 1683 files_struct *fsp) … … 1494 1697 int info; 1495 1698 uint32 existing_dos_attributes = 0; 1496 struct pending_message_list *pml = NULL;1497 1699 struct timeval request_time = timeval_zero(); 1498 1700 struct share_mode_lock *lck = NULL; … … 1528 1730 } 1529 1731 1530 return print_ fsp_open(req, conn, smb_fname->base_name,1531 req->vuid, fsp);1732 return print_spool_open(fsp, smb_fname->base_name, 1733 req->vuid); 1532 1734 } 1533 1735 … … 1542 1744 new_dos_attributes = 0; 1543 1745 } else { 1544 /* We add aARCHto this as this mode is only used if the file is1746 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is 1545 1747 * created new. */ 1546 unx_mode = unix_mode(conn, new_dos_attributes | aARCH,1748 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE, 1547 1749 smb_fname, parent_dir); 1548 1750 } … … 1551 1753 "access_mask=0x%x share_access=0x%x " 1552 1754 "create_disposition = 0x%x create_options=0x%x " 1553 "unix mode=0%o oplock_request=%d \n",1755 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n", 1554 1756 smb_fname_str_dbg(smb_fname), new_dos_attributes, 1555 1757 access_mask, share_access, create_disposition, 1556 create_options, (unsigned int)unx_mode, oplock_request)); 1758 create_options, (unsigned int)unx_mode, oplock_request, 1759 (unsigned int)private_flags)); 1557 1760 1558 1761 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) { … … 1565 1768 */ 1566 1769 1567 if ((req != NULL) 1568 && ((pml = get_open_deferred_message(req->mid)) != NULL)) { 1569 struct deferred_open_record *state = 1570 (struct deferred_open_record *)pml->private_data.data; 1571 1572 /* Remember the absolute time of the original 1573 request with this mid. We'll use it later to 1574 see if this has timed out. */ 1575 1576 request_time = pml->request_time; 1577 1578 /* Remove the deferred open entry under lock. */ 1579 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL, 1580 NULL); 1581 if (lck == NULL) { 1582 DEBUG(0, ("could not get share mode lock\n")); 1583 } else { 1584 del_deferred_open_entry(lck, req->mid); 1585 TALLOC_FREE(lck); 1586 } 1587 1588 /* Ensure we don't reprocess this message. */ 1589 remove_deferred_open_smb_message(req->mid); 1770 if (req) { 1771 void *ptr; 1772 if (get_deferred_open_message_state(req, 1773 &request_time, 1774 &ptr)) { 1775 1776 struct deferred_open_record *state = (struct deferred_open_record *)ptr; 1777 /* Remember the absolute time of the original 1778 request with this mid. We'll use it later to 1779 see if this has timed out. */ 1780 1781 /* Remove the deferred open entry under lock. */ 1782 remove_deferred_open_entry( 1783 state->id, req->mid, 1784 sconn_server_id(req->sconn)); 1785 1786 /* Ensure we don't reprocess this message. */ 1787 remove_deferred_open_message_smb(req->mid); 1788 } 1590 1789 } 1591 1790 … … 1603 1802 1604 1803 /* ignore any oplock requests if oplocks are disabled */ 1605 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||1804 if (!lp_oplocks(SNUM(conn)) || 1606 1805 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) { 1607 1806 /* Mask off everything except the private Samba bits. */ … … 1718 1917 } 1719 1918 1720 status = calculate_access_mask(conn, smb_fname, file_existed,1919 status = smbd_calculate_access_mask(conn, smb_fname, file_existed, 1721 1920 access_mask, 1722 1921 &access_mask); 1723 1922 if (!NT_STATUS_IS_OK(status)) { 1724 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "1923 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask " 1725 1924 "on file %s returned %s\n", 1726 1925 smb_fname_str_dbg(smb_fname), nt_errstr(status))); … … 1748 1947 file handle, no matter what the requested access mask 1749 1948 says. */ 1750 if (( create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||1949 if ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) || 1751 1950 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) { 1752 1951 flags = O_RDWR; … … 1797 1996 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st); 1798 1997 fsp->share_access = share_access; 1799 fsp->fh->private_options = create_options;1998 fsp->fh->private_options = private_flags; 1800 1999 fsp->access_mask = open_access_mask; /* We change this to the 1801 2000 * requested access_mask after … … 1811 2010 1812 2011 if (file_existed) { 2012 struct byte_range_lock *br_lck = NULL; 2013 struct share_mode_entry *batch_entry = NULL; 2014 struct share_mode_entry *exclusive_entry = NULL; 2015 bool got_level2_oplock = false; 2016 bool got_a_none_oplock = false; 2017 1813 2018 struct timespec old_write_time = smb_fname->st.st_ex_mtime; 1814 2019 id = vfs_file_id_from_sbuf(conn, &smb_fname->st); 1815 2020 1816 lck = get_share_mode_lock(talloc_tos(), id, 1817 conn->connectpath, 1818 smb_fname, &old_write_time); 1819 1820 if (lck == NULL) { 1821 DEBUG(0, ("Could not get share mode lock\n")); 2021 if (!acquire_ordered_locks(talloc_tos(), 2022 fsp, 2023 id, 2024 conn->connectpath, 2025 smb_fname, 2026 &old_write_time, 2027 &lck, 2028 &br_lck)) { 1822 2029 return NT_STATUS_SHARING_VIOLATION; 1823 2030 } 1824 2031 2032 /* Get the types we need to examine. */ 2033 find_oplock_types(fsp, 2034 oplock_request, 2035 lck, 2036 &batch_entry, 2037 &exclusive_entry, 2038 &got_level2_oplock, 2039 &got_a_none_oplock); 2040 1825 2041 /* First pass - send break only on batch oplocks. */ 1826 if ((req != NULL) 1827 && delay_for_oplocks(lck, fsp, req->mid, 1, 1828 oplock_request)) { 2042 if ((req != NULL) && 2043 delay_for_batch_oplocks(fsp, 2044 req->mid, 2045 oplock_request, 2046 batch_entry)) { 1829 2047 schedule_defer_open(lck, request_time, req); 1830 2048 TALLOC_FREE(lck); … … 1834 2052 /* Use the client requested access mask here, not the one we 1835 2053 * open with. */ 1836 status = open_mode_check(conn, lck, access_mask, share_access, 2054 status = open_mode_check(conn, lck, fsp->name_hash, 2055 access_mask, share_access, 1837 2056 create_options, &file_existed); 1838 2057 … … 1842 2061 /* Second pass - send break for both batch or 1843 2062 * exclusive oplocks. */ 1844 if ((req != NULL) 1845 && delay_for_oplocks(lck, fsp, req->mid, 2, 1846 oplock_request)) { 2063 if ((req != NULL) && 2064 delay_for_exclusive_oplocks( 2065 fsp, 2066 req->mid, 2067 oplock_request, 2068 exclusive_entry)) { 1847 2069 schedule_defer_open(lck, request_time, req); 1848 2070 TALLOC_FREE(lck); … … 1857 2079 } 1858 2080 2081 grant_fsp_oplock_type(fsp, 2082 br_lck, 2083 oplock_request, 2084 got_level2_oplock, 2085 got_a_none_oplock); 2086 1859 2087 if (!NT_STATUS_IS_OK(status)) { 1860 2088 uint32 can_access_mask; … … 1865 2093 /* Check if this can be done with the deny_dos and fcb 1866 2094 * calls. */ 1867 if ( create_options &2095 if (private_flags & 1868 2096 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS| 1869 2097 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) { … … 2016 2244 2017 2245 if (!file_existed) { 2246 struct byte_range_lock *br_lck = NULL; 2247 struct share_mode_entry *batch_entry = NULL; 2248 struct share_mode_entry *exclusive_entry = NULL; 2249 bool got_level2_oplock = false; 2250 bool got_a_none_oplock = false; 2018 2251 struct timespec old_write_time = smb_fname->st.st_ex_mtime; 2019 2252 /* … … 2034 2267 id = fsp->file_id; 2035 2268 2036 lck = get_share_mode_lock(talloc_tos(), id, 2037 conn->connectpath, 2038 smb_fname, &old_write_time); 2039 2040 if (lck == NULL) { 2041 DEBUG(0, ("open_file_ntcreate: Could not get share " 2042 "mode lock for %s\n", 2043 smb_fname_str_dbg(smb_fname))); 2044 fd_close(fsp); 2269 if (!acquire_ordered_locks(talloc_tos(), 2270 fsp, 2271 id, 2272 conn->connectpath, 2273 smb_fname, 2274 &old_write_time, 2275 &lck, 2276 &br_lck)) { 2045 2277 return NT_STATUS_SHARING_VIOLATION; 2046 2278 } 2047 2279 2280 /* Get the types we need to examine. */ 2281 find_oplock_types(fsp, 2282 oplock_request, 2283 lck, 2284 &batch_entry, 2285 &exclusive_entry, 2286 &got_level2_oplock, 2287 &got_a_none_oplock); 2288 2048 2289 /* First pass - send break only on batch oplocks. */ 2049 if ((req != NULL) 2050 && delay_for_oplocks(lck, fsp, req->mid, 1, 2051 oplock_request)) { 2290 if ((req != NULL) && 2291 delay_for_batch_oplocks(fsp, 2292 req->mid, 2293 oplock_request, 2294 batch_entry)) { 2052 2295 schedule_defer_open(lck, request_time, req); 2053 2296 TALLOC_FREE(lck); … … 2056 2299 } 2057 2300 2058 status = open_mode_check(conn, lck, access_mask, share_access, 2301 status = open_mode_check(conn, lck, fsp->name_hash, 2302 access_mask, share_access, 2059 2303 create_options, &file_existed); 2060 2304 … … 2064 2308 /* Second pass - send break for both batch or 2065 2309 * exclusive oplocks. */ 2066 if ((req != NULL) 2067 && delay_for_oplocks(lck, fsp, req->mid, 2, 2068 oplock_request)) { 2310 if ((req != NULL) && 2311 delay_for_exclusive_oplocks( 2312 fsp, 2313 req->mid, 2314 oplock_request, 2315 exclusive_entry)) { 2069 2316 schedule_defer_open(lck, request_time, req); 2070 2317 TALLOC_FREE(lck); … … 2096 2343 return status; 2097 2344 } 2345 2346 grant_fsp_oplock_type(fsp, 2347 br_lck, 2348 oplock_request, 2349 got_level2_oplock, 2350 got_a_none_oplock); 2098 2351 2099 2352 /* … … 2146 2399 */ 2147 2400 2148 if (f lags2&O_TRUNC) {2401 if (file_existed && (flags2&O_TRUNC)) { 2149 2402 /* 2150 2403 * We are modifing the file after open - update the stat … … 2160 2413 } 2161 2414 2162 /* Record the options we were opened with. */2163 fsp->share_access = share_access;2164 fsp->fh->private_options = create_options;2165 2415 /* 2166 2416 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, 2417 * but we don't have to store this - just ignore it on access check. 2167 2418 */ 2168 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES; 2419 if (conn->sconn->using_smb2) { 2420 /* 2421 * SMB2 doesn't return it (according to Microsoft tests). 2422 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0 2423 * File created with access = 0x7 (Read, Write, Delete) 2424 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes) 2425 */ 2426 fsp->access_mask = access_mask; 2427 } else { 2428 /* But SMB1 does. */ 2429 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES; 2430 } 2169 2431 2170 2432 if (file_existed) { … … 2193 2455 2194 2456 if (!set_file_oplock(fsp, fsp->oplock_type)) { 2195 /* Could not get the kernel oplock */ 2457 /* 2458 * Could not get the kernel oplock or there are byte-range 2459 * locks on the file. 2460 */ 2196 2461 fsp->oplock_type = NO_OPLOCK; 2197 2462 } … … 2201 2466 } 2202 2467 2203 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, 2468 set_share_mode(lck, fsp, get_current_uid(conn), 2469 req ? req->mid : 0, 2204 2470 fsp->oplock_type); 2205 2471 … … 2227 2493 if (!posix_open) { 2228 2494 if (file_set_dosmode(conn, smb_fname, 2229 new_dos_attributes | aARCH,2495 new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE, 2230 2496 parent_dir, true) == 0) { 2231 2497 unx_mode = smb_fname->st.st_ex_mode; … … 2233 2499 } 2234 2500 } 2501 } 2502 2503 /* Determine sparse flag. */ 2504 if (posix_open) { 2505 /* POSIX opens are sparse by default. */ 2506 fsp->is_sparse = true; 2507 } else { 2508 fsp->is_sparse = (file_existed && 2509 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE)); 2235 2510 } 2236 2511 … … 2283 2558 * records. */ 2284 2559 if (req != NULL) { 2285 del_deferred_open_entry(lck, req->mid); 2560 del_deferred_open_entry(lck, req->mid, 2561 sconn_server_id(req->sconn)); 2286 2562 } 2287 2563 TALLOC_FREE(lck); … … 2316 2592 INTERNAL_OPEN_ONLY, /* oplock_request */ 2317 2593 0, /* allocation_size */ 2594 0, /* private_flags */ 2318 2595 NULL, /* sd */ 2319 2596 NULL, /* ea_list */ … … 2352 2629 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS); 2353 2630 } else { 2354 mode = unix_mode(conn, aDIR, smb_dname, parent_dir);2631 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir); 2355 2632 } 2356 2633 … … 2377 2654 if (!posix_open) { 2378 2655 file_set_dosmode(conn, smb_dname, 2379 file_attributes | aDIR,2656 file_attributes | FILE_ATTRIBUTE_DIRECTORY, 2380 2657 parent_dir, true); 2381 2658 } … … 2424 2701 2425 2702 return NT_STATUS_OK; 2703 } 2704 2705 /**************************************************************************** 2706 Ensure we didn't get symlink raced on opening a directory. 2707 ****************************************************************************/ 2708 2709 bool check_same_stat(const SMB_STRUCT_STAT *sbuf1, 2710 const SMB_STRUCT_STAT *sbuf2) 2711 { 2712 if (sbuf1->st_ex_uid != sbuf2->st_ex_uid || 2713 sbuf1->st_ex_gid != sbuf2->st_ex_gid || 2714 sbuf1->st_ex_dev != sbuf2->st_ex_dev || 2715 sbuf1->st_ex_ino != sbuf2->st_ex_ino) { 2716 return false; 2717 } 2718 return true; 2426 2719 } 2427 2720 … … 2471 2764 } 2472 2765 2473 status = calculate_access_mask(conn, smb_dname, dir_existed,2474 2766 status = smbd_calculate_access_mask(conn, smb_dname, dir_existed, 2767 access_mask, &access_mask); 2475 2768 if (!NT_STATUS_IS_OK(status)) { 2476 DEBUG(10, ("open_directory: calculate_access_mask "2769 DEBUG(10, ("open_directory: smbd_calculate_access_mask " 2477 2770 "on file %s returned %s\n", 2478 2771 smb_fname_str_dbg(smb_dname), … … 2482 2775 2483 2776 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) && 2484 !user_has_privileges(current_user.nt_user_token, &se_security)) { 2777 !security_token_has_privilege(get_current_nttok(conn), 2778 SEC_PRIV_SECURITY)) { 2485 2779 DEBUG(10, ("open_directory: open on %s " 2486 2780 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n", … … 2492 2786 case FILE_OPEN: 2493 2787 2788 if (!dir_existed) { 2789 return NT_STATUS_OBJECT_NAME_NOT_FOUND; 2790 } 2791 2494 2792 info = FILE_WAS_OPENED; 2495 2496 /*2497 * We want to follow symlinks here.2498 */2499 2500 if (SMB_VFS_STAT(conn, smb_dname) != 0) {2501 return map_nt_error_from_unix(errno);2502 }2503 2504 2793 break; 2505 2794 … … 2541 2830 status = NT_STATUS_OK; 2542 2831 } 2543 2544 2832 break; 2545 2833 … … 2601 2889 * Setup the files_struct for it. 2602 2890 */ 2603 2891 2604 2892 fsp->mode = smb_dname->st.st_ex_mode; 2605 2893 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st); … … 2611 2899 2612 2900 fsp->share_access = share_access; 2613 fsp->fh->private_options = create_options;2901 fsp->fh->private_options = 0; 2614 2902 /* 2615 2903 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, 2616 2904 */ 2617 2905 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES; 2618 fsp->print_file = False;2906 fsp->print_file = NULL; 2619 2907 fsp->modified = False; 2620 2908 fsp->oplock_type = NO_OPLOCK; … … 2624 2912 status = fsp_set_smb_fname(fsp, smb_dname); 2625 2913 if (!NT_STATUS_IS_OK(status)) { 2914 file_free(req, fsp); 2626 2915 return status; 2627 2916 } 2628 2917 2629 2918 mtimespec = smb_dname->st.st_ex_mtime; 2919 2920 #ifdef O_DIRECTORY 2921 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0); 2922 #else 2923 /* POSIX allows us to open a directory with O_RDONLY. */ 2924 status = fd_open(conn, fsp, O_RDONLY, 0); 2925 #endif 2926 if (!NT_STATUS_IS_OK(status)) { 2927 DEBUG(5, ("open_directory: Could not open fd for " 2928 "%s (%s)\n", 2929 smb_fname_str_dbg(smb_dname), 2930 nt_errstr(status))); 2931 file_free(req, fsp); 2932 return status; 2933 } 2934 2935 status = vfs_stat_fsp(fsp); 2936 if (!NT_STATUS_IS_OK(status)) { 2937 fd_close(fsp); 2938 file_free(req, fsp); 2939 return status; 2940 } 2941 2942 /* Ensure there was no race condition. */ 2943 if (!check_same_stat(&smb_dname->st, &fsp->fsp_name->st)) { 2944 DEBUG(5,("open_directory: stat struct differs for " 2945 "directory %s.\n", 2946 smb_fname_str_dbg(smb_dname))); 2947 fd_close(fsp); 2948 file_free(req, fsp); 2949 return NT_STATUS_ACCESS_DENIED; 2950 } 2630 2951 2631 2952 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, … … 2635 2956 DEBUG(0, ("open_directory: Could not get share mode lock for " 2636 2957 "%s\n", smb_fname_str_dbg(smb_dname))); 2958 fd_close(fsp); 2637 2959 file_free(req, fsp); 2638 2960 return NT_STATUS_SHARING_VIOLATION; 2639 2961 } 2640 2962 2641 status = open_mode_check(conn, lck, access_mask, share_access, 2963 status = open_mode_check(conn, lck, fsp->name_hash, 2964 access_mask, share_access, 2642 2965 create_options, &dir_existed); 2643 2966 2644 2967 if (!NT_STATUS_IS_OK(status)) { 2645 2968 TALLOC_FREE(lck); 2969 fd_close(fsp); 2646 2970 file_free(req, fsp); 2647 2971 return status; 2648 2972 } 2649 2973 2650 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK); 2974 set_share_mode(lck, fsp, get_current_uid(conn), 2975 req ? req->mid : 0, NO_OPLOCK); 2651 2976 2652 2977 /* For directories the delete on close bit at open time seems … … 2656 2981 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) { 2657 2982 TALLOC_FREE(lck); 2983 fd_close(fsp); 2658 2984 file_free(req, fsp); 2659 2985 return status; … … 2695 3021 0, /* oplock_request */ 2696 3022 0, /* allocation_size */ 3023 0, /* private_flags */ 2697 3024 NULL, /* sd */ 2698 3025 NULL, /* ea_list */ … … 2718 3045 DATA_BLOB *data) 2719 3046 { 3047 struct smbd_server_connection *sconn; 2720 3048 files_struct *fsp; 2721 3049 char *frm = (char *)data->data; … … 2728 3056 NTSTATUS status; 2729 3057 3058 sconn = msg_ctx_to_sconn(msg); 3059 if (sconn == NULL) { 3060 DEBUG(1, ("could not find sconn\n")); 3061 return; 3062 } 3063 2730 3064 if (data->data == NULL 2731 3065 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) { … … 2759 3093 file_id_string_tos(&id))); 2760 3094 2761 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) { 3095 for(fsp = file_find_di_first(sconn, id); fsp; 3096 fsp = file_find_di_next(fsp)) { 2762 3097 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) { 2763 3098 … … 2864 3199 FILE_SHARE_WRITE | FILE_SHARE_DELETE), 2865 3200 FILE_OPEN, /* create_disposition*/ 2866 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE,/* create_options */3201 0, /* create_options */ 2867 3202 FILE_ATTRIBUTE_NORMAL, /* file_attributes */ 2868 3203 0, /* oplock_request */ 2869 3204 0, /* allocation_size */ 3205 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */ 2870 3206 NULL, /* sd */ 2871 3207 NULL, /* ea_list */ … … 2917 3253 uint32_t oplock_request, 2918 3254 uint64_t allocation_size, 3255 uint32_t private_flags, 2919 3256 struct security_descriptor *sd, 2920 3257 struct ea_list *ea_list, … … 2931 3268 "file_attributes = 0x%x, share_access = 0x%x, " 2932 3269 "create_disposition = 0x%x create_options = 0x%x " 2933 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, " 3270 "oplock_request = 0x%x private_flags = 0x%x " 3271 "ea_list = 0x%p, sd = 0x%p, " 2934 3272 "fname = %s\n", 2935 3273 (unsigned int)access_mask, … … 2939 3277 (unsigned int)create_options, 2940 3278 (unsigned int)oplock_request, 3279 (unsigned int)private_flags, 2941 3280 ea_list, sd, smb_fname_str_dbg(smb_fname))); 2942 3281 … … 2990 3329 2991 3330 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) && 2992 !user_has_privileges(current_user.nt_user_token, &se_security)) { 2993 DEBUG(10, ("create_file_unixpath:: open on %s " 3331 !security_token_has_privilege(get_current_nttok(conn), 3332 SEC_PRIV_SECURITY)) { 3333 DEBUG(10, ("create_file_unixpath: open on %s " 2994 3334 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n", 2995 3335 smb_fname_str_dbg(smb_fname))); … … 3000 3340 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) 3001 3341 && is_ntfs_stream_smb_fname(smb_fname) 3002 && (!( create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {3342 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) { 3003 3343 uint32 base_create_disposition; 3004 3344 struct smb_filename *smb_fname_base = NULL; … … 3038 3378 | FILE_SHARE_DELETE, 3039 3379 base_create_disposition, 3040 0, 0, 0, 0, NULL, NULL,3380 0, 0, 0, 0, 0, NULL, NULL, 3041 3381 &base_fsp, NULL); 3042 3382 TALLOC_FREE(smb_fname_base); … … 3113 3453 file_attributes, 3114 3454 oplock_request, 3455 private_flags, 3115 3456 &info, 3116 3457 fsp); … … 3180 3521 security_acl_map_generic(sd->sacl, &file_generic_mapping); 3181 3522 3182 if (sec_info_sent & ( OWNER_SECURITY_INFORMATION|3183 GROUP_SECURITY_INFORMATION|3184 DACL_SECURITY_INFORMATION|3185 S ACL_SECURITY_INFORMATION)) {3523 if (sec_info_sent & (SECINFO_OWNER| 3524 SECINFO_GROUP| 3525 SECINFO_DACL| 3526 SECINFO_SACL)) { 3186 3527 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd); 3187 3528 } … … 3376 3717 out: 3377 3718 TALLOC_FREE(parent_fname); 3719 TALLOC_FREE(new_base_name); 3378 3720 return status; 3379 3721 } … … 3390 3732 uint32_t oplock_request, 3391 3733 uint64_t allocation_size, 3734 uint32_t private_flags, 3392 3735 struct security_descriptor *sd, 3393 3736 struct ea_list *ea_list, … … 3398 3741 files_struct *fsp = NULL; 3399 3742 NTSTATUS status; 3743 bool stream_name = false; 3400 3744 3401 3745 DEBUG(10,("create_file: access_mask = 0x%x " … … 3403 3747 "create_disposition = 0x%x create_options = 0x%x " 3404 3748 "oplock_request = 0x%x " 3749 "private_flags = 0x%x " 3405 3750 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, " 3406 3751 "fname = %s\n", … … 3411 3756 (unsigned int)create_options, 3412 3757 (unsigned int)oplock_request, 3758 (unsigned int)private_flags, 3413 3759 (unsigned int)root_dir_fid, 3414 3760 ea_list, sd, smb_fname_str_dbg(smb_fname))); … … 3432 3778 */ 3433 3779 3434 if (is_ntfs_stream_smb_fname(smb_fname)) { 3780 stream_name = is_ntfs_stream_smb_fname(smb_fname); 3781 if (stream_name) { 3435 3782 enum FAKE_FILE_TYPE fake_file_type; 3436 3783 … … 3474 3821 } 3475 3822 3823 if (stream_name && is_ntfs_default_stream_smb_fname(smb_fname)) { 3824 int ret; 3825 smb_fname->stream_name = NULL; 3826 /* We have to handle this error here. */ 3827 if (create_options & FILE_DIRECTORY_FILE) { 3828 status = NT_STATUS_NOT_A_DIRECTORY; 3829 goto fail; 3830 } 3831 if (lp_posix_pathnames()) { 3832 ret = SMB_VFS_LSTAT(conn, smb_fname); 3833 } else { 3834 ret = SMB_VFS_STAT(conn, smb_fname); 3835 } 3836 3837 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) { 3838 status = NT_STATUS_FILE_IS_A_DIRECTORY; 3839 goto fail; 3840 } 3841 } 3842 3476 3843 status = create_file_unixpath( 3477 3844 conn, req, smb_fname, access_mask, share_access, 3478 3845 create_disposition, create_options, file_attributes, 3479 oplock_request, allocation_size, sd, ea_list, 3846 oplock_request, allocation_size, private_flags, 3847 sd, ea_list, 3480 3848 &fsp, &info); 3481 3849
Note:
See TracChangeset
for help on using the changeset viewer.
