search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
utils: Fix up 14a533680245
[samba4-gss.git] / source3 / smbd / files.c
blob50bf9b588517059e06bce8b969514a281d88a561
1 /*
2 Unix SMB/CIFS implementation.
3 Files[] structure handling
4 Copyright (C) Andrew Tridgell 1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "smbd/smbd.h"
22 #include "smbd/globals.h"
23 #include "smbd/smbXsrv_open.h"
24 #include "libcli/security/security.h"
25 #include "util_tdb.h"
26 #include "lib/util/bitmap.h"
27 #include "lib/util/strv.h"
28 #include "lib/util/memcache.h"
29 #include "libcli/smb/reparse.h"
30
31 #define FILE_HANDLE_OFFSET 0x1000
32
33 static NTSTATUS fsp_attach_smb_fname(struct files_struct *fsp,
34 struct smb_filename **_smb_fname);
35
36 /**
37 * create new fsp to be used for file_new or a durable handle reconnect
38 */
39 NTSTATUS fsp_new(struct connection_struct *conn, TALLOC_CTX *mem_ctx,
40 files_struct **result)
41 {
42 NTSTATUS status = NT_STATUS_NO_MEMORY;
43 files_struct *fsp = NULL;
44 struct smbd_server_connection *sconn = conn->sconn;
45
46 fsp = talloc_zero(mem_ctx, struct files_struct);
47 if (fsp == NULL) {
48 goto fail;
49 }
50
51 /*
52 * This can't be a child of fsp because the file_handle can be ref'd
53 * when doing a dos/fcb open, which will then share the file_handle
54 * across multiple fsps.
55 */
56 fsp->fh = fd_handle_create(mem_ctx);
57 if (fsp->fh == NULL) {
58 goto fail;
59 }
60
61 fsp->fsp_flags.use_ofd_locks = !lp_smbd_force_process_locks(SNUM(conn));
62 #ifndef HAVE_OFD_LOCKS
63 fsp->fsp_flags.use_ofd_locks = false;
64 #endif
65
66 fh_set_refcount(fsp->fh, 1);
67 fsp_set_fd(fsp, -1);
68
69 fsp->fnum = FNUM_FIELD_INVALID;
70 fsp->conn = conn;
71 fsp->close_write_time = make_omit_timespec();
72
73 DLIST_ADD(sconn->files, fsp);
74 sconn->num_files += 1;
75
76 conn->num_files_open++;
77
78 DBG_INFO("allocated files structure (%u used)\n",
79 (unsigned int)sconn->num_files);
80
81 *result = fsp;
82 return NT_STATUS_OK;
83
84 fail:
85 if (fsp != NULL) {
86 TALLOC_FREE(fsp->fh);
87 }
88 TALLOC_FREE(fsp);
89
90 return status;
91 }
92
93 void fsp_set_gen_id(files_struct *fsp)
94 {
95 static uint64_t gen_id = 1;
96
97 /*
98 * A billion of 64-bit increments per second gives us
99 * more than 500 years of runtime without wrap.
100 */
101 gen_id++;
102 fh_set_gen_id(fsp->fh, gen_id);
103 }
104
105 /****************************************************************************
106 Find first available file slot.
107 ****************************************************************************/
108
109 NTSTATUS fsp_bind_smb(struct files_struct *fsp, struct smb_request *req)
110 {
111 struct smbXsrv_open *op = NULL;
112 NTTIME now;
113 NTSTATUS status;
114
115 if (req == NULL) {
116 DBG_DEBUG("INTERNAL_OPEN_ONLY, skipping smbXsrv_open\n");
117 return NT_STATUS_OK;
118 }
119
120 now = timeval_to_nttime(&fsp->open_time);
121
122 status = smbXsrv_open_create(req->xconn,
123 fsp->conn->session_info,
124 now,
125 &op);
126 if (!NT_STATUS_IS_OK(status)) {
127 return status;
128 }
129 fsp->op = op;
130 op->compat = fsp;
131 fsp->fnum = op->local_id;
132
133 fsp->mid = req->mid;
134 req->chain_fsp = fsp;
135
136 DBG_DEBUG("fsp [%s] mid [%" PRIu64"]\n",
137 fsp_str_dbg(fsp), fsp->mid);
138
139 return NT_STATUS_OK;
140 }
141
142 NTSTATUS file_new(struct smb_request *req, connection_struct *conn,
143 files_struct **result)
144 {
145 struct smbd_server_connection *sconn = conn->sconn;
146 files_struct *fsp;
147 NTSTATUS status;
148
149 status = fsp_new(conn, conn, &fsp);
150 if (!NT_STATUS_IS_OK(status)) {
151 return status;
152 }
153
154 GetTimeOfDay(&fsp->open_time);
155
156 status = fsp_bind_smb(fsp, req);
157 if (!NT_STATUS_IS_OK(status)) {
158 file_free(NULL, fsp);
159 return status;
160 }
161
162 fsp_set_gen_id(fsp);
163
164 /*
165 * Create an smb_filename with "" for the base_name. There are very
166 * few NULL checks, so make sure it's initialized with something. to
167 * be safe until an audit can be done.
168 */
169 fsp->fsp_name = synthetic_smb_fname(fsp,
170 "",
171 NULL,
172 NULL,
173 0,
174 0);
175 if (fsp->fsp_name == NULL) {
176 file_free(NULL, fsp);
177 return NT_STATUS_NO_MEMORY;
178 }
179
180 DBG_INFO("new file %s\n", fsp_fnum_dbg(fsp));
181
182 /* A new fsp invalidates the positive and
183 negative fsp_fi_cache as the new fsp is pushed
184 at the start of the list and we search from
185 a cache hit to the *end* of the list. */
186
187 ZERO_STRUCT(sconn->fsp_fi_cache);
188
189 *result = fsp;
190 return NT_STATUS_OK;
191 }
192
193 NTSTATUS create_internal_fsp(connection_struct *conn,
194 const struct smb_filename *smb_fname,
195 struct files_struct **_fsp)
196 {
197 struct files_struct *fsp = NULL;
198 NTSTATUS status;
199
200 status = file_new(NULL, conn, &fsp);
201 if (!NT_STATUS_IS_OK(status)) {
202 return status;
203 }
204
205 status = fsp_set_smb_fname(fsp, smb_fname);
206 if (!NT_STATUS_IS_OK(status)) {
207 file_free(NULL, fsp);
208 return status;
209 }
210
211 *_fsp = fsp;
212 return NT_STATUS_OK;
213 }
214
215 /*
216 * Create an internal fsp for an *existing* directory.
217 *
218 * This should only be used by callers in the VFS that need to control the
219 * opening of the directory. Otherwise use open_internal_dirfsp().
220 */
221 NTSTATUS create_internal_dirfsp(connection_struct *conn,
222 const struct smb_filename *smb_dname,
223 struct files_struct **_fsp)
224 {
225 struct files_struct *fsp = NULL;
226 NTSTATUS status;
227
228 status = create_internal_fsp(conn, smb_dname, &fsp);
229 if (!NT_STATUS_IS_OK(status)) {
230 return status;
231 }
232
233 fsp->access_mask = FILE_LIST_DIRECTORY;
234 fsp->fsp_flags.is_directory = true;
235 fsp->fsp_flags.is_dirfsp = true;
236
237 *_fsp = fsp;
238 return NT_STATUS_OK;
239 }
240
241 /*
242 * Open an internal fsp for an *existing* directory.
243 */
244 NTSTATUS open_internal_dirfsp(connection_struct *conn,
245 const struct smb_filename *smb_dname,
246 int _open_flags,
247 struct files_struct **_fsp)
248 {
249 struct vfs_open_how how = { .flags = _open_flags, };
250 struct files_struct *fsp = NULL;
251 NTSTATUS status;
252
253 status = create_internal_dirfsp(conn, smb_dname, &fsp);
254 if (!NT_STATUS_IS_OK(status)) {
255 return status;
256 }
257
258 #ifdef O_DIRECTORY
259 how.flags |= O_DIRECTORY;
260 #endif
261 status = fd_openat(conn->cwd_fsp, fsp->fsp_name, fsp, &how);
262 if (!NT_STATUS_IS_OK(status)) {
263 DBG_INFO("Could not open fd for %s (%s)\n",
264 smb_fname_str_dbg(smb_dname),
265 nt_errstr(status));
266 file_free(NULL, fsp);
267 return status;
268 }
269
270 status = vfs_stat_fsp(fsp);
271 if (!NT_STATUS_IS_OK(status)) {
272 file_free(NULL, fsp);
273 return status;
274 }
275
276 if (!S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
277 DBG_ERR("%s is not a directory!\n",
278 smb_fname_str_dbg(smb_dname));
279 file_free(NULL, fsp);
280 return NT_STATUS_NOT_A_DIRECTORY;
281 }
282
283 fsp->file_id = vfs_file_id_from_sbuf(conn, &fsp->fsp_name->st);
284
285 *_fsp = fsp;
286 return NT_STATUS_OK;
287 }
288
289 /*
290 * Convert a pathref dirfsp into a real fsp. No need to do any cwd
291 * tricks, we just open ".".
292 */
293 NTSTATUS openat_internal_dir_from_pathref(
294 struct files_struct *dirfsp,
295 int _open_flags,
296 struct files_struct **_fsp)
297 {
298 struct connection_struct *conn = dirfsp->conn;
299 struct smb_filename *smb_dname = dirfsp->fsp_name;
300 struct files_struct *fsp = NULL;
301 char dot[] = ".";
302 struct smb_filename smb_dot = {
303 .base_name = dot,
304 .flags = smb_dname->flags,
305 .twrp = smb_dname->twrp,
306 };
307 struct vfs_open_how how = { .flags = _open_flags, };
308 NTSTATUS status;
309
310 status = create_internal_dirfsp(conn, smb_dname, &fsp);
311 if (!NT_STATUS_IS_OK(status)) {
312 return status;
313 }
314
315 /*
316 * Pointless for opening ".", but you never know...
317 */
318 how.flags |= O_NOFOLLOW;
319
320 status = fd_openat(dirfsp, &smb_dot, fsp, &how);
321 if (!NT_STATUS_IS_OK(status)) {
322 DBG_INFO("fd_openat(\"%s\", \".\") failed: %s\n",
323 fsp_str_dbg(dirfsp),
324 nt_errstr(status));
325 file_free(NULL, fsp);
326 return status;
327 }
328
329 fsp->fsp_name->st = smb_dname->st;
330 fsp->file_id = vfs_file_id_from_sbuf(conn, &fsp->fsp_name->st);
331 *_fsp = fsp;
332 return NT_STATUS_OK;
333 }
334
335 /*
336 * The "link" in the name doesn't imply link in the filesystem
337 * sense. It's a object that "links" together an fsp and an smb_fname
338 * and the link allocated as talloc child of an fsp.
339 *
340 * The link is created for fsps that openat_pathref_fsp() returns in
341 * smb_fname->fsp. When this fsp is freed by file_free() by some caller
342 * somewhere, the destructor fsp_smb_fname_link_destructor() on the link object
343 * will use the link to reset the reference in smb_fname->fsp that is about to
344 * go away.
345 *
346 * This prevents smb_fname_internal_fsp_destructor() from seeing dangling fsp
347 * pointers.
348 */
349
350 struct fsp_smb_fname_link {
351 struct fsp_smb_fname_link **smb_fname_link;
352 struct files_struct **smb_fname_fsp;
353 };
354
355 static int fsp_smb_fname_link_destructor(struct fsp_smb_fname_link *link)
356 {
357 if (link->smb_fname_link == NULL) {
358 return 0;
359 }
360
361 *link->smb_fname_link = NULL;
362 *link->smb_fname_fsp = NULL;
363 return 0;
364 }
365
366 static NTSTATUS fsp_smb_fname_link(struct files_struct *fsp,
367 struct fsp_smb_fname_link **smb_fname_link,
368 struct files_struct **smb_fname_fsp)
369 {
370 struct fsp_smb_fname_link *link = NULL;
371
372 SMB_ASSERT(*smb_fname_link == NULL);
373 SMB_ASSERT(*smb_fname_fsp == NULL);
374
375 link = talloc_zero(fsp, struct fsp_smb_fname_link);
376 if (link == NULL) {
377 return NT_STATUS_NO_MEMORY;
378 }
379
380 link->smb_fname_link = smb_fname_link;
381 link->smb_fname_fsp = smb_fname_fsp;
382 *smb_fname_link = link;
383 *smb_fname_fsp = fsp;
384
385 talloc_set_destructor(link, fsp_smb_fname_link_destructor);
386 return NT_STATUS_OK;
387 }
388
389 /*
390 * Free a link, carefully avoiding to trigger the link destructor
391 */
392 static void destroy_fsp_smb_fname_link(struct fsp_smb_fname_link **_link)
393 {
394 struct fsp_smb_fname_link *link = *_link;
395
396 if (link == NULL) {
397 return;
398 }
399 talloc_set_destructor(link, NULL);
400 TALLOC_FREE(link);
401 *_link = NULL;
402 }
403
404 /*
405 * Talloc destructor set on an smb_fname set by openat_pathref_fsp() used to
406 * close the embedded smb_fname->fsp.
407 */
408 static int smb_fname_fsp_destructor(struct smb_filename *smb_fname)
409 {
410 struct files_struct *fsp = smb_fname->fsp;
411 struct files_struct *base_fsp = NULL;
412 NTSTATUS status;
413 int saved_errno = errno;
414
415 destroy_fsp_smb_fname_link(&smb_fname->fsp_link);
416
417 if (fsp == NULL) {
418 errno = saved_errno;
419 return 0;
420 }
421
422 if (fsp_is_alternate_stream(fsp)) {
423 base_fsp = fsp->base_fsp;
424 }
425
426 status = fd_close(fsp);
427 if (!NT_STATUS_IS_OK(status)) {
428 DBG_ERR("Closing fd for fsp [%s] failed: %s. "
429 "Please check your filesystem!!!\n",
430 fsp_str_dbg(fsp), nt_errstr(status));
431 }
432 file_free(NULL, fsp);
433 smb_fname->fsp = NULL;
434
435 if (base_fsp != NULL) {
436 base_fsp->stream_fsp = NULL;
437 status = fd_close(base_fsp);
438 if (!NT_STATUS_IS_OK(status)) {
439 DBG_ERR("Closing fd for base_fsp [%s] failed: %s. "
440 "Please check your filesystem!!!\n",
441 fsp_str_dbg(base_fsp), nt_errstr(status));
442 }
443 file_free(NULL, base_fsp);
444 }
445
446 errno = saved_errno;
447 return 0;
448 }
449
450 static NTSTATUS openat_pathref_fullname(
451 struct connection_struct *conn,
452 const struct files_struct *dirfsp,
453 struct files_struct *basefsp,
454 struct smb_filename **full_fname,
455 struct smb_filename *smb_fname,
456 const struct vfs_open_how *how)
457 {
458 struct files_struct *fsp = NULL;
459 bool have_dirfsp = (dirfsp != NULL);
460 bool have_basefsp = (basefsp != NULL);
461 NTSTATUS status;
462
463 DBG_DEBUG("smb_fname [%s]\n", smb_fname_str_dbg(smb_fname));
464
465 SMB_ASSERT(smb_fname->fsp == NULL);
466 SMB_ASSERT(have_dirfsp != have_basefsp);
467
468 status = fsp_new(conn, conn, &fsp);
469 if (!NT_STATUS_IS_OK(status)) {
470 return status;
471 }
472
473 GetTimeOfDay(&fsp->open_time);
474 fsp_set_gen_id(fsp);
475 ZERO_STRUCT(conn->sconn->fsp_fi_cache);
476
477 fsp->fsp_flags.is_pathref = true;
478
479 status = fsp_attach_smb_fname(fsp, full_fname);
480 if (!NT_STATUS_IS_OK(status)) {
481 goto fail;
482 }
483 fsp_set_base_fsp(fsp, basefsp);
484
485 status = fd_openat(dirfsp, smb_fname, fsp, how);
486 if (!NT_STATUS_IS_OK(status)) {
487
488 smb_fname->st = fsp->fsp_name->st;
489
490 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND) ||
491 NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_PATH_NOT_FOUND) ||
492 NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK))
493 {
494 /*
495 * streams_xattr return NT_STATUS_NOT_FOUND for
496 * opens of not yet existing streams.
497 *
498 * ELOOP maps to NT_STATUS_OBJECT_PATH_NOT_FOUND
499 * and this will result from a open request from
500 * a POSIX client on a symlink.
501 *
502 * NT_STATUS_OBJECT_NAME_NOT_FOUND is the simple
503 * ENOENT case.
504 *
505 * NT_STATUS_STOPPED_ON_SYMLINK is returned when trying
506 * to open a symlink, our callers are not interested in
507 * this.
508 */
509 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
510 }
511 goto fail;
512 }
513
514 /*
515 * fd_openat() has done an FSTAT on the handle
516 * so update the smb_fname stat info with "truth".
517 * from the handle.
518 */
519 smb_fname->st = fsp->fsp_name->st;
520
521 fsp->fsp_flags.is_directory = S_ISDIR(fsp->fsp_name->st.st_ex_mode);
522
523 fsp->file_id = vfs_file_id_from_sbuf(conn, &fsp->fsp_name->st);
524
525 status = fsp_smb_fname_link(fsp,
526 &smb_fname->fsp_link,
527 &smb_fname->fsp);
528 if (!NT_STATUS_IS_OK(status)) {
529 goto fail;
530 }
531
532 DBG_DEBUG("fsp [%s]: OK\n", fsp_str_dbg(fsp));
533
534 talloc_set_destructor(smb_fname, smb_fname_fsp_destructor);
535 return NT_STATUS_OK;
536
537 fail:
538 DBG_DEBUG("Opening pathref for [%s] failed: %s\n",
539 smb_fname_str_dbg(smb_fname),
540 nt_errstr(status));
541
542 fsp_set_base_fsp(fsp, NULL);
543 fd_close(fsp);
544 file_free(NULL, fsp);
545 return status;
546 }
547
548 /*
549 * Open an internal O_PATH based fsp for smb_fname. If O_PATH is not
550 * available, open O_RDONLY as root. Both is done in fd_open() ->
551 * non_widelink_open(), triggered by setting fsp->fsp_flags.is_pathref to
552 * true.
553 */
554 NTSTATUS openat_pathref_fsp(const struct files_struct *dirfsp,
555 struct smb_filename *smb_fname)
556 {
557 connection_struct *conn = dirfsp->conn;
558 struct smb_filename *full_fname = NULL;
559 struct smb_filename *base_fname = NULL;
560 struct vfs_open_how how = { .flags = O_RDONLY|O_NONBLOCK, };
561 NTSTATUS status;
562
563 DBG_DEBUG("smb_fname [%s]\n", smb_fname_str_dbg(smb_fname));
564
565 if (smb_fname->fsp != NULL) {
566 /* We already have one for this name. */
567 DBG_DEBUG("smb_fname [%s] already has a pathref fsp.\n",
568 smb_fname_str_dbg(smb_fname));
569 return NT_STATUS_OK;
570 }
571
572 if (is_named_stream(smb_fname) &&
573 ((conn->fs_capabilities & FILE_NAMED_STREAMS) == 0)) {
574 DBG_DEBUG("stream open [%s] on non-stream share\n",
575 smb_fname_str_dbg(smb_fname));
576 return NT_STATUS_OBJECT_NAME_INVALID;
577 }
578
579 if (!is_named_stream(smb_fname)) {
580 /*
581 * openat_pathref_fullname() will make "full_fname" a
582 * talloc child of the smb_fname->fsp. Don't use
583 * talloc_tos() to allocate it to avoid making the
584 * talloc stackframe pool long-lived.
585 */
586 full_fname = full_path_from_dirfsp_atname(
587 conn,
588 dirfsp,
589 smb_fname);
590 if (full_fname == NULL) {
591 status = NT_STATUS_NO_MEMORY;
592 goto fail;
593 }
594 status = openat_pathref_fullname(
595 conn, dirfsp, NULL, &full_fname, smb_fname, &how);
596 TALLOC_FREE(full_fname);
597 return status;
598 }
599
600 /*
601 * stream open
602 */
603 base_fname = cp_smb_filename_nostream(conn, smb_fname);
604 if (base_fname == NULL) {
605 return NT_STATUS_NO_MEMORY;
606 }
607
608 full_fname = full_path_from_dirfsp_atname(
609 conn, /* no talloc_tos(), see comment above */
610 dirfsp,
611 base_fname);
612 if (full_fname == NULL) {
613 status = NT_STATUS_NO_MEMORY;
614 goto fail;
615 }
616
617 status = openat_pathref_fullname(
618 conn, dirfsp, NULL, &full_fname, base_fname, &how);
619 TALLOC_FREE(full_fname);
620 if (!NT_STATUS_IS_OK(status)) {
621 DBG_DEBUG("openat_pathref_fullname() failed: %s\n",
622 nt_errstr(status));
623 goto fail;
624 }
625
626 status = open_stream_pathref_fsp(&base_fname->fsp, smb_fname);
627 if (!NT_STATUS_IS_OK(status)) {
628 DBG_DEBUG("open_stream_pathref_fsp failed: %s\n",
629 nt_errstr(status));
630 goto fail;
631 }
632
633 smb_fname_fsp_unlink(base_fname);
634 fail:
635 TALLOC_FREE(base_fname);
636 return status;
637 }
638
639 /*
640 * Open a stream given an already opened base_fsp. Avoid
641 * non_widelink_open: This is only valid for the case where we have a
642 * valid non-cwd_fsp dirfsp that we can pass to SMB_VFS_OPENAT()
643 */
644 NTSTATUS open_stream_pathref_fsp(
645 struct files_struct **_base_fsp,
646 struct smb_filename *smb_fname)
647 {
648 struct files_struct *base_fsp = *_base_fsp;
649 connection_struct *conn = base_fsp->conn;
650 struct smb_filename *base_fname = base_fsp->fsp_name;
651 struct smb_filename *full_fname = NULL;
652 struct vfs_open_how how = { .flags = O_RDONLY|O_NONBLOCK, };
653 NTSTATUS status;
654
655 SMB_ASSERT(smb_fname->fsp == NULL);
656 SMB_ASSERT(is_named_stream(smb_fname));
657
658 full_fname = synthetic_smb_fname(
659 conn, /* no talloc_tos(), this will be long-lived */
660 base_fname->base_name,
661 smb_fname->stream_name,
662 &smb_fname->st,
663 smb_fname->twrp,
664 smb_fname->flags);
665 if (full_fname == NULL) {
666 return NT_STATUS_NO_MEMORY;
667 }
668
669 status = openat_pathref_fullname(
670 conn, NULL, base_fsp, &full_fname, smb_fname, &how);
671 TALLOC_FREE(full_fname);
672 return status;
673 }
674
675 NTSTATUS readlink_talloc(
676 TALLOC_CTX *mem_ctx,
677 struct files_struct *dirfsp,
678 struct smb_filename *smb_relname,
679 char **_substitute)
680 {
681 struct smb_filename null_fname = {
682 .base_name = discard_const_p(char, ""),
683 };
684 char buf[PATH_MAX];
685 ssize_t ret;
686 char *substitute;
687 NTSTATUS status;
688
689 if (smb_relname == NULL) {
690 /*
691 * We have a Linux O_PATH handle in dirfsp and want to
692 * read its value, essentially a freadlink
693 */
694 smb_relname = &null_fname;
695 }
696
697 ret = SMB_VFS_READLINKAT(
698 dirfsp->conn, dirfsp, smb_relname, buf, sizeof(buf));
699 if (ret < 0) {
700 status = map_nt_error_from_unix(errno);
701 DBG_DEBUG("SMB_VFS_READLINKAT() failed: %s\n",
702 strerror(errno));
703 return status;
704 }
705
706 if ((size_t)ret == sizeof(buf)) {
707 /*
708 * Do we need symlink targets longer than PATH_MAX?
709 */
710 DBG_DEBUG("Got full %zu bytes from readlink, too long\n",
711 sizeof(buf));
712 return NT_STATUS_BUFFER_OVERFLOW;
713 }
714
715 substitute = talloc_strndup(mem_ctx, buf, ret);
716 if (substitute == NULL) {
717 DBG_DEBUG("talloc_strndup() failed\n");
718 return NT_STATUS_NO_MEMORY;
719 }
720
721 *_substitute = substitute;
722 return NT_STATUS_OK;
723 }
724
725 NTSTATUS read_symlink_reparse(TALLOC_CTX *mem_ctx,
726 struct files_struct *dirfsp,
727 struct smb_filename *smb_relname,
728 struct reparse_data_buffer **_reparse)
729 {
730 struct reparse_data_buffer *reparse = NULL;
731 struct symlink_reparse_struct *lnk = NULL;
732 NTSTATUS status;
733
734 reparse = talloc(mem_ctx, struct reparse_data_buffer);
735 if (reparse == NULL) {
736 goto nomem;
737 }
738 *reparse = (struct reparse_data_buffer){
739 .tag = IO_REPARSE_TAG_SYMLINK,
740 };
741 lnk = &reparse->parsed.lnk;
742
743 status = readlink_talloc(reparse,
744 dirfsp,
745 smb_relname,
746 &lnk->substitute_name);
747 if (!NT_STATUS_IS_OK(status)) {
748 DBG_DEBUG("readlink_talloc failed: %s\n", nt_errstr(status));
749 goto fail;
750 }
751
752 if (lnk->substitute_name[0] == '/') {
753 char *subdir_path = NULL;
754 char *abs_target_canon = NULL;
755 const char *relative = NULL;
756 bool in_share;
757
758 subdir_path = talloc_asprintf(talloc_tos(),
759 "%s/%s",
760 dirfsp->conn->connectpath,
761 dirfsp->fsp_name->base_name);
762 if (subdir_path == NULL) {
763 goto nomem;
764 }
765
766 abs_target_canon = canonicalize_absolute_path(
767 talloc_tos(), lnk->substitute_name);
768 if (abs_target_canon == NULL) {
769 goto nomem;
770 }
771
772 in_share = subdir_of(subdir_path,
773 strlen(subdir_path),
774 abs_target_canon,
775 &relative);
776 if (in_share) {
777 TALLOC_FREE(lnk->substitute_name);
778 lnk->substitute_name = talloc_strdup(reparse,
779 relative);
780 if (lnk->substitute_name == NULL) {
781 goto nomem;
782 }
783 }
784 }
785
786 if (!IS_DIRECTORY_SEP(lnk->substitute_name[0])) {
787 lnk->flags |= SYMLINK_FLAG_RELATIVE;
788 }
789
790 *_reparse = reparse;
791 return NT_STATUS_OK;
792 nomem:
793 status = NT_STATUS_NO_MEMORY;
794 fail:
795 TALLOC_FREE(reparse);
796 return status;
797 }
798
799 static bool full_path_extend(char **dir, const char *atname)
800 {
801 talloc_asprintf_addbuf(dir,
802 "%s%s",
803 (*dir)[0] == '\0' ? "" : "/",
804 atname);
805 return (*dir) != NULL;
806 }
807
808 /*
809 * Create the memcache-key for GETREALFILENAME_CACHE: This supplements
810 * the stat cache for the last component to be looked up. Cache
811 * contents is the correctly capitalized translation of the parameter
812 * "name" as it exists on disk. This is indexed by inode of the dirfsp
813 * and name, and contrary to stat_cahce_lookup() it does not
814 * vfs_stat() the last component. This will be taken care of by an
815 * attempt to do a openat_pathref_fsp().
816 */
817 static bool get_real_filename_cache_key(TALLOC_CTX *mem_ctx,
818 struct files_struct *dirfsp,
819 const char *name,
820 DATA_BLOB *_key)
821 {
822 struct file_id fid = vfs_file_id_from_sbuf(dirfsp->conn,
823 &dirfsp->fsp_name->st);
824 char *upper = NULL;
825 uint8_t *key = NULL;
826 size_t namelen, keylen;
827
828 upper = talloc_strdup_upper(mem_ctx, name);
829 if (upper == NULL) {
830 return false;
831 }
832 namelen = talloc_get_size(upper);
833
834 keylen = namelen + sizeof(fid);
835 if (keylen < sizeof(fid)) {
836 TALLOC_FREE(upper);
837 return false;
838 }
839
840 key = talloc_size(mem_ctx, keylen);
841 if (key == NULL) {
842 TALLOC_FREE(upper);
843 return false;
844 }
845
846 memcpy(key, &fid, sizeof(fid));
847 memcpy(key + sizeof(fid), upper, namelen);
848 TALLOC_FREE(upper);
849
850 *_key = (DATA_BLOB){
851 .data = key,
852 .length = keylen,
853 };
854 return true;
855 }
856
857 static int smb_vfs_openat_ci(TALLOC_CTX *mem_ctx,
858 bool case_sensitive,
859 struct connection_struct *conn,
860 struct files_struct *dirfsp,
861 struct smb_filename *smb_fname_rel,
862 files_struct *fsp,
863 const struct vfs_open_how *how)
864 {
865 char *orig_base_name = smb_fname_rel->base_name;
866 DATA_BLOB cache_key = {
867 .data = NULL,
868 };
869 DATA_BLOB cache_value = {
870 .data = NULL,
871 };
872 NTSTATUS status;
873 int fd;
874 bool ok;
875
876 fd = SMB_VFS_OPENAT(conn, dirfsp, smb_fname_rel, fsp, how);
877 if ((fd >= 0) || case_sensitive) {
878 return fd;
879 }
880 if (errno != ENOENT) {
881 return -1;
882 }
883
884 if (!lp_stat_cache()) {
885 goto lookup;
886 }
887
888 ok = get_real_filename_cache_key(mem_ctx,
889 dirfsp,
890 orig_base_name,
891 &cache_key);
892 if (!ok) {
893 /*
894 * probably ENOMEM, just bail
895 */
896 errno = ENOMEM;
897 return -1;
898 }
899
900 DO_PROFILE_INC(statcache_lookups);
901
902 ok = memcache_lookup(NULL,
903 GETREALFILENAME_CACHE,
904 cache_key,
905 &cache_value);
906 if (!ok) {
907 DO_PROFILE_INC(statcache_misses);
908 goto lookup;
909 }
910 DO_PROFILE_INC(statcache_hits);
911
912 smb_fname_rel->base_name = talloc_strndup(mem_ctx,
913 (char *)cache_value.data,
914 cache_value.length);
915 if (smb_fname_rel->base_name == NULL) {
916 TALLOC_FREE(cache_key.data);
917 smb_fname_rel->base_name = orig_base_name;
918 errno = ENOMEM;
919 return -1;
920 }
921
922 if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) {
923 DBG_DEBUG("veto files rejecting last component %s\n",
924 smb_fname_str_dbg(smb_fname_rel));
925 TALLOC_FREE(cache_key.data);
926 smb_fname_rel->base_name = orig_base_name;
927 errno = EPERM;
928 return -1;
929 }
930
931 fd = SMB_VFS_OPENAT(conn, dirfsp, smb_fname_rel, fsp, how);
932 if (fd >= 0) {
933 TALLOC_FREE(cache_key.data);
934 return fd;
935 }
936
937 memcache_delete(NULL, GETREALFILENAME_CACHE, cache_key);
938
939 /*
940 * For the "new filename" case we need to preserve the
941 * capitalization the client sent us, see
942 * https://bugzilla.samba.org/show_bug.cgi?id=15481
943 */
944 TALLOC_FREE(smb_fname_rel->base_name);
945 smb_fname_rel->base_name = orig_base_name;
946
947 lookup:
948
949 status = get_real_filename_at(dirfsp,
950 orig_base_name,
951 mem_ctx,
952 &smb_fname_rel->base_name);
953 if (!NT_STATUS_IS_OK(status)) {
954 DBG_DEBUG("get_real_filename_at() failed: %s\n",
955 nt_errstr(status));
956 errno = ENOENT;
957 return -1;
958 }
959
960 if (IS_VETO_PATH(conn, smb_fname_rel->base_name)) {
961 DBG_DEBUG("found veto files path component "
962 "%s => %s\n",
963 orig_base_name,
964 smb_fname_rel->base_name);
965 TALLOC_FREE(smb_fname_rel->base_name);
966 smb_fname_rel->base_name = orig_base_name;
967 errno = ENOENT;
968 return -1;
969 }
970
971 fd = SMB_VFS_OPENAT(conn, dirfsp, smb_fname_rel, fsp, how);
972
973 if ((fd >= 0) && (cache_key.data != NULL)) {
974 DATA_BLOB value = {
975 .data = (uint8_t *)smb_fname_rel->base_name,
976 .length = strlen(smb_fname_rel->base_name) + 1,
977 };
978
979 memcache_add(NULL, GETREALFILENAME_CACHE, cache_key, value);
980 TALLOC_FREE(cache_key.data);
981 }
982
983 return fd;
984 }
985
986 NTSTATUS openat_pathref_fsp_nosymlink(
987 TALLOC_CTX *mem_ctx,
988 struct connection_struct *conn,
989 struct files_struct *in_dirfsp,
990 const char *path_in,
991 NTTIME twrp,
992 bool posix,
993 struct smb_filename **_smb_fname,
994 struct reparse_data_buffer **_symlink_err)
995 {
996 struct files_struct *dirfsp = in_dirfsp;
997 struct smb_filename full_fname = {
998 .base_name = NULL,
999 .twrp = twrp,
1000 .flags = posix ? SMB_FILENAME_POSIX_PATH : 0,
1001 };
1002 struct smb_filename rel_fname = {
1003 .base_name = NULL,
1004 .twrp = twrp,
1005 .flags = full_fname.flags,
1006 };
1007 struct smb_filename *result = NULL;
1008 struct reparse_data_buffer *symlink_err = NULL;
1009 struct files_struct *fsp = NULL;
1010 char *path = NULL, *next = NULL;
1011 bool ok, is_toplevel;
1012 int fd;
1013 NTSTATUS status;
1014 struct vfs_open_how how = {
1015 .flags = O_NOFOLLOW | O_NONBLOCK,
1016 .mode = 0,
1017 };
1018
1019 DBG_DEBUG("path_in=%s\n", path_in);
1020
1021 status = fsp_new(conn, conn, &fsp);
1022 if (!NT_STATUS_IS_OK(status)) {
1023 DBG_DEBUG("fsp_new() failed: %s\n", nt_errstr(status));
1024 goto fail;
1025 }
1026
1027 GetTimeOfDay(&fsp->open_time);
1028 fsp_set_gen_id(fsp);
1029 ZERO_STRUCT(conn->sconn->fsp_fi_cache);
1030
1031 fsp->fsp_name = &full_fname;
1032
1033 #ifdef O_PATH
1034 /*
1035 * Add O_PATH manually, doing this by setting
1036 * fsp->fsp_flags.is_pathref will make us become_root() in the
1037 * non-O_PATH case, which would cause a security problem.
1038 */
1039 how.flags |= O_PATH;
1040 #else
1041 #ifdef O_SEARCH
1042 /*
1043 * O_SEARCH just checks for the "x" bit. We are traversing
1044 * directories, so we don't need the implicit O_RDONLY ("r"
1045 * permissions) but only the "x"-permissions requested by
1046 * O_SEARCH. We need either O_PATH or O_SEARCH to correctly
1047 * function, without either we will incorrectly require also
1048 * the "r" bit when traversing the directory hierarchy.
1049 */
1050 how.flags |= O_SEARCH;
1051 #endif
1052 #endif
1053
1054 is_toplevel = (dirfsp == dirfsp->conn->cwd_fsp);
1055 is_toplevel |= ISDOT(dirfsp->fsp_name->base_name);
1056
1057 full_fname.base_name =
1058 talloc_strdup(talloc_tos(),
1059 is_toplevel ? "" : dirfsp->fsp_name->base_name);
1060 if (full_fname.base_name == NULL) {
1061 DBG_DEBUG("talloc_strdup() failed\n");
1062 goto nomem;
1063 }
1064
1065 /*
1066 * First split the path into individual components.
1067 */
1068 path = path_to_strv(talloc_tos(), path_in);
1069 if (path == NULL) {
1070 DBG_DEBUG("path_to_strv() failed\n");
1071 goto nomem;
1072 }
1073
1074 /*
1075 * First we loop over all components
1076 * in order to verify, there's no '.' or '..'
1077 */
1078 rel_fname.base_name = path;
1079 while (rel_fname.base_name != NULL) {
1080
1081 next = strv_next(path, rel_fname.base_name);
1082
1083 /*
1084 * Path sanitizing further up has cleaned or rejected
1085 * empty path components. Assert this here.
1086 */
1087 SMB_ASSERT(rel_fname.base_name[0] != '\0');
1088
1089 if (ISDOT(rel_fname.base_name) ||
1090 ISDOTDOT(rel_fname.base_name)) {
1091 DBG_DEBUG("%s contains a dot\n", path_in);
1092 status = NT_STATUS_OBJECT_NAME_INVALID;
1093 goto fail;
1094 }
1095
1096 /* Check veto files. */
1097 if (IS_VETO_PATH(conn, rel_fname.base_name)) {
1098 DBG_DEBUG("%s contains veto files path component %s\n",
1099 path_in, rel_fname.base_name);
1100 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
1101 goto fail;
1102 }
1103
1104 rel_fname.base_name = next;
1105 }
1106
1107 if (conn->open_how_resolve & VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS) {
1108
1109 /*
1110 * Try a direct openat2 with RESOLVE_NO_SYMLINKS to
1111 * avoid the openat/close loop further down.
1112 */
1113
1114 rel_fname.base_name = discard_const_p(char, path_in);
1115 how.resolve = VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS;
1116
1117 fd = SMB_VFS_OPENAT(conn, dirfsp, &rel_fname, fsp, &how);
1118 if (fd >= 0) {
1119 fsp_set_fd(fsp, fd);
1120 ok = full_path_extend(&full_fname.base_name,
1121 rel_fname.base_name);
1122 if (!ok) {
1123 goto nomem;
1124 }
1125 goto done;
1126 }
1127
1128 status = map_nt_error_from_unix(errno);
1129 DBG_DEBUG("SMB_VFS_OPENAT(%s, %s, RESOLVE_NO_SYMLINKS) "
1130 "returned %d %s => %s\n",
1131 smb_fname_str_dbg(dirfsp->fsp_name), path_in,
1132 errno, strerror(errno), nt_errstr(status));
1133 SMB_ASSERT(fd == -1);
1134 switch (errno) {
1135 case ENOSYS:
1136 /*
1137 * We got ENOSYS, so fallback to the old code
1138 * if the kernel doesn't support openat2() yet.
1139 */
1140 break;
1141
1142 case ELOOP:
1143 case ENOTDIR:
1144 /*
1145 * For ELOOP we also fallback in order to
1146 * return the correct information with
1147 * NT_STATUS_STOPPED_ON_SYMLINK.
1148 *
1149 * O_NOFOLLOW|O_DIRECTORY results in
1150 * ENOTDIR instead of ELOOP for the final
1151 * component.
1152 */
1153 break;
1154
1155 case ENOENT:
1156 /*
1157 * If we got ENOENT, the filesystem could
1158 * be case sensitive. For now we only do
1159 * the get_real_filename_at() dance in
1160 * the fallback loop below.
1161 */
1162 break;
1163
1164 default:
1165 goto fail;
1166 }
1167
1168 /*
1169 * Just fallback to the openat loop
1170 */
1171 how.resolve = 0;
1172 }
1173
1174 /*
1175 * Now we loop over all components
1176 * opening each one and using it
1177 * as dirfd for the next one.
1178 *
1179 * It means we can detect symlinks
1180 * within the path.
1181 */
1182 rel_fname.base_name = path;
1183 next:
1184 next = strv_next(path, rel_fname.base_name);
1185
1186 fd = smb_vfs_openat_ci(talloc_tos(),
1187 posix || conn->case_sensitive,
1188 conn,
1189 dirfsp,
1190 &rel_fname,
1191 fsp,
1192 &how);
1193
1194 #ifndef O_PATH
1195 if ((fd == -1) && (errno == ELOOP)) {
1196 int ret;
1197
1198 /*
1199 * openat() hit a symlink. With O_PATH we open the
1200 * symlink and get ENOTDIR in the next round, see
1201 * below.
1202 */
1203
1204 status = read_symlink_reparse(mem_ctx,
1205 dirfsp,
1206 &rel_fname,
1207 &symlink_err);
1208 if (!NT_STATUS_IS_OK(status)) {
1209 DBG_DEBUG("read_symlink_reparse failed: %s\n",
1210 nt_errstr(status));
1211 goto fail;
1212 }
1213
1214 if (next != NULL) {
1215 size_t parsed = next - path;
1216 size_t len = talloc_get_size(path);
1217 size_t unparsed = len - parsed;
1218
1219 if (unparsed > UINT16_MAX) {
1220 status = NT_STATUS_BUFFER_OVERFLOW;
1221 goto fail;
1222 }
1223 symlink_err->parsed.lnk
1224 .unparsed_path_length = unparsed;
1225 }
1226
1227 /*
1228 * We know rel_fname is a symlink, now fill in the
1229 * rest of the metadata for our callers.
1230 */
1231
1232 ret = SMB_VFS_FSTATAT(conn,
1233 dirfsp,
1234 &rel_fname,
1235 &full_fname.st,
1236 AT_SYMLINK_NOFOLLOW);
1237 if (ret == -1) {
1238 status = map_nt_error_from_unix(errno);
1239 DBG_DEBUG("SMB_VFS_FSTATAT(%s/%s) failed: %s\n",
1240 fsp_str_dbg(dirfsp),
1241 rel_fname.base_name,
1242 strerror(errno));
1243 TALLOC_FREE(symlink_err);
1244 goto fail;
1245 }
1246
1247 if (!S_ISLNK(full_fname.st.st_ex_mode)) {
1248 /*
1249 * Hit a race: readlink_talloc() worked before
1250 * the fstatat(), but rel_fname changed to
1251 * something that's not a symlink.
1252 */
1253 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
1254 TALLOC_FREE(symlink_err);
1255 goto fail;
1256 }
1257
1258 status = NT_STATUS_STOPPED_ON_SYMLINK;
1259 goto fail;
1260 }
1261 #endif
1262
1263 if ((fd == -1) && (errno == ENOTDIR)) {
1264 size_t parsed, len, unparsed;
1265
1266 /*
1267 * dirfsp does not point at a directory, try a
1268 * freadlink.
1269 */
1270
1271 status = read_symlink_reparse(mem_ctx,
1272 dirfsp,
1273 NULL,
1274 &symlink_err);
1275
1276 if (!NT_STATUS_IS_OK(status)) {
1277 DBG_DEBUG("read_symlink_reparse failed: %s\n",
1278 nt_errstr(status));
1279 status = NT_STATUS_NOT_A_DIRECTORY;
1280 goto fail;
1281 }
1282
1283 parsed = rel_fname.base_name - path;
1284 len = talloc_get_size(path);
1285 unparsed = len - parsed;
1286
1287 if (unparsed > UINT16_MAX) {
1288 status = NT_STATUS_BUFFER_OVERFLOW;
1289 goto fail;
1290 }
1291
1292 symlink_err->parsed.lnk.unparsed_path_length = unparsed;
1293
1294 status = NT_STATUS_STOPPED_ON_SYMLINK;
1295 goto fail;
1296 }
1297
1298 if (fd == -1) {
1299 /*
1300 * vfs_widelink widelink_openat will update stat for fsp
1301 * and return ELOOP for non-existing link, we can report
1302 * the link here and let calling code decide what to do.
1303 */
1304 if ((errno == ELOOP) && S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
1305 status = read_symlink_reparse(mem_ctx,
1306 dirfsp,
1307 &rel_fname,
1308 &symlink_err);
1309 if (NT_STATUS_IS_OK(status)) {
1310 status = NT_STATUS_STOPPED_ON_SYMLINK;
1311 } else {
1312 DBG_ERR("read_symlink_reparse failed: %s\n",
1313 nt_errstr(status));
1314 }
1315 goto fail;
1316 }
1317 status = map_nt_error_from_unix(errno);
1318 DBG_DEBUG("SMB_VFS_OPENAT() failed: %s\n",
1319 strerror(errno));
1320 goto fail;
1321 }
1322 fsp_set_fd(fsp, fd);
1323
1324 ok = full_path_extend(&full_fname.base_name, rel_fname.base_name);
1325 if (!ok) {
1326 goto nomem;
1327 }
1328
1329 if (next != NULL) {
1330 struct files_struct *tmp = NULL;
1331
1332 if (dirfsp != in_dirfsp) {
1333 fd_close(dirfsp);
1334 }
1335
1336 tmp = dirfsp;
1337 dirfsp = fsp;
1338
1339 if (tmp == in_dirfsp) {
1340 status = fsp_new(conn, conn, &fsp);
1341 if (!NT_STATUS_IS_OK(status)) {
1342 DBG_DEBUG("fsp_new() failed: %s\n",
1343 nt_errstr(status));
1344 goto fail;
1345 }
1346 fsp->fsp_name = &full_fname;
1347 } else {
1348 fsp = tmp;
1349 }
1350
1351 rel_fname.base_name = next;
1352
1353 goto next;
1354 }
1355
1356 if (dirfsp != in_dirfsp) {
1357 SMB_ASSERT(fsp_get_pathref_fd(dirfsp) != -1);
1358 fd_close(dirfsp);
1359 dirfsp->fsp_name = NULL;
1360 file_free(NULL, dirfsp);
1361 dirfsp = NULL;
1362 }
1363
1364 done:
1365 fsp->fsp_flags.is_pathref = true;
1366 fsp->fsp_name = NULL;
1367
1368 status = fsp_set_smb_fname(fsp, &full_fname);
1369 if (!NT_STATUS_IS_OK(status)) {
1370 DBG_DEBUG("fsp_set_smb_fname() failed: %s\n",
1371 nt_errstr(status));
1372 goto fail;
1373 }
1374
1375 status = vfs_stat_fsp(fsp);
1376 if (!NT_STATUS_IS_OK(status)) {
1377 DBG_DEBUG("vfs_stat_fsp(%s) failed: %s\n",
1378 fsp_str_dbg(fsp),
1379 nt_errstr(status));
1380 goto fail;
1381 }
1382
1383 if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
1384 /*
1385 * Last component was a symlink we opened with O_PATH, fail it
1386 * here.
1387 */
1388 status = read_symlink_reparse(mem_ctx,
1389 fsp,
1390 NULL,
1391 &symlink_err);
1392 if (!NT_STATUS_IS_OK(status)) {
1393 return status;
1394 }
1395
1396 status = NT_STATUS_STOPPED_ON_SYMLINK;
1397 goto fail;
1398 }
1399
1400 /*
1401 * We must correctly set fsp->file_id as code inside
1402 * open.c will use this to check if delete_on_close
1403 * has been set on the dirfsp.
1404 */
1405 fsp->file_id = vfs_file_id_from_sbuf(conn, &fsp->fsp_name->st);
1406
1407 result = cp_smb_filename(mem_ctx, fsp->fsp_name);
1408 if (result == NULL) {
1409 DBG_DEBUG("cp_smb_filename() failed\n");
1410 goto nomem;
1411 }
1412
1413 status = fsp_smb_fname_link(fsp,
1414 &result->fsp_link,
1415 &result->fsp);
1416 if (!NT_STATUS_IS_OK(status)) {
1417 goto fail;
1418 }
1419 talloc_set_destructor(result, smb_fname_fsp_destructor);
1420
1421 *_smb_fname = result;
1422
1423 DBG_DEBUG("returning %s\n", smb_fname_str_dbg(result));
1424
1425 return NT_STATUS_OK;
1426
1427 nomem:
1428 status = NT_STATUS_NO_MEMORY;
1429 fail:
1430 if (fsp != NULL) {
1431 if (fsp_get_pathref_fd(fsp) != -1) {
1432 fd_close(fsp);
1433 }
1434 file_free(NULL, fsp);
1435 fsp = NULL;
1436 }
1437
1438 if ((dirfsp != NULL) && (dirfsp != in_dirfsp)) {
1439 SMB_ASSERT(fsp_get_pathref_fd(dirfsp) != -1);
1440 fd_close(dirfsp);
1441 dirfsp->fsp_name = NULL;
1442 file_free(NULL, dirfsp);
1443 dirfsp = NULL;
1444 }
1445
1446 if (NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK)) {
1447 *_symlink_err = symlink_err;
1448 }
1449
1450 TALLOC_FREE(path);
1451 return status;
1452 }
1453
1454 /*
1455 * Open smb_fname_rel->fsp as a pathref fsp with a case insensitive
1456 * fallback using GETREALFILENAME_CACHE and get_real_filename_at() if
1457 * the first attempt based on the filename sent by the client gives
1458 * ENOENT.
1459 */
1460 NTSTATUS openat_pathref_fsp_lcomp(struct files_struct *dirfsp,
1461 struct smb_filename *smb_fname_rel,
1462 uint32_t ucf_flags)
1463 {
1464 struct connection_struct *conn = dirfsp->conn;
1465 const char *orig_rel_base_name = smb_fname_rel->base_name;
1466 struct files_struct *fsp = NULL;
1467 struct smb_filename *full_fname = NULL;
1468 struct vfs_open_how how = {
1469 .flags = O_RDONLY | O_NONBLOCK | O_NOFOLLOW,
1470 };
1471 NTSTATUS status;
1472 int ret, fd;
1473
1474 /*
1475 * Make sure we don't need of the all the magic in
1476 * openat_pathref_fsp() with regards non_widelink_open etc.
1477 */
1478
1479 SMB_ASSERT((smb_fname_rel->fsp == NULL) &&
1480 (dirfsp != dirfsp->conn->cwd_fsp) &&
1481 (strchr_m(smb_fname_rel->base_name, '/') == NULL) &&
1482 !is_named_stream(smb_fname_rel));
1483
1484 SET_STAT_INVALID(smb_fname_rel->st);
1485
1486 /* Check veto files - only looks at last component. */
1487 if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) {
1488 DBG_DEBUG("veto files rejecting last component %s\n",
1489 smb_fname_str_dbg(smb_fname_rel));
1490 return NT_STATUS_NETWORK_OPEN_RESTRICTION;
1491 }
1492
1493 status = fsp_new(conn, conn, &fsp);
1494 if (!NT_STATUS_IS_OK(status)) {
1495 DBG_DEBUG("fsp_new() failed: %s\n", nt_errstr(status));
1496 return status;
1497 }
1498
1499 GetTimeOfDay(&fsp->open_time);
1500 fsp_set_gen_id(fsp);
1501 ZERO_STRUCT(conn->sconn->fsp_fi_cache);
1502
1503 fsp->fsp_flags.is_pathref = true;
1504
1505 full_fname = full_path_from_dirfsp_atname(conn, dirfsp, smb_fname_rel);
1506 if (full_fname == NULL) {
1507 DBG_DEBUG("full_path_from_dirfsp_atname(%s/%s) failed\n",
1508 dirfsp->fsp_name->base_name,
1509 smb_fname_rel->base_name);
1510 file_free(NULL, fsp);
1511 return NT_STATUS_NO_MEMORY;
1512 }
1513
1514 status = fsp_attach_smb_fname(fsp, &full_fname);
1515 if (!NT_STATUS_IS_OK(status)) {
1516 DBG_DEBUG("fsp_attach_smb_fname(fsp, %s) failed: %s\n",
1517 smb_fname_str_dbg(full_fname),
1518 nt_errstr(status));
1519 file_free(NULL, fsp);
1520 return status;
1521 }
1522
1523 fd = smb_vfs_openat_ci(smb_fname_rel,
1524 (ucf_flags & UCF_POSIX_PATHNAMES) ||
1525 conn->case_sensitive,
1526 conn,
1527 dirfsp,
1528 smb_fname_rel,
1529 fsp,
1530 &how);
1531
1532 if ((fd == -1) && (errno == ENOENT)) {
1533 status = map_nt_error_from_unix(errno);
1534 DBG_DEBUG("smb_vfs_openat(%s/%s) failed: %s\n",
1535 dirfsp->fsp_name->base_name,
1536 smb_fname_rel->base_name,
1537 strerror(errno));
1538 file_free(NULL, fsp);
1539 return status;
1540 }
1541
1542 if (smb_fname_rel->base_name != orig_rel_base_name) {
1543 struct smb_filename new_fullname = *smb_fname_rel;
1544
1545 DBG_DEBUG("rel->base_name changed from %s to %s\n",
1546 orig_rel_base_name,
1547 smb_fname_rel->base_name);
1548
1549 new_fullname.base_name = full_path_from_dirfsp_at_basename(
1550 talloc_tos(), dirfsp, new_fullname.base_name);
1551 if (new_fullname.base_name == NULL) {
1552 fd_close(fsp);
1553 file_free(NULL, fsp);
1554 return NT_STATUS_NO_MEMORY;
1555 }
1556
1557 status = fsp_set_smb_fname(fsp, &new_fullname);
1558 if (!NT_STATUS_IS_OK(status)) {
1559 fd_close(fsp);
1560 file_free(NULL, fsp);
1561 return status;
1562 }
1563 }
1564
1565 fsp_set_fd(fsp, fd);
1566
1567 if (fd >= 0) {
1568 ret = SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st);
1569 } else {
1570 ret = SMB_VFS_FSTATAT(fsp->conn,
1571 dirfsp,
1572 smb_fname_rel,
1573 &fsp->fsp_name->st,
1574 AT_SYMLINK_NOFOLLOW);
1575 }
1576 if (ret == -1) {
1577 status = map_nt_error_from_unix(errno);
1578 DBG_DEBUG("SMB_VFS_%sSTAT(%s/%s) failed: %s\n",
1579 (fd >= 0) ? "F" : "",
1580 dirfsp->fsp_name->base_name,
1581 smb_fname_rel->base_name,
1582 strerror(errno));
1583 fd_close(fsp);
1584 file_free(NULL, fsp);
1585 return status;
1586 }
1587
1588 fsp->fsp_flags.is_directory = S_ISDIR(fsp->fsp_name->st.st_ex_mode);
1589 fsp->file_id = vfs_file_id_from_sbuf(conn, &fsp->fsp_name->st);
1590
1591 smb_fname_rel->st = fsp->fsp_name->st;
1592
1593 status = fsp_smb_fname_link(fsp,
1594 &smb_fname_rel->fsp_link,
1595 &smb_fname_rel->fsp);
1596 if (!NT_STATUS_IS_OK(status)) {
1597 DBG_DEBUG("fsp_smb_fname_link() failed: %s\n",
1598 nt_errstr(status));
1599 fd_close(fsp);
1600 file_free(NULL, fsp);
1601 return status;
1602 }
1603
1604 DBG_DEBUG("fsp [%s]: OK, fd=%d\n", fsp_str_dbg(fsp), fd);
1605
1606 talloc_set_destructor(smb_fname_rel, smb_fname_fsp_destructor);
1607 return NT_STATUS_OK;
1608 }
1609
1610 void smb_fname_fsp_unlink(struct smb_filename *smb_fname)
1611 {
1612 talloc_set_destructor(smb_fname, NULL);
1613 smb_fname->fsp = NULL;
1614 destroy_fsp_smb_fname_link(&smb_fname->fsp_link);
1615 }
1616
1617 /*
1618 * Move any existing embedded fsp refs from the src name to the
1619 * destination. It's safe to call this on src smb_fname's that have no embedded
1620 * pathref fsp.
1621 */
1622 NTSTATUS move_smb_fname_fsp_link(struct smb_filename *smb_fname_dst,
1623 struct smb_filename *smb_fname_src)
1624 {
1625 NTSTATUS status;
1626
1627 /*
1628 * The target should always not be linked yet!
1629 */
1630 SMB_ASSERT(smb_fname_dst->fsp == NULL);
1631 SMB_ASSERT(smb_fname_dst->fsp_link == NULL);
1632
1633 if (smb_fname_src->fsp == NULL) {
1634 return NT_STATUS_OK;
1635 }
1636
1637 status = fsp_smb_fname_link(smb_fname_src->fsp,
1638 &smb_fname_dst->fsp_link,
1639 &smb_fname_dst->fsp);
1640 if (!NT_STATUS_IS_OK(status)) {
1641 return status;
1642 }
1643
1644 talloc_set_destructor(smb_fname_dst, smb_fname_fsp_destructor);
1645
1646 smb_fname_fsp_unlink(smb_fname_src);
1647
1648 return NT_STATUS_OK;
1649 }
1650
1651 static int fsp_ref_no_close_destructor(struct smb_filename *smb_fname)
1652 {
1653 destroy_fsp_smb_fname_link(&smb_fname->fsp_link);
1654 return 0;
1655 }
1656
1657 NTSTATUS reference_smb_fname_fsp_link(struct smb_filename *smb_fname_dst,
1658 const struct smb_filename *smb_fname_src)
1659 {
1660 NTSTATUS status;
1661
1662 /*
1663 * The target should always not be linked yet!
1664 */
1665 SMB_ASSERT(smb_fname_dst->fsp == NULL);
1666 SMB_ASSERT(smb_fname_dst->fsp_link == NULL);
1667
1668 if (smb_fname_src->fsp == NULL) {
1669 return NT_STATUS_OK;
1670 }
1671
1672 status = fsp_smb_fname_link(smb_fname_src->fsp,
1673 &smb_fname_dst->fsp_link,
1674 &smb_fname_dst->fsp);
1675 if (!NT_STATUS_IS_OK(status)) {
1676 return status;
1677 }
1678
1679 talloc_set_destructor(smb_fname_dst, fsp_ref_no_close_destructor);
1680
1681 return NT_STATUS_OK;
1682 }
1683
1684 /**
1685 * Create an smb_fname and open smb_fname->fsp pathref
1686 **/
1687 NTSTATUS synthetic_pathref(TALLOC_CTX *mem_ctx,
1688 struct files_struct *dirfsp,
1689 const char *base_name,
1690 const char *stream_name,
1691 const SMB_STRUCT_STAT *psbuf,
1692 NTTIME twrp,
1693 uint32_t flags,
1694 struct smb_filename **_smb_fname)
1695 {
1696 struct smb_filename *smb_fname = NULL;
1697 NTSTATUS status;
1698
1699 smb_fname = synthetic_smb_fname(mem_ctx,
1700 base_name,
1701 stream_name,
1702 psbuf,
1703 twrp,
1704 flags);
1705 if (smb_fname == NULL) {
1706 return NT_STATUS_NO_MEMORY;
1707 }
1708
1709 status = openat_pathref_fsp(dirfsp, smb_fname);
1710 if (!NT_STATUS_IS_OK(status)) {
1711 DBG_NOTICE("opening [%s] failed\n",
1712 smb_fname_str_dbg(smb_fname));
1713 TALLOC_FREE(smb_fname);
1714 return status;
1715 }
1716
1717 *_smb_fname = smb_fname;
1718 return NT_STATUS_OK;
1719 }
1720
1721 /**
1722 * Turn a path into a parent pathref and atname
1723 *
1724 * This returns the parent pathref in _parent and the name relative to it. If
1725 * smb_fname was a pathref (ie smb_fname->fsp != NULL), then _atname will be a
1726 * pathref as well, ie _atname->fsp will point at the same fsp as
1727 * smb_fname->fsp.
1728 **/
1729 NTSTATUS parent_pathref(TALLOC_CTX *mem_ctx,
1730 struct files_struct *dirfsp,
1731 const struct smb_filename *smb_fname,
1732 struct smb_filename **_parent,
1733 struct smb_filename **_atname)
1734 {
1735 struct smb_filename *parent = NULL;
1736 struct smb_filename *atname = NULL;
1737 NTSTATUS status;
1738
1739 status = SMB_VFS_PARENT_PATHNAME(dirfsp->conn,
1740 mem_ctx,
1741 smb_fname,
1742 &parent,
1743 &atname);
1744 if (!NT_STATUS_IS_OK(status)) {
1745 return status;
1746 }
1747
1748 /*
1749 * We know that the parent name must
1750 * exist, and the name has been canonicalized
1751 * even if this was a POSIX pathname.
1752 * Ensure that we follow symlinks for
1753 * the parent. See the torture test
1754 * POSIX-SYMLINK-PARENT for details.
1755 */
1756 parent->flags &= ~SMB_FILENAME_POSIX_PATH;
1757
1758 status = openat_pathref_fsp(dirfsp, parent);
1759 if (!NT_STATUS_IS_OK(status)) {
1760 TALLOC_FREE(parent);
1761 return status;
1762 }
1763
1764 status = reference_smb_fname_fsp_link(atname, smb_fname);
1765 if (!NT_STATUS_IS_OK(status)) {
1766 TALLOC_FREE(parent);
1767 return status;
1768 }
1769
1770 *_parent = parent;
1771 *_atname = atname;
1772 return NT_STATUS_OK;
1773 }
1774
1775 static bool close_file_in_loop(struct files_struct *fsp,
1776 enum file_close_type close_type)
1777 {
1778 if (fsp_is_alternate_stream(fsp)) {
1779 /*
1780 * This is a stream, it can't be a base
1781 */
1782 SMB_ASSERT(fsp->stream_fsp == NULL);
1783 SMB_ASSERT(fsp->base_fsp->stream_fsp == fsp);
1784
1785 /*
1786 * Remove the base<->stream link so that
1787 * close_file_free() does not close fsp->base_fsp as
1788 * well. This would destroy walking the linked list of
1789 * fsps.
1790 */
1791 fsp->base_fsp->stream_fsp = NULL;
1792 fsp->base_fsp = NULL;
1793
1794 close_file_free(NULL, &fsp, close_type);
1795 return NULL;
1796 }
1797
1798 if (fsp->stream_fsp != NULL) {
1799 /*
1800 * This is the base of a stream.
1801 */
1802 SMB_ASSERT(fsp->stream_fsp->base_fsp == fsp);
1803
1804 /*
1805 * Remove the base<->stream link. This will make fsp
1806 * look like a normal fsp for the next round.
1807 */
1808 fsp->stream_fsp->base_fsp = NULL;
1809 fsp->stream_fsp = NULL;
1810
1811 /*
1812 * Have us called back a second time. In the second
1813 * round, "fsp" now looks like a normal fsp.
1814 */
1815 return false;
1816 }
1817
1818 close_file_free(NULL, &fsp, close_type);
1819 return true;
1820 }
1821
1822 /****************************************************************************
1823 Close all open files for a connection.
1824 ****************************************************************************/
1825
1826 struct file_close_conn_state {
1827 struct connection_struct *conn;
1828 enum file_close_type close_type;
1829 bool fsp_left_behind;
1830 };
1831
1832 static struct files_struct *file_close_conn_fn(
1833 struct files_struct *fsp,
1834 void *private_data)
1835 {
1836 struct file_close_conn_state *state = private_data;
1837 bool did_close;
1838
1839 if (fsp->conn != state->conn) {
1840 return NULL;
1841 }
1842
1843 if (fsp->op != NULL && fsp->op->global->durable) {
1844 /*
1845 * A tree disconnect closes a durable handle
1846 */
1847 fsp->op->global->durable = false;
1848 }
1849
1850 did_close = close_file_in_loop(fsp, state->close_type);
1851 if (!did_close) {
1852 state->fsp_left_behind = true;
1853 }
1854
1855 return NULL;
1856 }
1857
1858 void file_close_conn(connection_struct *conn, enum file_close_type close_type)
1859 {
1860 struct file_close_conn_state state = { .conn = conn,
1861 .close_type = close_type };
1862
1863 files_forall(conn->sconn, file_close_conn_fn, &state);
1864
1865 if (state.fsp_left_behind) {
1866 state.fsp_left_behind = false;
1867 files_forall(conn->sconn, file_close_conn_fn, &state);
1868 SMB_ASSERT(!state.fsp_left_behind);
1869 }
1870 }
1871
1872 /****************************************************************************
1873 Initialise file structures.
1874 ****************************************************************************/
1875
1876 static int files_max_open_fds;
1877
1878 bool file_init_global(void)
1879 {
1880 int request_max = lp_max_open_files();
1881 int real_lim;
1882 int real_max;
1883
1884 if (files_max_open_fds != 0) {
1885 return true;
1886 }
1887
1888 /*
1889 * Set the max_open files to be the requested
1890 * max plus a fudgefactor to allow for the extra
1891 * fd's we need such as log files etc...
1892 */
1893 real_lim = set_maxfiles(request_max + MAX_OPEN_FUDGEFACTOR);
1894
1895 real_max = real_lim - MAX_OPEN_FUDGEFACTOR;
1896
1897 if (real_max + FILE_HANDLE_OFFSET + MAX_OPEN_PIPES > 65536) {
1898 real_max = 65536 - FILE_HANDLE_OFFSET - MAX_OPEN_PIPES;
1899 }
1900
1901 if (real_max != request_max) {
1902 DEBUG(1, ("file_init_global: Information only: requested %d "
1903 "open files, %d are available.\n",
1904 request_max, real_max));
1905 }
1906
1907 SMB_ASSERT(real_max > 100);
1908
1909 files_max_open_fds = real_max;
1910 return true;
1911 }
1912
1913 bool file_init(struct smbd_server_connection *sconn)
1914 {
1915 bool ok;
1916
1917 ok = file_init_global();
1918 if (!ok) {
1919 return false;
1920 }
1921
1922 sconn->real_max_open_files = files_max_open_fds;
1923
1924 return true;
1925 }
1926
1927 /****************************************************************************
1928 Close files open by a specified vuid.
1929 ****************************************************************************/
1930
1931 struct file_close_user_state {
1932 uint64_t vuid;
1933 bool fsp_left_behind;
1934 };
1935
1936 static struct files_struct *file_close_user_fn(
1937 struct files_struct *fsp,
1938 void *private_data)
1939 {
1940 struct file_close_user_state *state = private_data;
1941 bool did_close;
1942
1943 if (fsp->vuid != state->vuid) {
1944 return NULL;
1945 }
1946
1947 did_close = close_file_in_loop(fsp, SHUTDOWN_CLOSE);
1948 if (!did_close) {
1949 state->fsp_left_behind = true;
1950 }
1951
1952 return NULL;
1953 }
1954
1955 void file_close_user(struct smbd_server_connection *sconn, uint64_t vuid)
1956 {
1957 struct file_close_user_state state = { .vuid = vuid };
1958
1959 files_forall(sconn, file_close_user_fn, &state);
1960
1961 if (state.fsp_left_behind) {
1962 state.fsp_left_behind = false;
1963 files_forall(sconn, file_close_user_fn, &state);
1964 SMB_ASSERT(!state.fsp_left_behind);
1965 }
1966 }
1967
1968 /*
1969 * Walk the files table until "fn" returns non-NULL
1970 */
1971
1972 struct files_struct *files_forall(
1973 struct smbd_server_connection *sconn,
1974 struct files_struct *(*fn)(struct files_struct *fsp,
1975 void *private_data),
1976 void *private_data)
1977 {
1978 struct files_struct *fsp, *next;
1979
1980 for (fsp = sconn->files; fsp; fsp = next) {
1981 struct files_struct *ret;
1982 next = fsp->next;
1983 ret = fn(fsp, private_data);
1984 if (ret != NULL) {
1985 return ret;
1986 }
1987 }
1988 return NULL;
1989 }
1990
1991 /****************************************************************************
1992 Find a fsp given a file descriptor.
1993 ****************************************************************************/
1994
1995 files_struct *file_find_fd(struct smbd_server_connection *sconn, int fd)
1996 {
1997 int count=0;
1998 files_struct *fsp;
1999
2000 for (fsp=sconn->files; fsp; fsp=fsp->next,count++) {
2001 if (fsp_get_pathref_fd(fsp) == fd) {
2002 if (count > 10) {
2003 DLIST_PROMOTE(sconn->files, fsp);
2004 }
2005 return fsp;
2006 }
2007 }
2008
2009 return NULL;
2010 }
2011
2012 /****************************************************************************
2013 Find a fsp given a device, inode and file_id.
2014 ****************************************************************************/
2015
2016 files_struct *file_find_dif(struct smbd_server_connection *sconn,
2017 struct file_id id, unsigned long gen_id)
2018 {
2019 int count=0;
2020 files_struct *fsp;
2021
2022 if (gen_id == 0) {
2023 return NULL;
2024 }
2025
2026 for (fsp = sconn->files; fsp; fsp = fsp->next,count++) {
2027 /*
2028 * We can have a fsp->fh->fd == -1 here as it could be a stat
2029 * open.
2030 */
2031 if (!file_id_equal(&fsp->file_id, &id)) {
2032 continue;
2033 }
2034 if (!fsp->fsp_flags.is_fsa) {
2035 continue;
2036 }
2037 if (fh_get_gen_id(fsp->fh) != gen_id) {
2038 continue;
2039 }
2040 if (count > 10) {
2041 DLIST_PROMOTE(sconn->files, fsp);
2042 }
2043 return fsp;
2044 }
2045
2046 return NULL;
2047 }
2048
2049 /****************************************************************************
2050 Find the first fsp given a device and inode.
2051 We use a singleton cache here to speed up searching from getfilepathinfo
2052 calls.
2053 ****************************************************************************/
2054
2055 files_struct *file_find_di_first(struct smbd_server_connection *sconn,
2056 struct file_id id,
2057 bool need_fsa)
2058 {
2059 files_struct *fsp;
2060
2061 if (file_id_equal(&sconn->fsp_fi_cache.id, &id)) {
2062 /* Positive or negative cache hit. */
2063 return sconn->fsp_fi_cache.fsp;
2064 }
2065
2066 sconn->fsp_fi_cache.id = id;
2067
2068 for (fsp=sconn->files;fsp;fsp=fsp->next) {
2069 if (need_fsa && !fsp->fsp_flags.is_fsa) {
2070 continue;
2071 }
2072 if (file_id_equal(&fsp->file_id, &id)) {
2073 /* Setup positive cache. */
2074 sconn->fsp_fi_cache.fsp = fsp;
2075 return fsp;
2076 }
2077 }
2078
2079 /* Setup negative cache. */
2080 sconn->fsp_fi_cache.fsp = NULL;
2081 return NULL;
2082 }
2083
2084 /****************************************************************************
2085 Find the next fsp having the same device and inode.
2086 ****************************************************************************/
2087
2088 files_struct *file_find_di_next(files_struct *start_fsp,
2089 bool need_fsa)
2090 {
2091 files_struct *fsp;
2092
2093 for (fsp = start_fsp->next;fsp;fsp=fsp->next) {
2094 if (need_fsa && !fsp->fsp_flags.is_fsa) {
2095 continue;
2096 }
2097 if (file_id_equal(&fsp->file_id, &start_fsp->file_id)) {
2098 return fsp;
2099 }
2100 }
2101
2102 return NULL;
2103 }
2104
2105 struct files_struct *file_find_one_fsp_from_lease_key(
2106 struct smbd_server_connection *sconn,
2107 const struct smb2_lease_key *lease_key)
2108 {
2109 struct files_struct *fsp;
2110
2111 for (fsp = sconn->files; fsp; fsp=fsp->next) {
2112 if ((fsp->lease != NULL) &&
2113 (fsp->lease->lease.lease_key.data[0] ==
2114 lease_key->data[0]) &&
2115 (fsp->lease->lease.lease_key.data[1] ==
2116 lease_key->data[1])) {
2117 return fsp;
2118 }
2119 }
2120 return NULL;
2121 }
2122
2123 /****************************************************************************
2124 Find any fsp open with a pathname below that of an already open path.
2125 ****************************************************************************/
2126
2127 bool file_find_subpath(files_struct *dir_fsp)
2128 {
2129 files_struct *fsp;
2130 size_t dlen;
2131 char *d_fullname = NULL;
2132
2133 d_fullname = talloc_asprintf(talloc_tos(), "%s/%s",
2134 dir_fsp->conn->connectpath,
2135 dir_fsp->fsp_name->base_name);
2136
2137 if (!d_fullname) {
2138 return false;
2139 }
2140
2141 dlen = strlen(d_fullname);
2142
2143 for (fsp=dir_fsp->conn->sconn->files; fsp; fsp=fsp->next) {
2144 char *d1_fullname;
2145
2146 if (fsp == dir_fsp) {
2147 continue;
2148 }
2149
2150 d1_fullname = talloc_asprintf(talloc_tos(),
2151 "%s/%s",
2152 fsp->conn->connectpath,
2153 fsp->fsp_name->base_name);
2154
2155 /*
2156 * If the open file has a path that is a longer
2157 * component, then it's a subpath.
2158 */
2159 if (strnequal(d_fullname, d1_fullname, dlen) &&
2160 (d1_fullname[dlen] == '/')) {
2161 TALLOC_FREE(d1_fullname);
2162 TALLOC_FREE(d_fullname);
2163 return true;
2164 }
2165 TALLOC_FREE(d1_fullname);
2166 }
2167
2168 TALLOC_FREE(d_fullname);
2169 return false;
2170 }
2171
2172 /****************************************************************************
2173 Free up a fsp.
2174 ****************************************************************************/
2175
2176 static void fsp_free(files_struct *fsp)
2177 {
2178 struct smbd_server_connection *sconn = fsp->conn->sconn;
2179
2180 if (fsp == sconn->fsp_fi_cache.fsp) {
2181 ZERO_STRUCT(sconn->fsp_fi_cache);
2182 }
2183
2184 DLIST_REMOVE(sconn->files, fsp);
2185 SMB_ASSERT(sconn->num_files > 0);
2186 sconn->num_files--;
2187
2188 TALLOC_FREE(fsp->fake_file_handle);
2189
2190 if (fh_get_refcount(fsp->fh) == 1) {
2191 TALLOC_FREE(fsp->fh);
2192 } else {
2193 size_t new_refcount = fh_get_refcount(fsp->fh) - 1;
2194 fh_set_refcount(fsp->fh, new_refcount);
2195 }
2196
2197 if (fsp->lease != NULL) {
2198 if (fsp->lease->ref_count == 1) {
2199 TALLOC_FREE(fsp->lease);
2200 } else {
2201 fsp->lease->ref_count--;
2202 }
2203 }
2204
2205 fsp->conn->num_files_open--;
2206
2207 if (fsp->fsp_name != NULL &&
2208 fsp->fsp_name->fsp_link != NULL)
2209 {
2210 /*
2211 * Free fsp_link of fsp->fsp_name. To do this in the correct
2212 * talloc destructor order we have to do it here. The
2213 * talloc_free() of the link should set the fsp pointer to NULL.
2214 */
2215 TALLOC_FREE(fsp->fsp_name->fsp_link);
2216 SMB_ASSERT(fsp->fsp_name->fsp == NULL);
2217 }
2218
2219 /* this is paranoia, just in case someone tries to reuse the
2220 information */
2221 ZERO_STRUCTP(fsp);
2222
2223 /* fsp->fsp_name is a talloc child and is free'd automatically. */
2224 TALLOC_FREE(fsp);
2225 }
2226
2227 /*
2228 * Rundown of all smb-related sub-structures of an fsp
2229 */
2230 void fsp_unbind_smb(struct smb_request *req, files_struct *fsp)
2231 {
2232 if (fsp == fsp->conn->cwd_fsp) {
2233 return;
2234 }
2235
2236 if (fsp->notify) {
2237 size_t len = fsp_fullbasepath(fsp, NULL, 0);
2238 char fullpath[len+1];
2239
2240 fsp_fullbasepath(fsp, fullpath, sizeof(fullpath));
2241
2242 notify_remove(fsp->conn->sconn->notify_ctx, fsp, fullpath);
2243 TALLOC_FREE(fsp->notify);
2244 }
2245
2246 /* Ensure this event will never fire. */
2247 TALLOC_FREE(fsp->update_write_time_event);
2248
2249 if (fsp->op != NULL) {
2250 fsp->op->compat = NULL;
2251 }
2252 TALLOC_FREE(fsp->op);
2253
2254 if ((req != NULL) && (fsp == req->chain_fsp)) {
2255 req->chain_fsp = NULL;
2256 }
2257
2258 /*
2259 * Clear all possible chained fsp
2260 * pointers in the SMB2 request queue.
2261 */
2262 remove_smb2_chained_fsp(fsp);
2263 }
2264
2265 void file_free(struct smb_request *req, files_struct *fsp)
2266 {
2267 struct smbd_server_connection *sconn = fsp->conn->sconn;
2268 uint64_t fnum = fsp->fnum;
2269
2270 fsp_unbind_smb(req, fsp);
2271
2272 /* Drop all remaining extensions. */
2273 vfs_remove_all_fsp_extensions(fsp);
2274
2275 fsp_free(fsp);
2276
2277 DBG_INFO("freed files structure %"PRIu64" (%zu used)\n",
2278 fnum,
2279 sconn->num_files);
2280 }
2281
2282 /****************************************************************************
2283 Get an fsp from a packet given a 16 bit fnum.
2284 ****************************************************************************/
2285
2286 files_struct *file_fsp(struct smb_request *req, uint16_t fid)
2287 {
2288 struct smbXsrv_open *op;
2289 NTSTATUS status;
2290 NTTIME now = 0;
2291 files_struct *fsp;
2292
2293 if (req == NULL) {
2294 /*
2295 * We should never get here. req==NULL could in theory
2296 * only happen from internal opens with a non-zero
2297 * root_dir_fid. Internal opens just don't do that, at
2298 * least they are not supposed to do so. And if they
2299 * start to do so, they better fake up a smb_request
2300 * from which we get the right smbd_server_conn. While
2301 * this should never happen, let's return NULL here.
2302 */
2303 return NULL;
2304 }
2305
2306 if (req->chain_fsp != NULL) {
2307 if (req->chain_fsp->fsp_flags.closing) {
2308 return NULL;
2309 }
2310 return req->chain_fsp;
2311 }
2312
2313 if (req->xconn == NULL) {
2314 return NULL;
2315 }
2316
2317 now = timeval_to_nttime(&req->request_time);
2318
2319 status = smb1srv_open_lookup(req->xconn,
2320 fid, now, &op);
2321 if (!NT_STATUS_IS_OK(status)) {
2322 return NULL;
2323 }
2324
2325 fsp = op->compat;
2326 if (fsp == NULL) {
2327 return NULL;
2328 }
2329
2330 if (fsp->fsp_flags.closing) {
2331 return NULL;
2332 }
2333
2334 req->chain_fsp = fsp;
2335 fsp->fsp_name->st.cached_dos_attributes = FILE_ATTRIBUTE_INVALID;
2336 return fsp;
2337 }
2338
2339 struct files_struct *file_fsp_get(struct smbd_smb2_request *smb2req,
2340 uint64_t persistent_id,
2341 uint64_t volatile_id)
2342 {
2343 struct smbXsrv_open *op;
2344 NTSTATUS status;
2345 NTTIME now = 0;
2346 struct files_struct *fsp;
2347
2348 now = timeval_to_nttime(&smb2req->request_time);
2349
2350 status = smb2srv_open_lookup(smb2req->xconn,
2351 persistent_id, volatile_id,
2352 now, &op);
2353 if (!NT_STATUS_IS_OK(status)) {
2354 return NULL;
2355 }
2356
2357 fsp = op->compat;
2358 if (fsp == NULL) {
2359 return NULL;
2360 }
2361
2362 if (smb2req->tcon == NULL) {
2363 return NULL;
2364 }
2365
2366 if (smb2req->tcon->compat != fsp->conn) {
2367 return NULL;
2368 }
2369
2370 if (smb2req->session == NULL) {
2371 return NULL;
2372 }
2373
2374 if (smb2req->session->global->session_wire_id != fsp->vuid) {
2375 return NULL;
2376 }
2377
2378 if (fsp->fsp_flags.closing) {
2379 return NULL;
2380 }
2381
2382 fsp->fsp_name->st.cached_dos_attributes = FILE_ATTRIBUTE_INVALID;
2383
2384 return fsp;
2385 }
2386
2387 struct files_struct *file_fsp_smb2(struct smbd_smb2_request *smb2req,
2388 uint64_t persistent_id,
2389 uint64_t volatile_id)
2390 {
2391 struct files_struct *fsp;
2392
2393 if (smb2req->compat_chain_fsp != NULL) {
2394 if (smb2req->compat_chain_fsp->fsp_flags.closing) {
2395 return NULL;
2396 }
2397 smb2req->compat_chain_fsp->fsp_name->st.cached_dos_attributes =
2398 FILE_ATTRIBUTE_INVALID;
2399 return smb2req->compat_chain_fsp;
2400 }
2401
2402 fsp = file_fsp_get(smb2req, persistent_id, volatile_id);
2403 if (fsp == NULL) {
2404 return NULL;
2405 }
2406
2407 smb2req->compat_chain_fsp = fsp;
2408 return fsp;
2409 }
2410
2411 /****************************************************************************
2412 Duplicate the file handle part for a DOS or FCB open.
2413 ****************************************************************************/
2414
2415 NTSTATUS dup_file_fsp(
2416 files_struct *from,
2417 uint32_t access_mask,
2418 files_struct *to)
2419 {
2420 size_t new_refcount;
2421
2422 /* this can never happen for print files */
2423 SMB_ASSERT(from->print_file == NULL);
2424
2425 TALLOC_FREE(to->fh);
2426
2427 to->fh = from->fh;
2428 new_refcount = fh_get_refcount(to->fh) + 1;
2429 fh_set_refcount(to->fh, new_refcount);
2430
2431 to->file_id = from->file_id;
2432 to->initial_allocation_size = from->initial_allocation_size;
2433 to->file_pid = from->file_pid;
2434 to->vuid = from->vuid;
2435 to->open_time = from->open_time;
2436 to->access_mask = access_mask;
2437 to->oplock_type = from->oplock_type;
2438 to->fsp_flags.can_lock = from->fsp_flags.can_lock;
2439 to->fsp_flags.can_read = ((access_mask & FILE_READ_DATA) != 0);
2440 to->fsp_flags.can_write =
2441 CAN_WRITE(from->conn) &&
2442 ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) != 0);
2443 if (from->fsp_name->twrp != 0) {
2444 to->fsp_flags.can_write = false;
2445 }
2446 to->fsp_flags.modified = from->fsp_flags.modified;
2447 to->fsp_flags.is_directory = from->fsp_flags.is_directory;
2448 to->fsp_flags.aio_write_behind = from->fsp_flags.aio_write_behind;
2449 to->fsp_flags.is_fsa = from->fsp_flags.is_fsa;
2450 to->fsp_flags.is_pathref = from->fsp_flags.is_pathref;
2451 to->fsp_flags.have_proc_fds = from->fsp_flags.have_proc_fds;
2452 to->fsp_flags.is_dirfsp = from->fsp_flags.is_dirfsp;
2453
2454 return fsp_set_smb_fname(to, from->fsp_name);
2455 }
2456
2457 /**
2458 * Return a jenkins hash of a pathname on a connection.
2459 */
2460
2461 NTSTATUS file_name_hash(connection_struct *conn,
2462 const char *name, uint32_t *p_name_hash)
2463 {
2464 char tmpbuf[PATH_MAX];
2465 char *fullpath, *to_free;
2466 ssize_t len;
2467 TDB_DATA key;
2468
2469 /* Set the hash of the full pathname. */
2470
2471 if (name[0] == '/') {
2472 strlcpy(tmpbuf, name, sizeof(tmpbuf));
2473 fullpath = tmpbuf;
2474 len = strlen(fullpath);
2475 to_free = NULL;
2476 } else {
2477 len = full_path_tos(conn->connectpath,
2478 name,
2479 tmpbuf,
2480 sizeof(tmpbuf),
2481 &fullpath,
2482 &to_free);
2483 }
2484 if (len == -1) {
2485 return NT_STATUS_NO_MEMORY;
2486 }
2487 key = (TDB_DATA) { .dptr = (uint8_t *)fullpath, .dsize = len+1 };
2488 *p_name_hash = tdb_jenkins_hash(&key);
2489
2490 DEBUG(10,("file_name_hash: %s hash 0x%x\n",
2491 fullpath,
2492 (unsigned int)*p_name_hash ));
2493
2494 TALLOC_FREE(to_free);
2495 return NT_STATUS_OK;
2496 }
2497
2498 static NTSTATUS fsp_attach_smb_fname(struct files_struct *fsp,
2499 struct smb_filename **_smb_fname)
2500 {
2501 TALLOC_CTX *frame = talloc_stackframe();
2502 struct smb_filename *smb_fname_new = talloc_move(fsp, _smb_fname);
2503 const char *name_str = NULL;
2504 uint32_t name_hash = 0;
2505 NTSTATUS status;
2506
2507 name_str = smb_fname_str_dbg(smb_fname_new);
2508 if (name_str == NULL) {
2509 TALLOC_FREE(frame);
2510 return NT_STATUS_NO_MEMORY;
2511 }
2512
2513 status = file_name_hash(fsp->conn,
2514 name_str,
2515 &name_hash);
2516 TALLOC_FREE(frame);
2517 name_str = NULL;
2518 if (!NT_STATUS_IS_OK(status)) {
2519 return status;
2520 }
2521
2522 status = fsp_smb_fname_link(fsp,
2523 &smb_fname_new->fsp_link,
2524 &smb_fname_new->fsp);
2525 if (!NT_STATUS_IS_OK(status)) {
2526 return status;
2527 }
2528
2529 fsp->name_hash = name_hash;
2530 fsp->fsp_name = smb_fname_new;
2531 fsp->fsp_name->st.cached_dos_attributes = FILE_ATTRIBUTE_INVALID;
2532 *_smb_fname = NULL;
2533 return NT_STATUS_OK;
2534 }
2535
2536 /**
2537 * The only way that the fsp->fsp_name field should ever be set.
2538 */
2539 NTSTATUS fsp_set_smb_fname(struct files_struct *fsp,
2540 const struct smb_filename *smb_fname_in)
2541 {
2542 struct smb_filename *smb_fname_old = fsp->fsp_name;
2543 struct smb_filename *smb_fname_new = NULL;
2544 NTSTATUS status;
2545
2546 smb_fname_new = cp_smb_filename(fsp, smb_fname_in);
2547 if (smb_fname_new == NULL) {
2548 return NT_STATUS_NO_MEMORY;
2549 }
2550
2551 status = fsp_attach_smb_fname(fsp, &smb_fname_new);
2552 if (!NT_STATUS_IS_OK(status)) {
2553 TALLOC_FREE(smb_fname_new);
2554 return status;
2555 }
2556
2557 if (smb_fname_old != NULL) {
2558 smb_fname_fsp_unlink(smb_fname_old);
2559 TALLOC_FREE(smb_fname_old);
2560 }
2561
2562 return NT_STATUS_OK;
2563 }
2564
2565 size_t fsp_fullbasepath(struct files_struct *fsp, char *buf, size_t buflen)
2566 {
2567 int len = 0;
2568
2569 if (buf == NULL) {
2570 /*
2571 * susv4 allows buf==NULL if buflen==0 for snprintf.
2572 */
2573 SMB_ASSERT(buflen == 0);
2574 }
2575
2576 if (ISDOT(fsp->fsp_name->base_name)) {
2577 len = snprintf(buf, buflen, "%s", fsp->conn->connectpath);
2578 } else {
2579 len = snprintf(buf,
2580 buflen,
2581 "%s/%s",
2582 fsp->conn->connectpath,
2583 fsp->fsp_name->base_name);
2584 }
2585 SMB_ASSERT(len > 0);
2586
2587 return len;
2588 }
2589
2590 void fsp_set_base_fsp(struct files_struct *fsp, struct files_struct *base_fsp)
2591 {
2592 SMB_ASSERT(fsp->stream_fsp == NULL);
2593 if (base_fsp != NULL) {
2594 SMB_ASSERT(base_fsp->base_fsp == NULL);
2595 SMB_ASSERT(base_fsp->stream_fsp == NULL);
2596 }
2597
2598 if (fsp->base_fsp != NULL) {
2599 SMB_ASSERT(fsp->base_fsp->stream_fsp == fsp);
2600 fsp->base_fsp->stream_fsp = NULL;
2601 }
2602
2603 fsp->base_fsp = base_fsp;
2604 if (fsp->base_fsp != NULL) {
2605 fsp->base_fsp->stream_fsp = fsp;
2606 }
2607 }
2608
2609 bool fsp_is_alternate_stream(const struct files_struct *fsp)
2610 {
2611 return (fsp->base_fsp != NULL);
2612 }
2613
2614 struct files_struct *metadata_fsp(struct files_struct *fsp)
2615 {
2616 if (fsp_is_alternate_stream(fsp)) {
2617 return fsp->base_fsp;
2618 }
2619 return fsp;
2620 }
2621
2622 static bool fsp_generic_ask_sharemode(struct files_struct *fsp)
2623 {
2624 if (fsp == NULL) {
2625 return false;
2626 }
2627
2628 if (fsp->posix_flags & FSP_POSIX_FLAGS_PATHNAMES) {
2629 /* Always use filesystem for UNIX mtime query. */
2630 return false;
2631 }
2632
2633 return true;
2634 }
2635
2636 bool fsp_search_ask_sharemode(struct files_struct *fsp)
2637 {
2638 if (!fsp_generic_ask_sharemode(fsp)) {
2639 return false;
2640 }
2641
2642 return lp_smbd_search_ask_sharemode(SNUM(fsp->conn));
2643 }
2644
2645 bool fsp_getinfo_ask_sharemode(struct files_struct *fsp)
2646 {
2647 if (!fsp_generic_ask_sharemode(fsp)) {
2648 return false;
2649 }
2650
2651 return lp_smbd_getinfo_ask_sharemode(SNUM(fsp->conn));
2652 }
GSS-enabled samba4