NTSTATUS set_create_timespec_ea(connection_struct *conn,
const struct smb_filename *psmb_fname,
struct timespec create_time)
{
struct smb_filename *smb_fname;
uint32_t dosmode;
int ret;
if (!lp_store_dos_attributes(SNUM(conn))) {
return NT_STATUS_OK;
}
smb_fname = synthetic_smb_fname(talloc_tos(), psmb_fname->base_name,
NULL, &psmb_fname->st);
if (smb_fname == NULL) {
return NT_STATUS_NO_MEMORY;
}
dosmode = dos_mode(conn, smb_fname);
smb_fname->st.st_ex_btime = create_time;
ret = file_set_dosmode(conn, smb_fname, dosmode, NULL, false);
if (ret == -1) {
map_nt_error_from_unix(errno);
}
DEBUG(10,("set_create_timespec_ea: wrote create time EA for file %s\n",
smb_fname_str_dbg(smb_fname)));
return NT_STATUS_OK;
}
static int xattr_tdb_get_file_id(struct vfs_handle_struct *handle,
const char *path, struct file_id *id)
{
int ret;
TALLOC_CTX *frame = talloc_stackframe();
struct smb_filename *smb_fname;
smb_fname = synthetic_smb_fname(frame, path, NULL, NULL, 0);
if (smb_fname == NULL) {
TALLOC_FREE(frame);
errno = ENOMEM;
return -1;
}
ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
if (ret == -1) {
TALLOC_FREE(frame);
return -1;
}
*id = SMB_VFS_NEXT_FILE_ID_CREATE(handle, &smb_fname->st);
TALLOC_FREE(frame);
return 0;
}
/**
* XXX: This is temporary and there should be no callers of this once
* smb_filename is plumbed through all path based operations.
*/
struct smb_filename *synthetic_smb_fname_split(TALLOC_CTX *ctx,
const char *fname,
const SMB_STRUCT_STAT *psbuf)
{
const char *stream_name = NULL;
char *base_name = NULL;
struct smb_filename *ret;
if (!lp_posix_pathnames()) {
stream_name = strchr_m(fname, ':');
}
/* Setup the base_name/stream_name. */
if (stream_name) {
base_name = talloc_strndup(ctx, fname,
PTR_DIFF(stream_name, fname));
} else {
base_name = talloc_strdup(ctx, fname);
}
if (!base_name) {
return NULL;
}
ret = synthetic_smb_fname(ctx, base_name, stream_name, psbuf);
TALLOC_FREE(base_name);
return ret;
}
static int fake_acls_sys_acl_delete_def_file(vfs_handle_struct *handle, const char *path)
{
int ret;
const char *name = FAKE_ACL_DEFAULT_XATTR;
TALLOC_CTX *frame = talloc_stackframe();
struct smb_filename *smb_fname;
smb_fname = synthetic_smb_fname(frame, path, NULL, NULL);
if (smb_fname == NULL) {
TALLOC_FREE(frame);
errno = ENOMEM;
return -1;
}
ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
if (ret == -1) {
TALLOC_FREE(frame);
return -1;
}
if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
errno = EINVAL;
TALLOC_FREE(frame);
return -1;
}
ret = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
if (ret == -1 && errno == ENOATTR) {
ret = 0;
errno = 0;
}
TALLOC_FREE(frame);
return ret;
}
NTSTATUS file_new(struct smb_request *req, connection_struct *conn,
files_struct **result)
{
struct smbd_server_connection *sconn = conn->sconn;
files_struct *fsp;
NTSTATUS status;
status = fsp_new(conn, conn, &fsp);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
GetTimeOfDay(&fsp->open_time);
if (sconn->conn) {
struct smbXsrv_open *op = NULL;
NTTIME now = timeval_to_nttime(&fsp->open_time);
status = smbXsrv_open_create(sconn->conn,
conn->session_info,
now, &op);
if (!NT_STATUS_IS_OK(status)) {
file_free(NULL, fsp);
return status;
}
fsp->op = op;
op->compat = fsp;
fsp->fnum = op->local_id;
fsp->fh->gen_id = smbXsrv_open_hash(op);
}
/*
* Create an smb_filename with "" for the base_name. There are very
* few NULL checks, so make sure it's initialized with something. to
* be safe until an audit can be done.
*/
fsp->fsp_name = synthetic_smb_fname(fsp, "", NULL, NULL);
if (fsp->fsp_name == NULL) {
file_free(NULL, fsp);
return NT_STATUS_NO_MEMORY;
}
DEBUG(5,("allocated file structure %s (%u used)\n",
fsp_fnum_dbg(fsp), (unsigned int)sconn->num_files));
if (req != NULL) {
fsp->mid = req->mid;
req->chain_fsp = fsp;
}
/* A new fsp invalidates the positive and
negative fsp_fi_cache as the new fsp is pushed
at the start of the list and we search from
a cache hit to the *end* of the list. */
ZERO_STRUCT(sconn->fsp_fi_cache);
*result = fsp;
return NT_STATUS_OK;
}
static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp,
SMB_STRUCT_STAT *sbuf)
{
struct smb_filename *smb_fname_base = NULL;
int ret = -1;
struct stream_io *io = (struct stream_io *)
VFS_FETCH_FSP_EXTENSION(handle, fsp);
if (io == NULL || fsp->base_fsp == NULL) {
return SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
}
DBG_DEBUG("streams_xattr_fstat called for %s\n", fsp_str_dbg(io->fsp));
if (!streams_xattr_recheck(io)) {
return -1;
}
/* Create an smb_filename with stream_name == NULL. */
smb_fname_base = synthetic_smb_fname(talloc_tos(),
io->base,
NULL,
NULL,
fsp->fsp_name->flags);
if (smb_fname_base == NULL) {
errno = ENOMEM;
return -1;
}
if (smb_fname_base->flags & SMB_FILENAME_POSIX_PATH) {
ret = SMB_VFS_LSTAT(handle->conn, smb_fname_base);
} else {
ret = SMB_VFS_STAT(handle->conn, smb_fname_base);
}
*sbuf = smb_fname_base->st;
if (ret == -1) {
TALLOC_FREE(smb_fname_base);
return -1;
}
sbuf->st_ex_size = get_xattr_size(handle->conn,
smb_fname_base, io->xattr_name);
if (sbuf->st_ex_size == -1) {
TALLOC_FREE(smb_fname_base);
SET_STAT_INVALID(*sbuf);
return -1;
}
DEBUG(10, ("sbuf->st_ex_size = %d\n", (int)sbuf->st_ex_size));
sbuf->st_ex_ino = stream_inode(sbuf, io->xattr_name);
sbuf->st_ex_mode &= ~S_IFMT;
sbuf->st_ex_mode &= ~S_IFDIR;
sbuf->st_ex_mode |= S_IFREG;
sbuf->st_ex_blocks = sbuf->st_ex_size / STAT_ST_BLOCKSIZE + 1;
TALLOC_FREE(smb_fname_base);
return 0;
}
static ssize_t streams_xattr_pread(vfs_handle_struct *handle,
files_struct *fsp, void *data,
size_t n, off_t offset)
{
struct stream_io *sio =
(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
struct ea_struct ea;
NTSTATUS status;
size_t length, overlap;
struct smb_filename *smb_fname_base = NULL;
DEBUG(10, ("streams_xattr_pread: offset=%d, size=%d\n",
(int)offset, (int)n));
if (sio == NULL) {
return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
}
if (!streams_xattr_recheck(sio)) {
return -1;
}
/* Create an smb_filename with stream_name == NULL. */
smb_fname_base = synthetic_smb_fname(talloc_tos(),
sio->base,
NULL,
NULL,
fsp->fsp_name->flags);
if (smb_fname_base == NULL) {
errno = ENOMEM;
return -1;
}
status = get_ea_value(talloc_tos(), handle->conn, NULL,
smb_fname_base, sio->xattr_name, &ea);
if (!NT_STATUS_IS_OK(status)) {
return -1;
}
length = ea.value.length-1;
DEBUG(10, ("streams_xattr_pread: get_ea_value returned %d bytes\n",
(int)length));
/* Attempt to read past EOF. */
if (length <= offset) {
return 0;
}
overlap = (offset + n) > length ? (length - offset) : n;
memcpy(data, ea.value.data + offset, overlap);
TALLOC_FREE(ea.value.data);
return overlap;
}
/* test if system path exists */
static bool snap_path_exists(TALLOC_CTX *ctx, struct messaging_context *msg_ctx,
struct fss_sc *sc)
{
SMB_STRUCT_STAT st;
struct connection_struct *conn = NULL;
struct smb_filename *smb_fname = NULL;
char *service = NULL;
char *share;
int snum;
int ret;
NTSTATUS status;
bool result = false;
ZERO_STRUCT(st);
if ((sc->smaps_count == 0) || (sc->sc_path == NULL)) {
goto out;
}
share = sc->smaps->share_name;
snum = find_service(ctx, share, &service);
if ((snum == -1) || (service == NULL)) {
goto out;
}
status = fss_vfs_conn_create(ctx, server_event_context(),
msg_ctx, NULL, snum, &conn);
if(!NT_STATUS_IS_OK(status)) {
goto out;
}
smb_fname = synthetic_smb_fname(service, sc->sc_path, NULL, NULL);
if (smb_fname == NULL) {
goto out;
}
ret = SMB_VFS_STAT(conn, smb_fname);
if ((ret == -1) && (errno == ENOENT)) {
goto out;
}
result = true;
out:
if (conn) {
fss_vfs_conn_destroy(conn);
}
TALLOC_FREE(service);
return result;
}
NTSTATUS open_np_file(struct smb_request *smb_req, const char *name,
struct files_struct **pfsp)
{
struct connection_struct *conn = smb_req->conn;
struct files_struct *fsp;
struct smb_filename *smb_fname = NULL;
NTSTATUS status;
status = file_new(smb_req, conn, &fsp);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("file_new failed: %s\n", nt_errstr(status)));
return status;
}
fsp->conn = conn;
fsp->fh->fd = -1;
fsp->vuid = smb_req->vuid;
fsp->can_lock = false;
fsp->access_mask = FILE_READ_DATA | FILE_WRITE_DATA;
smb_fname = synthetic_smb_fname(talloc_tos(), name, NULL, NULL, 0);
if (smb_fname == NULL) {
file_free(smb_req, fsp);
return NT_STATUS_NO_MEMORY;
}
status = fsp_set_smb_fname(fsp, smb_fname);
TALLOC_FREE(smb_fname);
if (!NT_STATUS_IS_OK(status)) {
file_free(smb_req, fsp);
return status;
}
status = np_open(fsp, name,
conn->sconn->local_address,
conn->sconn->remote_address,
conn->session_info,
conn->sconn->ev_ctx,
conn->sconn->msg_ctx,
&fsp->fake_file_handle);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("np_open(%s) returned %s\n", name,
nt_errstr(status)));
file_free(smb_req, fsp);
return status;
}
*pfsp = fsp;
return NT_STATUS_OK;
}
static DIR *dirsort_opendir(vfs_handle_struct *handle,
const char *fname, const char *mask,
uint32 attr)
{
struct dirsort_privates *list_head = NULL;
struct dirsort_privates *data = NULL;
if (SMB_VFS_HANDLE_TEST_DATA(handle)) {
/* Find the list head of all open directories. */
SMB_VFS_HANDLE_GET_DATA(handle, list_head, struct dirsort_privates,
return NULL);
}
/* set up our private data about this directory */
data = talloc_zero(handle->conn, struct dirsort_privates);
if (!data) {
return NULL;
}
data->smb_fname = synthetic_smb_fname(data, fname, NULL, NULL);
if (data->smb_fname == NULL) {
TALLOC_FREE(data);
return NULL;
}
/* Open the underlying directory and count the number of entries */
data->source_directory = SMB_VFS_NEXT_OPENDIR(handle, fname, mask,
attr);
if (data->source_directory == NULL) {
TALLOC_FREE(data);
return NULL;
}
if (!open_and_sort_dir(handle, data)) {
SMB_VFS_NEXT_CLOSEDIR(handle,data->source_directory);
TALLOC_FREE(data);
return NULL;
}
/* Add to the private list of all open directories. */
DLIST_ADD(list_head, data);
SMB_VFS_HANDLE_SET_DATA(handle, list_head, NULL,
struct dirsort_privates, return NULL);
return data->source_directory;
}
static DIR *dirsort_opendir(vfs_handle_struct *handle,
const char *fname, const char *mask,
uint32 attr)
{
struct dirsort_privates *data = NULL;
/* set up our private data about this directory */
data = talloc_zero(handle->conn, struct dirsort_privates);
if (!data) {
return NULL;
}
data->smb_fname = synthetic_smb_fname(data, fname, NULL, NULL);
if (data->smb_fname == NULL) {
TALLOC_FREE(data);
return NULL;
}
/* Open the underlying directory and count the number of entries */
data->source_directory = SMB_VFS_NEXT_OPENDIR(handle, fname, mask,
attr);
if (data->source_directory == NULL) {
TALLOC_FREE(data);
return NULL;
}
if (!open_and_sort_dir(handle, data)) {
SMB_VFS_NEXT_CLOSEDIR(handle,data->source_directory);
TALLOC_FREE(data);
return NULL;
}
SMB_VFS_HANDLE_SET_DATA(handle, data, free_dirsort_privates,
struct dirsort_privates, return NULL);
return data->source_directory;
}
static NTSTATUS make_connection_snum(struct smbXsrv_connection *xconn,
connection_struct *conn,
int snum, struct user_struct *vuser,
const char *pdev)
{
struct smbd_server_connection *sconn = xconn->client->sconn;
struct smb_filename *smb_fname_cpath = NULL;
fstring dev;
int ret;
bool on_err_call_dis_hook = false;
uid_t effuid;
gid_t effgid;
NTSTATUS status;
fstrcpy(dev, pdev);
status = share_sanity_checks(sconn->remote_address,
sconn->remote_hostname,
snum,
dev);
if (NT_STATUS_IS_ERR(status)) {
goto err_root_exit;
}
conn->params->service = snum;
status = create_connection_session_info(sconn,
conn, snum, vuser->session_info,
&conn->session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("create_connection_session_info failed: %s\n",
nt_errstr(status)));
goto err_root_exit;
}
if (lp_guest_only(snum)) {
conn->force_user = true;
}
conn->num_files_open = 0;
conn->lastused = conn->lastused_count = time(NULL);
conn->printer = (strncmp(dev,"LPT",3) == 0);
conn->ipc = ( (strncmp(dev,"IPC",3) == 0) ||
( lp_enable_asu_support() && strequal(dev,"ADMIN$")) );
/* Case options for the share. */
if (lp_case_sensitive(snum) == Auto) {
/* We will be setting this per packet. Set to be case
* insensitive for now. */
conn->case_sensitive = False;
} else {
conn->case_sensitive = (bool)lp_case_sensitive(snum);
}
conn->case_preserve = lp_preserve_case(snum);
conn->short_case_preserve = lp_short_preserve_case(snum);
conn->encrypt_level = lp_smb_encrypt(snum);
conn->veto_list = NULL;
conn->hide_list = NULL;
conn->veto_oplock_list = NULL;
conn->aio_write_behind_list = NULL;
conn->read_only = lp_read_only(SNUM(conn));
status = set_conn_force_user_group(conn, snum);
if (!NT_STATUS_IS_OK(status)) {
goto err_root_exit;
}
conn->vuid = vuser->vuid;
{
char *s = talloc_sub_advanced(talloc_tos(),
lp_servicename(talloc_tos(), SNUM(conn)),
conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
conn->session_info->info->domain_name,
lp_path(talloc_tos(), snum));
if (!s) {
status = NT_STATUS_NO_MEMORY;
goto err_root_exit;
}
if (!set_conn_connectpath(conn,s)) {
TALLOC_FREE(s);
status = NT_STATUS_NO_MEMORY;
goto err_root_exit;
}
DEBUG(3,("Connect path is '%s' for service [%s]\n",s,
lp_servicename(talloc_tos(), snum)));
TALLOC_FREE(s);
}
/*
* Set up the share security descriptor.
* NOTE - we use the *INCOMING USER* session_info
* here, as does (indirectly) change_to_user(),
* which can be called on any incoming packet.
* This way we set up the share access based
* on the authenticated user, not the forced
* user. See bug:
*
* https://bugzilla.samba.org/show_bug.cgi?id=9878
*/
status = check_user_share_access(conn,
vuser->session_info,
&conn->share_access,
&conn->read_only);
if (!NT_STATUS_IS_OK(status)) {
goto err_root_exit;
}
/* Initialise VFS function pointers */
if (!smbd_vfs_init(conn)) {
DEBUG(0, ("vfs_init failed for service %s\n",
lp_servicename(talloc_tos(), snum)));
status = NT_STATUS_BAD_NETWORK_NAME;
goto err_root_exit;
}
/* ROOT Activities: */
/* explicitly check widelinks here so that we can correctly warn
* in the logs. */
widelinks_warning(snum);
/*
* Enforce the max connections parameter.
*/
if ((lp_max_connections(snum) > 0)
&& (count_current_connections(lp_servicename(talloc_tos(), SNUM(conn)), True) >=
lp_max_connections(snum))) {
DEBUG(1, ("Max connections (%d) exceeded for %s\n",
lp_max_connections(snum),
lp_servicename(talloc_tos(), snum)));
status = NT_STATUS_INSUFFICIENT_RESOURCES;
goto err_root_exit;
}
/* Invoke VFS make connection hook - this must be the first
filesystem operation that we do. */
if (SMB_VFS_CONNECT(conn, lp_servicename(talloc_tos(), snum),
conn->session_info->unix_info->unix_name) < 0) {
DBG_WARNING("SMB_VFS_CONNECT for service '%s' at '%s' failed: %s\n",
lp_servicename(talloc_tos(), snum), conn->connectpath,
strerror(errno));
status = NT_STATUS_UNSUCCESSFUL;
goto err_root_exit;
}
/* Any error exit after here needs to call the disconnect hook. */
on_err_call_dis_hook = true;
if ((!conn->printer) && (!conn->ipc) &&
lp_change_notify()) {
if (sconn->notify_ctx == NULL) {
sconn->notify_ctx = notify_init(
sconn, sconn->msg_ctx, sconn->ev_ctx);
status = messaging_register(
sconn->msg_ctx, sconn,
MSG_SMB_NOTIFY_CANCEL_DELETED,
smbd_notify_cancel_deleted);
}
if (sconn->sys_notify_ctx == NULL) {
sconn->sys_notify_ctx = sys_notify_context_create(
sconn, sconn->ev_ctx);
}
}
if (lp_kernel_oplocks(snum)) {
init_kernel_oplocks(conn->sconn);
}
/*
* Fix compatibility issue pointed out by Volker.
* We pass the conn->connectpath to the preexec
* scripts as a parameter, so attempt to canonicalize
* it here before calling the preexec scripts.
* We ignore errors here, as it is possible that
* the conn->connectpath doesn't exist yet and
* the preexec scripts will create them.
*/
(void)canonicalize_connect_path(conn);
/* Preexecs are done here as they might make the dir we are to ChDir
* to below */
/* execute any "root preexec = " line */
if (*lp_root_preexec(talloc_tos(), snum)) {
char *cmd = talloc_sub_advanced(talloc_tos(),
lp_servicename(talloc_tos(), SNUM(conn)),
conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
conn->session_info->info->domain_name,
lp_root_preexec(talloc_tos(), snum));
DEBUG(5,("cmd=%s\n",cmd));
ret = smbrun(cmd,NULL);
TALLOC_FREE(cmd);
if (ret != 0 && lp_root_preexec_close(snum)) {
DEBUG(1,("root preexec gave %d - failing "
"connection\n", ret));
status = NT_STATUS_ACCESS_DENIED;
goto err_root_exit;
}
}
/* USER Activites: */
if (!change_to_user(conn, conn->vuid)) {
/* No point continuing if they fail the basic checks */
DEBUG(0,("Can't become connected user!\n"));
status = NT_STATUS_LOGON_FAILURE;
goto err_root_exit;
}
effuid = geteuid();
effgid = getegid();
/* Remember that a different vuid can connect later without these
* checks... */
/* Preexecs are done here as they might make the dir we are to ChDir
* to below */
/* execute any "preexec = " line */
if (*lp_preexec(talloc_tos(), snum)) {
char *cmd = talloc_sub_advanced(talloc_tos(),
lp_servicename(talloc_tos(), SNUM(conn)),
conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
conn->session_info->info->domain_name,
lp_preexec(talloc_tos(), snum));
ret = smbrun(cmd,NULL);
TALLOC_FREE(cmd);
if (ret != 0 && lp_preexec_close(snum)) {
DEBUG(1,("preexec gave %d - failing connection\n",
ret));
status = NT_STATUS_ACCESS_DENIED;
goto err_root_exit;
}
}
#ifdef WITH_FAKE_KASERVER
if (lp_afs_share(snum)) {
afs_login(conn);
}
#endif
/*
* we've finished with the user stuff - go back to root
* so the SMB_VFS_STAT call will only fail on path errors,
* not permission problems.
*/
change_to_root_user();
/* ROOT Activites: */
/*
* If widelinks are disallowed we need to canonicalise the connect
* path here to ensure we don't have any symlinks in the
* connectpath. We will be checking all paths on this connection are
* below this directory. We must do this after the VFS init as we
* depend on the realpath() pointer in the vfs table. JRA.
*/
if (!lp_widelinks(snum)) {
if (!canonicalize_connect_path(conn)) {
DEBUG(0, ("canonicalize_connect_path failed "
"for service %s, path %s\n",
lp_servicename(talloc_tos(), snum),
conn->connectpath));
status = NT_STATUS_BAD_NETWORK_NAME;
goto err_root_exit;
}
}
/* Add veto/hide lists */
if (!IS_IPC(conn) && !IS_PRINT(conn)) {
set_namearray( &conn->veto_list,
lp_veto_files(talloc_tos(), snum));
set_namearray( &conn->hide_list,
lp_hide_files(talloc_tos(), snum));
set_namearray( &conn->veto_oplock_list,
lp_veto_oplock_files(talloc_tos(), snum));
set_namearray( &conn->aio_write_behind_list,
lp_aio_write_behind(talloc_tos(), snum));
}
smb_fname_cpath = synthetic_smb_fname(talloc_tos(), conn->connectpath,
NULL, NULL);
if (smb_fname_cpath == NULL) {
status = NT_STATUS_NO_MEMORY;
goto err_root_exit;
}
/* win2000 does not check the permissions on the directory
during the tree connect, instead relying on permission
check during individual operations. To match this behaviour
I have disabled this chdir check (tridge) */
/* the alternative is just to check the directory exists */
if ((ret = SMB_VFS_STAT(conn, smb_fname_cpath)) != 0 ||
!S_ISDIR(smb_fname_cpath->st.st_ex_mode)) {
if (ret == 0 && !S_ISDIR(smb_fname_cpath->st.st_ex_mode)) {
DEBUG(0,("'%s' is not a directory, when connecting to "
"[%s]\n", conn->connectpath,
lp_servicename(talloc_tos(), snum)));
} else {
DEBUG(0,("'%s' does not exist or permission denied "
"when connecting to [%s] Error was %s\n",
conn->connectpath,
lp_servicename(talloc_tos(), snum),
strerror(errno) ));
}
status = NT_STATUS_BAD_NETWORK_NAME;
goto err_root_exit;
}
conn->base_share_dev = smb_fname_cpath->st.st_ex_dev;
talloc_free(conn->origpath);
conn->origpath = talloc_strdup(conn, conn->connectpath);
/* Figure out the characteristics of the underlying filesystem. This
* assumes that all the filesystem mounted withing a share path have
* the same characteristics, which is likely but not guaranteed.
*/
conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn, &conn->ts_res);
/*
* Print out the 'connected as' stuff here as we need
* to know the effective uid and gid we will be using
* (at least initially).
*/
if( DEBUGLVL( IS_IPC(conn) ? 3 : 2 ) ) {
dbgtext( "%s (%s) ", get_remote_machine_name(),
tsocket_address_string(conn->sconn->remote_address,
talloc_tos()) );
dbgtext( "%s", srv_is_signing_active(xconn) ? "signed " : "");
dbgtext( "connect to service %s ",
lp_servicename(talloc_tos(), snum) );
dbgtext( "initially as user %s ",
conn->session_info->unix_info->unix_name );
dbgtext( "(uid=%d, gid=%d) ", (int)effuid, (int)effgid );
dbgtext( "(pid %d)\n", (int)getpid() );
}
return status;
err_root_exit:
TALLOC_FREE(smb_fname_cpath);
/* We must exit this function as root. */
if (geteuid() != 0) {
change_to_root_user();
}
if (on_err_call_dis_hook) {
/* Call VFS disconnect hook */
SMB_VFS_DISCONNECT(conn);
}
return status;
}
static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp)
{
connection_struct *conn = fsp->conn;
struct smb_filename *smb_dname = fsp->fsp_name;
int ret;
SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
/* Might be a symlink. */
if(SMB_VFS_LSTAT(conn, smb_dname) != 0) {
return map_nt_error_from_unix(errno);
}
if (S_ISLNK(smb_dname->st.st_ex_mode)) {
/* Is what it points to a directory ? */
if(SMB_VFS_STAT(conn, smb_dname) != 0) {
return map_nt_error_from_unix(errno);
}
if (!(S_ISDIR(smb_dname->st.st_ex_mode))) {
return NT_STATUS_NOT_A_DIRECTORY;
}
ret = SMB_VFS_UNLINK(conn, smb_dname);
} else {
ret = SMB_VFS_RMDIR(conn, smb_dname->base_name);
}
if (ret == 0) {
notify_fname(conn, NOTIFY_ACTION_REMOVED,
FILE_NOTIFY_CHANGE_DIR_NAME,
smb_dname->base_name);
return NT_STATUS_OK;
}
if(((errno == ENOTEMPTY)||(errno == EEXIST)) && *lp_veto_files(talloc_tos(), SNUM(conn))) {
/*
* Check to see if the only thing in this directory are
* vetoed files/directories. If so then delete them and
* retry. If we fail to delete any of them (and we *don't*
* do a recursive delete) then fail the rmdir.
*/
SMB_STRUCT_STAT st;
const char *dname = NULL;
char *talloced = NULL;
long dirpos = 0;
struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
smb_dname->base_name, NULL,
0);
if(dir_hnd == NULL) {
errno = ENOTEMPTY;
goto err;
}
while ((dname = ReadDirName(dir_hnd, &dirpos, &st,
&talloced)) != NULL) {
if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0)) {
TALLOC_FREE(talloced);
continue;
}
if (!is_visible_file(conn, smb_dname->base_name, dname,
&st, false)) {
TALLOC_FREE(talloced);
continue;
}
if(!IS_VETO_PATH(conn, dname)) {
TALLOC_FREE(dir_hnd);
TALLOC_FREE(talloced);
errno = ENOTEMPTY;
goto err;
}
TALLOC_FREE(talloced);
}
/* We only have veto files/directories.
* Are we allowed to delete them ? */
if(!lp_delete_veto_files(SNUM(conn))) {
TALLOC_FREE(dir_hnd);
errno = ENOTEMPTY;
goto err;
}
/* Do a recursive delete. */
RewindDir(dir_hnd,&dirpos);
while ((dname = ReadDirName(dir_hnd, &dirpos, &st,
&talloced)) != NULL) {
struct smb_filename *smb_dname_full = NULL;
char *fullname = NULL;
bool do_break = true;
if (ISDOT(dname) || ISDOTDOT(dname)) {
TALLOC_FREE(talloced);
continue;
}
if (!is_visible_file(conn, smb_dname->base_name, dname,
&st, false)) {
TALLOC_FREE(talloced);
continue;
}
fullname = talloc_asprintf(ctx,
"%s/%s",
smb_dname->base_name,
dname);
if(!fullname) {
errno = ENOMEM;
goto err_break;
}
smb_dname_full = synthetic_smb_fname(
talloc_tos(), fullname, NULL, NULL);
if (smb_dname_full == NULL) {
errno = ENOMEM;
goto err_break;
}
if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
goto err_break;
}
if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
if(!recursive_rmdir(ctx, conn,
smb_dname_full)) {
goto err_break;
}
if(SMB_VFS_RMDIR(conn,
smb_dname_full->base_name) != 0) {
goto err_break;
}
} else if(SMB_VFS_UNLINK(conn, smb_dname_full) != 0) {
goto err_break;
}
/* Successful iteration. */
do_break = false;
err_break:
TALLOC_FREE(fullname);
TALLOC_FREE(smb_dname_full);
TALLOC_FREE(talloced);
if (do_break)
break;
}
TALLOC_FREE(dir_hnd);
/* Retry the rmdir */
ret = SMB_VFS_RMDIR(conn, smb_dname->base_name);
}
err:
if (ret != 0) {
DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
"%s\n", smb_fname_str_dbg(smb_dname),
strerror(errno)));
return map_nt_error_from_unix(errno);
}
notify_fname(conn, NOTIFY_ACTION_REMOVED,
FILE_NOTIFY_CHANGE_DIR_NAME,
smb_dname->base_name);
return NT_STATUS_OK;
}
int hpuxacl_sys_acl_set_file(vfs_handle_struct *handle,
const char *name,
SMB_ACL_TYPE_T type,
SMB_ACL_T theacl)
{
int ret = -1;
HPUX_ACL_T hpux_acl = NULL;
int count;
struct smb_filename *smb_fname = NULL;
NTSTATUS status;
DEBUG(10, ("hpuxacl_sys_acl_set_file called for file '%s'\n",
name));
smb_fname = synthetic_smb_fname(talloc_tos(), name, NULL, NULL);
if (smb_fname == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
if(hpux_acl_call_present() == False) {
/* Looks like we don't have the acl() system call on HPUX.
* May be the system doesn't have the latest version of JFS.
*/
goto done;
}
if ((type != SMB_ACL_TYPE_ACCESS) && (type != SMB_ACL_TYPE_DEFAULT)) {
errno = EINVAL;
DEBUG(10, ("invalid smb acl type given (%d).\n", type));
goto done;
}
DEBUGADD(10, ("setting %s acl\n",
((type == SMB_ACL_TYPE_ACCESS) ? "access" : "default")));
if(!smb_acl_to_hpux_acl(theacl, &hpux_acl, &count, type)) {
DEBUG(10, ("conversion smb_acl -> hpux_acl failed (%s).\n",
strerror(errno)));
goto done;
}
/*
* if the file is a directory, there is extra work to do:
* since the hpux acl call stores both the access acl and
* the default acl as provided, we have to get the acl part
* that has _not_ been specified in "type" from the file first
* and concatenate it with the acl provided.
*/
if (lp_posix_pathnames()) {
ret = SMB_VFS_LSTAT(handle->conn, smb_fname);
} else {
ret = SMB_VFS_STAT(handle->conn, smb_fname);
}
if (ret != 0) {
DEBUG(10, ("Error in stat call: %s\n", strerror(errno)));
goto done;
}
if (S_ISDIR(smb_fname->st.st_ex_mode)) {
HPUX_ACL_T other_acl;
int other_count;
SMB_ACL_TYPE_T other_type;
other_type = (type == SMB_ACL_TYPE_ACCESS)
? SMB_ACL_TYPE_DEFAULT
: SMB_ACL_TYPE_ACCESS;
DEBUGADD(10, ("getting acl from filesystem\n"));
if (!hpux_acl_get_file(smb_fname->base_name, &other_acl,
&other_count)) {
DEBUG(10, ("error getting acl from directory\n"));
goto done;
}
DEBUG(10, ("adding %s part of fs acl to given acl\n",
((other_type == SMB_ACL_TYPE_ACCESS)
? "access"
: "default")));
if (!hpux_add_to_acl(&hpux_acl, &count, other_acl,
other_count, other_type))
{
DEBUG(10, ("error adding other acl.\n"));
SAFE_FREE(other_acl);
goto done;
}
SAFE_FREE(other_acl);
}
else if (type != SMB_ACL_TYPE_ACCESS) {
errno = EINVAL;
goto done;
}
if (!hpux_acl_sort(hpux_acl, count)) {
DEBUG(10, ("resulting acl is not valid!\n"));
goto done;
}
DEBUG(10, ("resulting acl is valid.\n"));
ret = acl(discard_const_p(char, smb_fname->base_name), ACL_SET, count,
hpux_acl);
if (ret != 0) {
DEBUG(0, ("ERROR calling acl: %s\n", strerror(errno)));
}
done:
DEBUG(10, ("hpuxacl_sys_acl_set_file %s.\n",
((ret != 0) ? "failed" : "succeeded")));
TALLOC_FREE(smb_fname);
SAFE_FREE(hpux_acl);
return ret;
}
bool recursive_rmdir(TALLOC_CTX *ctx,
connection_struct *conn,
struct smb_filename *smb_dname)
{
const char *dname = NULL;
char *talloced = NULL;
bool ret = True;
long offset = 0;
SMB_STRUCT_STAT st;
struct smb_Dir *dir_hnd;
SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
dir_hnd = OpenDir(talloc_tos(), conn, smb_dname->base_name, NULL, 0);
if(dir_hnd == NULL)
return False;
while((dname = ReadDirName(dir_hnd, &offset, &st, &talloced))) {
struct smb_filename *smb_dname_full = NULL;
char *fullname = NULL;
bool do_break = true;
if (ISDOT(dname) || ISDOTDOT(dname)) {
TALLOC_FREE(talloced);
continue;
}
if (!is_visible_file(conn, smb_dname->base_name, dname, &st,
false)) {
TALLOC_FREE(talloced);
continue;
}
/* Construct the full name. */
fullname = talloc_asprintf(ctx,
"%s/%s",
smb_dname->base_name,
dname);
if (!fullname) {
errno = ENOMEM;
goto err_break;
}
smb_dname_full = synthetic_smb_fname(talloc_tos(), fullname,
NULL, NULL);
if (smb_dname_full == NULL) {
errno = ENOMEM;
goto err_break;
}
if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
goto err_break;
}
if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
if(!recursive_rmdir(ctx, conn, smb_dname_full)) {
goto err_break;
}
if(SMB_VFS_RMDIR(conn,
smb_dname_full->base_name) != 0) {
goto err_break;
}
} else if(SMB_VFS_UNLINK(conn, smb_dname_full) != 0) {
goto err_break;
}
/* Successful iteration. */
do_break = false;
err_break:
TALLOC_FREE(smb_dname_full);
TALLOC_FREE(fullname);
TALLOC_FREE(talloced);
if (do_break) {
ret = false;
break;
}
}
TALLOC_FREE(dir_hnd);
return ret;
}
NTSTATUS delete_all_streams(connection_struct *conn, const char *fname)
{
struct stream_struct *stream_info = NULL;
int i;
unsigned int num_streams = 0;
TALLOC_CTX *frame = talloc_stackframe();
NTSTATUS status;
status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
&num_streams, &stream_info);
if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
DEBUG(10, ("no streams around\n"));
TALLOC_FREE(frame);
return NT_STATUS_OK;
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("vfs_streaminfo failed: %s\n",
nt_errstr(status)));
goto fail;
}
DEBUG(10, ("delete_all_streams found %d streams\n",
num_streams));
if (num_streams == 0) {
TALLOC_FREE(frame);
return NT_STATUS_OK;
}
for (i=0; i<num_streams; i++) {
int res;
struct smb_filename *smb_fname_stream;
if (strequal(stream_info[i].name, "::$DATA")) {
continue;
}
smb_fname_stream = synthetic_smb_fname(
talloc_tos(), fname, stream_info[i].name, NULL);
if (smb_fname_stream == NULL) {
DEBUG(0, ("talloc_aprintf failed\n"));
status = NT_STATUS_NO_MEMORY;
goto fail;
}
res = SMB_VFS_UNLINK(conn, smb_fname_stream);
if (res == -1) {
status = map_nt_error_from_unix(errno);
DEBUG(10, ("Could not delete stream %s: %s\n",
smb_fname_str_dbg(smb_fname_stream),
strerror(errno)));
TALLOC_FREE(smb_fname_stream);
break;
}
TALLOC_FREE(smb_fname_stream);
}
fail:
TALLOC_FREE(frame);
return status;
}
static bool vxfs_compare(connection_struct *conn, char *name, SMB_ACL_T the_acl,
SMB_ACL_TYPE_T the_acl_type)
{
SMB_ACL_T existing_acl = NULL;
bool ret = false;
int i, count = 0;
TALLOC_CTX *mem_ctx = talloc_tos();
char *existing_buf = NULL, *new_buf = NULL, *compact_buf = NULL;
struct smb_filename *smb_fname = NULL;
int status;
DEBUG(10, ("vfs_vxfs: Getting existing ACL for %s\n", name));
existing_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, name, the_acl_type,
mem_ctx);
if (existing_acl == NULL) {
DEBUG(10, ("vfs_vxfs: Failed to get ACL\n"));
goto out;
}
DEBUG(10, ("vfs_vxfs: Existing ACL count=%d\n", existing_acl->count));
DEBUG(10, ("vfs_vxfs: New ACL count=%d\n", the_acl->count));
if (existing_acl->count == 0) {
DEBUG(10, ("vfs_vxfs: ACL count is 0, Need to set\n"));
goto out;
}
smb_fname = synthetic_smb_fname(mem_ctx, name, NULL, NULL, 0);
if (smb_fname == NULL) {
DEBUG(10, ("vfs_vxfs: Failed to create smb_fname\n"));
goto out;
}
status = SMB_VFS_STAT(conn, smb_fname);
if (status == -1) {
DEBUG(10, ("vfs_vxfs: stat failed!\n"));
goto out;
}
DEBUG(10, ("vfs_vxfs: Sorting existing ACL\n"));
existing_buf = vxfs_sort_acl(existing_acl, mem_ctx,
smb_fname->st.st_ex_uid,
smb_fname->st.st_ex_gid);
if (!existing_buf)
goto out;
DEBUG(10, ("vfs_vxfs: Sorting new ACL\n"));
new_buf = vxfs_sort_acl(the_acl, mem_ctx, smb_fname->st.st_ex_uid,
smb_fname->st.st_ex_gid);
if (!new_buf) {
goto out;
}
DEBUG(10, ("vfs_vxfs: Compact existing buf\n"));
compact_buf = vxfs_compact_buf(existing_buf, &count,
existing_acl->count,
mem_ctx);
if (!compact_buf) {
goto out;
}
vxfs_print_ace_buf(compact_buf, count);
/* COmpare ACLs only if count is same or mismatch by 1 */
if ((count == the_acl->count) ||
(count == the_acl->count + 1) ||
(count+1 == the_acl->count)) {
if (vxfs_compare_acls(compact_buf, new_buf, the_acl->count,
count)) {
DEBUG(10, ("vfs_vxfs: ACLs matched. Not setting.\n"));
ret = true;
goto out;
} else
DEBUG(10, ("vfs_vxfs: ACLs NOT matched. Setting\n"));
} else {
DEBUG(10, ("vfs_vxfs: ACLs count does not match. Setting\n"));
}
out:
TALLOC_FREE(existing_acl);
TALLOC_FREE(smb_fname);
TALLOC_FREE(existing_buf);
TALLOC_FREE(compact_buf);
TALLOC_FREE(new_buf);
return ret;
}
/*
* Because there is no good way to guarantee that a new xattr will be
* created on file creation there might be no acl xattr on a file when
* trying to read the acl. In this case the acl xattr will get
* constructed at that time from the parent acl.
* If the parent ACL doesn't have an xattr either the call will
* recurse to the next parent directory until the share root is
* reached. If the share root doesn't contain an ACL xattr either a
* default ACL will be used.
* Also a default ACL will be set if a non inheriting ACL is encountered.
*
* Basic algorithm:
* read acl xattr blob
* if acl xattr blob doesn't exist
* stat current directory to know if it's a file or directory
* read acl xattr blob from parent dir
* acl xattr blob to smb nfs4 acl
* calculate inherited smb nfs4 acl
* without inheritance use default smb nfs4 acl
* smb nfs4 acl to acl xattr blob
* set acl xattr blob
* return smb nfs4 acl
* else
* acl xattr blob to smb nfs4 acl
*
* Todo: Really use mem_ctx after fixing interface of nfs4_acls
*/
static struct SMB4ACL_T *nfs4acls_inheritacl(vfs_handle_struct *handle,
const char *path,
TALLOC_CTX *mem_ctx)
{
char *parent_dir = NULL;
struct SMB4ACL_T *pparentacl = NULL;
struct SMB4ACL_T *pchildacl = NULL;
struct SMB4ACE_T *pace;
SMB_ACE4PROP_T ace;
bool isdir;
struct smb_filename *smb_fname = NULL;
NTSTATUS status;
int ret;
TALLOC_CTX *frame = talloc_stackframe();
DEBUG(10, ("nfs4acls_inheritacl invoked for %s\n", path));
smb_fname = synthetic_smb_fname(frame, path, NULL, NULL);
if (smb_fname == NULL) {
TALLOC_FREE(frame);
errno = ENOMEM;
return NULL;
}
ret = SMB_VFS_STAT(handle->conn, smb_fname);
if (ret == -1) {
DEBUG(0,("nfs4acls_inheritacl: failed to stat "
"directory %s. Error was %s\n",
smb_fname_str_dbg(smb_fname),
strerror(errno)));
TALLOC_FREE(frame);
return NULL;
}
isdir = S_ISDIR(smb_fname->st.st_ex_mode);
if (!parent_dirname(talloc_tos(),
path,
&parent_dir,
NULL)) {
TALLOC_FREE(frame);
errno = ENOMEM;
return NULL;
}
status = nfs4_get_nfs4_acl(handle, frame, parent_dir, &pparentacl);
if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)
&& strncmp(parent_dir, ".", 2) != 0) {
pparentacl = nfs4acls_inheritacl(handle, parent_dir,
frame);
}
else if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
pparentacl = nfs4acls_defaultacl(frame);
}
else if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return NULL;
}
pchildacl = smb_create_smb4acl(mem_ctx);
if (pchildacl == NULL) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(frame);
errno = ENOMEM;
return NULL;
}
for (pace = smb_first_ace4(pparentacl); pace != NULL;
pace = smb_next_ace4(pace)) {
struct SMB4ACE_T *pchildace;
ace = *smb_get_ace4(pace);
if ((isdir && !(ace.aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)) ||
(!isdir && !(ace.aceFlags & SMB_ACE4_FILE_INHERIT_ACE))) {
DEBUG(10, ("non inheriting ace type: %d, iflags: %x, "
"flags: %x, mask: %x, who: %d\n",
ace.aceType, ace.flags, ace.aceFlags,
ace.aceMask, ace.who.id));
continue;
}
DEBUG(10, ("inheriting ace type: %d, iflags: %x, "
"flags: %x, mask: %x, who: %d\n",
ace.aceType, ace.flags, ace.aceFlags,
ace.aceMask, ace.who.id));
ace.aceFlags |= SMB_ACE4_INHERITED_ACE;
if (ace.aceFlags & SMB_ACE4_INHERIT_ONLY_ACE) {
ace.aceFlags &= ~SMB_ACE4_INHERIT_ONLY_ACE;
}
if (ace.aceFlags & SMB_ACE4_NO_PROPAGATE_INHERIT_ACE) {
ace.aceFlags &= ~SMB_ACE4_FILE_INHERIT_ACE;
ace.aceFlags &= ~SMB_ACE4_DIRECTORY_INHERIT_ACE;
ace.aceFlags &= ~SMB_ACE4_NO_PROPAGATE_INHERIT_ACE;
}
pchildace = smb_add_ace4(pchildacl, &ace);
if (pchildace == NULL) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(frame);
errno = ENOMEM;
return NULL;
}
}
/* Set a default ACL if we didn't inherit anything. */
if (smb_first_ace4(pchildacl) == NULL) {
TALLOC_FREE(pchildacl);
pchildacl = nfs4acls_defaultacl(mem_ctx);
}
/* store the returned ACL to get it directly in the
future and avoid dynamic inheritance behavior. */
nfs4acl_xattr_set_smb4acl(handle, path, pchildacl);
TALLOC_FREE(frame);
return pchildacl;
}
static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
files_struct *fsp, const void *data,
size_t n, off_t offset)
{
struct stream_io *sio =
(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
struct ea_struct ea;
NTSTATUS status;
struct smb_filename *smb_fname_base = NULL;
int ret;
DEBUG(10, ("streams_xattr_pwrite called for %d bytes\n", (int)n));
if (sio == NULL) {
return SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
}
if (!streams_xattr_recheck(sio)) {
return -1;
}
/* Create an smb_filename with stream_name == NULL. */
smb_fname_base = synthetic_smb_fname(talloc_tos(),
sio->base,
NULL,
NULL,
fsp->fsp_name->flags);
if (smb_fname_base == NULL) {
errno = ENOMEM;
return -1;
}
status = get_ea_value(talloc_tos(), handle->conn, NULL,
smb_fname_base, sio->xattr_name, &ea);
if (!NT_STATUS_IS_OK(status)) {
return -1;
}
if ((offset + n) > ea.value.length-1) {
uint8_t *tmp;
tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t,
offset + n + 1);
if (tmp == NULL) {
TALLOC_FREE(ea.value.data);
errno = ENOMEM;
return -1;
}
ea.value.data = tmp;
ea.value.length = offset + n + 1;
ea.value.data[offset+n] = 0;
}
memcpy(ea.value.data + offset, data, n);
ret = SMB_VFS_SETXATTR(fsp->conn,
fsp->fsp_name,
sio->xattr_name,
ea.value.data, ea.value.length, 0);
TALLOC_FREE(ea.value.data);
if (ret == -1) {
return -1;
}
return n;
}
mode_t unix_mode(connection_struct *conn, int dosmode,
const struct smb_filename *smb_fname,
const char *inherit_from_dir)
{
mode_t result = (S_IRUSR | S_IRGRP | S_IROTH | S_IWUSR | S_IWGRP | S_IWOTH);
mode_t dir_mode = 0; /* Mode of the inherit_from directory if
* inheriting. */
if (!lp_store_dos_attributes(SNUM(conn)) && IS_DOS_READONLY(dosmode)) {
result &= ~(S_IWUSR | S_IWGRP | S_IWOTH);
}
if ((inherit_from_dir != NULL) && lp_inherit_permissions(SNUM(conn))) {
struct smb_filename *smb_fname_parent;
DEBUG(2, ("unix_mode(%s) inheriting from %s\n",
smb_fname_str_dbg(smb_fname),
inherit_from_dir));
smb_fname_parent = synthetic_smb_fname(
talloc_tos(), inherit_from_dir, NULL, NULL);
if (smb_fname_parent == NULL) {
DEBUG(1,("unix_mode(%s) failed, [dir %s]: No memory\n",
smb_fname_str_dbg(smb_fname),
inherit_from_dir));
return(0);
}
if (SMB_VFS_STAT(conn, smb_fname_parent) != 0) {
DEBUG(4,("unix_mode(%s) failed, [dir %s]: %s\n",
smb_fname_str_dbg(smb_fname),
inherit_from_dir, strerror(errno)));
TALLOC_FREE(smb_fname_parent);
return(0); /* *** shouldn't happen! *** */
}
/* Save for later - but explicitly remove setuid bit for safety. */
dir_mode = smb_fname_parent->st.st_ex_mode & ~S_ISUID;
DEBUG(2,("unix_mode(%s) inherit mode %o\n",
smb_fname_str_dbg(smb_fname), (int)dir_mode));
/* Clear "result" */
result = 0;
TALLOC_FREE(smb_fname_parent);
}
if (IS_DOS_DIR(dosmode)) {
/* We never make directories read only for the owner as under DOS a user
can always create a file in a read-only directory. */
result |= (S_IFDIR | S_IWUSR);
if (dir_mode) {
/* Inherit mode of parent directory. */
result |= dir_mode;
} else {
/* Provisionally add all 'x' bits */
result |= (S_IXUSR | S_IXGRP | S_IXOTH);
/* Apply directory mask */
result &= lp_directory_mask(SNUM(conn));
/* Add in force bits */
result |= lp_force_directory_mode(SNUM(conn));
}
} else {
if (lp_map_archive(SNUM(conn)) && IS_DOS_ARCHIVE(dosmode))
result |= S_IXUSR;
if (lp_map_system(SNUM(conn)) && IS_DOS_SYSTEM(dosmode))
result |= S_IXGRP;
if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode))
result |= S_IXOTH;
if (dir_mode) {
/* Inherit 666 component of parent directory mode */
result |= dir_mode & (S_IRUSR | S_IRGRP | S_IROTH | S_IWUSR | S_IWGRP | S_IWOTH);
} else {
/* Apply mode mask */
result &= lp_create_mask(SNUM(conn));
/* Add in force bits */
result |= lp_force_create_mode(SNUM(conn));
}
}
DEBUG(3,("unix_mode(%s) returning 0%o\n", smb_fname_str_dbg(smb_fname),
(int)result));
return(result);
}
NTSTATUS vfs_default_durable_reconnect(struct connection_struct *conn,
struct smb_request *smb1req,
struct smbXsrv_open *op,
const DATA_BLOB old_cookie,
TALLOC_CTX *mem_ctx,
files_struct **result,
DATA_BLOB *new_cookie)
{
struct share_mode_lock *lck;
struct share_mode_entry *e;
struct files_struct *fsp = NULL;
NTSTATUS status;
bool ok;
int ret;
int flags = 0;
struct file_id file_id;
struct smb_filename *smb_fname = NULL;
enum ndr_err_code ndr_err;
struct vfs_default_durable_cookie cookie;
DATA_BLOB new_cookie_blob = data_blob_null;
*result = NULL;
*new_cookie = data_blob_null;
if (!lp_durable_handles(SNUM(conn))) {
return NT_STATUS_NOT_SUPPORTED;
}
/*
* the checks for kernel oplocks
* and similar things are done
* in the vfs_default_durable_cookie()
* call below.
*/
ZERO_STRUCT(cookie);
ndr_err = ndr_pull_struct_blob(&old_cookie, talloc_tos(), &cookie,
(ndr_pull_flags_fn_t)ndr_pull_vfs_default_durable_cookie);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
return status;
}
if (strcmp(cookie.magic, VFS_DEFAULT_DURABLE_COOKIE_MAGIC) != 0) {
return NT_STATUS_INVALID_PARAMETER;
}
if (cookie.version != VFS_DEFAULT_DURABLE_COOKIE_VERSION) {
return NT_STATUS_INVALID_PARAMETER;
}
if (!cookie.allow_reconnect) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (strcmp(cookie.servicepath, conn->connectpath) != 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
/* Create an smb_filename with stream_name == NULL. */
smb_fname = synthetic_smb_fname(talloc_tos(), cookie.base_name,
NULL, NULL);
if (smb_fname == NULL) {
return NT_STATUS_NO_MEMORY;
}
ret = SMB_VFS_LSTAT(conn, smb_fname);
if (ret == -1) {
status = map_nt_error_from_unix_common(errno);
DEBUG(1, ("Unable to lstat stream: %s => %s\n",
smb_fname_str_dbg(smb_fname),
nt_errstr(status)));
return status;
}
if (!S_ISREG(smb_fname->st.st_ex_mode)) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
if (!file_id_equal(&cookie.id, &file_id)) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
/*
* 1. check entry in locking.tdb
*/
lck = get_existing_share_mode_lock(mem_ctx, file_id);
if (lck == NULL) {
DEBUG(5, ("vfs_default_durable_reconnect: share-mode lock "
"not obtained from db\n"));
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (lck->data->num_share_modes == 0) {
DEBUG(1, ("vfs_default_durable_reconnect: Error: no share-mode "
"entry in existing share mode lock\n"));
TALLOC_FREE(lck);
return NT_STATUS_INTERNAL_DB_ERROR;
}
if (lck->data->num_share_modes > 1) {
/*
* It can't be durable if there is more than one handle
* on the file.
*/
DEBUG(5, ("vfs_default_durable_reconnect: more than one "
"share-mode entry - can not be durable\n"));
TALLOC_FREE(lck);
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
e = &lck->data->share_modes[0];
if (!server_id_is_disconnected(&e->pid)) {
DEBUG(5, ("vfs_default_durable_reconnect: denying durable "
"reconnect for handle that was not marked "
"disconnected (e.g. smbd or cluster node died)\n"));
TALLOC_FREE(lck);
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if (e->share_file_id != op->global->open_persistent_id) {
DEBUG(5, ("vfs_default_durable_reconnect: denying durable "
"share_file_id changed %llu != %llu"
"(e.g. another client had opened the file)\n",
(unsigned long long)e->share_file_id,
(unsigned long long)op->global->open_persistent_id));
TALLOC_FREE(lck);
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
if ((e->access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) &&
!CAN_WRITE(conn))
{
DEBUG(5, ("vfs_default_durable_reconnect: denying durable "
"share[%s] is not writeable anymore\n",
lp_servicename(talloc_tos(), SNUM(conn))));
TALLOC_FREE(lck);
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
/*
* 2. proceed with opening file
*/
status = fsp_new(conn, conn, &fsp);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("vfs_default_durable_reconnect: failed to create "
"new fsp: %s\n", nt_errstr(status)));
TALLOC_FREE(lck);
return status;
}
fsp->fh->private_options = e->private_options;
fsp->fh->gen_id = smbXsrv_open_hash(op);
fsp->file_id = file_id;
fsp->file_pid = smb1req->smbpid;
fsp->vuid = smb1req->vuid;
fsp->open_time = e->time;
fsp->access_mask = e->access_mask;
fsp->share_access = e->share_access;
fsp->can_read = ((fsp->access_mask & (FILE_READ_DATA)) != 0);
fsp->can_write = ((fsp->access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) != 0);
fsp->fnum = op->local_id;
/*
* TODO:
* Do we need to store the modified flag in the DB?
*/
fsp->modified = false;
/*
* no durables for directories
*/
fsp->is_directory = false;
/*
* For normal files, can_lock == !is_directory
*/
fsp->can_lock = true;
/*
* We do not support aio write behind for smb2
*/
fsp->aio_write_behind = false;
fsp->oplock_type = e->op_type;
fsp->initial_allocation_size = cookie.initial_allocation_size;
fsp->fh->position_information = cookie.position_information;
fsp->update_write_time_triggered = cookie.update_write_time_triggered;
fsp->update_write_time_on_close = cookie.update_write_time_on_close;
fsp->write_time_forced = cookie.write_time_forced;
fsp->close_write_time = cookie.close_write_time;
status = fsp_set_smb_fname(fsp, smb_fname);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(lck);
fsp_free(fsp);
DEBUG(0, ("vfs_default_durable_reconnect: "
"fsp_set_smb_fname failed: %s\n",
nt_errstr(status)));
return status;
}
op->compat = fsp;
fsp->op = op;
e->pid = messaging_server_id(conn->sconn->msg_ctx);
e->op_mid = smb1req->mid;
e->share_file_id = fsp->fh->gen_id;
ok = brl_reconnect_disconnected(fsp);
if (!ok) {
status = NT_STATUS_INTERNAL_ERROR;
DEBUG(1, ("vfs_default_durable_reconnect: "
"failed to reopen brlocks: %s\n",
nt_errstr(status)));
TALLOC_FREE(lck);
op->compat = NULL;
fsp_free(fsp);
return status;
}
/*
* TODO: properly calculate open flags
*/
if (fsp->can_write && fsp->can_read) {
flags = O_RDWR;
} else if (fsp->can_write) {
flags = O_WRONLY;
} else if (fsp->can_read) {
flags = O_RDONLY;
}
status = fd_open(conn, fsp, flags, 0 /* mode */);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(lck);
DEBUG(1, ("vfs_default_durable_reconnect: failed to open "
"file: %s\n", nt_errstr(status)));
op->compat = NULL;
fsp_free(fsp);
return status;
}
/*
* We now check the stat info stored in the cookie against
* the current stat data from the file we just opened.
* If any detail differs, we deny the durable reconnect,
* because in that case it is very likely that someone
* opened the file while the handle was disconnected,
* which has to be interpreted as an oplock break.
*/
ret = SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st);
if (ret == -1) {
status = map_nt_error_from_unix_common(errno);
DEBUG(1, ("Unable to fstat stream: %s => %s\n",
smb_fname_str_dbg(smb_fname),
nt_errstr(status)));
ret = SMB_VFS_CLOSE(fsp);
if (ret == -1) {
DEBUG(0, ("vfs_default_durable_reconnect: "
"SMB_VFS_CLOSE failed (%s) - leaking file "
"descriptor\n", strerror(errno)));
}
TALLOC_FREE(lck);
op->compat = NULL;
fsp_free(fsp);
return status;
}
if (!S_ISREG(fsp->fsp_name->st.st_ex_mode)) {
ret = SMB_VFS_CLOSE(fsp);
if (ret == -1) {
DEBUG(0, ("vfs_default_durable_reconnect: "
"SMB_VFS_CLOSE failed (%s) - leaking file "
"descriptor\n", strerror(errno)));
}
TALLOC_FREE(lck);
op->compat = NULL;
fsp_free(fsp);
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
file_id = vfs_file_id_from_sbuf(conn, &fsp->fsp_name->st);
if (!file_id_equal(&cookie.id, &file_id)) {
ret = SMB_VFS_CLOSE(fsp);
if (ret == -1) {
DEBUG(0, ("vfs_default_durable_reconnect: "
"SMB_VFS_CLOSE failed (%s) - leaking file "
"descriptor\n", strerror(errno)));
}
TALLOC_FREE(lck);
op->compat = NULL;
fsp_free(fsp);
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
ok = vfs_default_durable_reconnect_check_stat(&cookie.stat_info,
&fsp->fsp_name->st,
fsp_str_dbg(fsp));
if (!ok) {
ret = SMB_VFS_CLOSE(fsp);
if (ret == -1) {
DEBUG(0, ("vfs_default_durable_reconnect: "
"SMB_VFS_CLOSE failed (%s) - leaking file "
"descriptor\n", strerror(errno)));
}
TALLOC_FREE(lck);
op->compat = NULL;
fsp_free(fsp);
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
status = set_file_oplock(fsp);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("vfs_default_durable_reconnect failed to set oplock "
"after opening file: %s\n", nt_errstr(status)));
ret = SMB_VFS_CLOSE(fsp);
if (ret == -1) {
DEBUG(0, ("vfs_default_durable_reconnect: "
"SMB_VFS_CLOSE failed (%s) - leaking file "
"descriptor\n", strerror(errno)));
}
TALLOC_FREE(lck);
op->compat = NULL;
fsp_free(fsp);
return status;
}
status = vfs_default_durable_cookie(fsp, mem_ctx, &new_cookie_blob);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(lck);
DEBUG(1, ("vfs_default_durable_reconnect: "
"vfs_default_durable_cookie - %s\n",
nt_errstr(status)));
op->compat = NULL;
fsp_free(fsp);
return status;
}
smb1req->chain_fsp = fsp;
smb1req->smb2req->compat_chain_fsp = fsp;
DEBUG(10, ("vfs_default_durable_reconnect: opened file '%s'\n",
fsp_str_dbg(fsp)));
/*
* release the sharemode lock: this writes the changes
*/
lck->data->modified = true;
TALLOC_FREE(lck);
*result = fsp;
*new_cookie = new_cookie_blob;
return NT_STATUS_OK;
}