static NTSTATUS skel_create_file(struct vfs_handle_struct *handle,
struct smb_request *req,
uint16_t root_dir_fid,
struct smb_filename *smb_fname,
uint32_t access_mask,
uint32_t share_access,
uint32_t create_disposition,
uint32_t create_options,
uint32_t file_attributes,
uint32_t oplock_request,
struct smb2_lease *lease,
uint64_t allocation_size,
uint32_t private_flags,
struct security_descriptor *sd,
struct ea_list *ea_list,
files_struct ** result, int *pinfo,
const struct smb2_create_blobs *in_context_blobs,
struct smb2_create_blobs *out_context_blobs)
{
return SMB_VFS_NEXT_CREATE_FILE(handle,
req,
root_dir_fid,
smb_fname,
access_mask,
share_access,
create_disposition,
create_options,
file_attributes,
oplock_request,
lease,
allocation_size,
private_flags,
sd, ea_list, result, pinfo,
in_context_blobs, out_context_blobs);
}
static NTSTATUS vfs_worm_create_file(vfs_handle_struct *handle,
struct smb_request *req,
uint16_t root_dir_fid,
struct smb_filename *smb_fname,
uint32_t access_mask,
uint32_t share_access,
uint32_t create_disposition,
uint32_t create_options,
uint32_t file_attributes,
uint32_t oplock_request,
uint64_t allocation_size,
uint32_t private_flags,
struct security_descriptor *sd,
struct ea_list *ea_list,
files_struct **result,
int *pinfo)
{
bool readonly = false;
const uint32_t write_access_flags =
FILE_WRITE_DATA | FILE_APPEND_DATA |
FILE_WRITE_ATTRIBUTES | DELETE_ACCESS |
WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS;
NTSTATUS status;
if (VALID_STAT(smb_fname->st)) {
double age;
age = timespec_elapsed(&smb_fname->st.st_ex_ctime);
if (age > lp_parm_int(SNUM(handle->conn), "worm",
"grace_period", 3600)) {
readonly = true;
}
}
if (readonly && (access_mask & write_access_flags)) {
return NT_STATUS_ACCESS_DENIED;
}
status = SMB_VFS_NEXT_CREATE_FILE(
handle, req, root_dir_fid, smb_fname, access_mask,
share_access, create_disposition, create_options,
file_attributes, oplock_request, allocation_size,
private_flags, sd, ea_list, result, pinfo);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/*
* Access via MAXIMUM_ALLOWED_ACCESS?
*/
if (readonly && ((*result)->access_mask & write_access_flags)) {
close_file(req, *result, NORMAL_CLOSE);
return NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_OK;
}
static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
struct smb_request *req,
uint16_t root_dir_fid,
struct smb_filename *smb_fname,
uint32_t access_mask,
uint32_t share_access,
uint32_t create_disposition,
uint32_t create_options,
uint32_t file_attributes,
uint32_t oplock_request,
uint64_t allocation_size,
struct security_descriptor *sd,
struct ea_list *ea_list,
files_struct **result,
int *pinfo)
{
NTSTATUS status, status1;
files_struct *fsp = NULL;
int info;
struct security_descriptor *parent_sd = NULL;
status = SMB_VFS_NEXT_CREATE_FILE(handle,
req,
root_dir_fid,
smb_fname,
access_mask,
share_access,
create_disposition,
create_options,
file_attributes,
oplock_request,
allocation_size,
sd,
ea_list,
result,
&info);
if (info != FILE_WAS_CREATED) {
/* File/directory was opened, not created. */
goto out;
}
fsp = *result;
if (!NT_STATUS_IS_OK(status) || fsp == NULL) {
/* Only handle success. */
goto out;
}
if (sd) {
/* Security descriptor already set. */
goto out;
}
if (fsp->base_fsp) {
/* Stream open. */
goto out;
}
/* We must have a cached parent sd in this case.
* attached to the handle. */
SMB_VFS_HANDLE_GET_DATA(handle, parent_sd,
struct security_descriptor,
goto err);
if (!parent_sd) {
goto err;
}
/* New directory - inherit from parent. */
status1 = inherit_new_acl(handle, fsp, parent_sd, fsp->is_directory);
if (!NT_STATUS_IS_OK(status1)) {
DEBUG(1,("create_file_acl_common: error setting "
"sd for %s (%s)\n",
fsp_str_dbg(fsp),
nt_errstr(status1) ));
}
out:
/* Ensure we never leave attached data around. */
SMB_VFS_HANDLE_FREE_DATA(handle);
if (NT_STATUS_IS_OK(status) && pinfo) {
*pinfo = info;
}
return status;
err:
smb_panic("create_file_acl_common: logic error.\n");
/* NOTREACHED */
return status;
}
