LCOV - code coverage report
Current view: top level - source3/smbd - close.c (source / functions) Hit Total Coverage
Test: coverage report for master 6248eab5 Lines: 340 658 51.7 %
Date: 2021-08-25 13:27:56 Functions: 15 17 88.2 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    file closing
       4             :    Copyright (C) Andrew Tridgell 1992-1998
       5             :    Copyright (C) Jeremy Allison 1992-2007.
       6             :    Copyright (C) Volker Lendecke 2005
       7             : 
       8             :    This program is free software; you can redistribute it and/or modify
       9             :    it under the terms of the GNU General Public License as published by
      10             :    the Free Software Foundation; either version 3 of the License, or
      11             :    (at your option) any later version.
      12             : 
      13             :    This program is distributed in the hope that it will be useful,
      14             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :    GNU General Public License for more details.
      17             : 
      18             :    You should have received a copy of the GNU General Public License
      19             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      20             : */
      21             : 
      22             : #include "includes.h"
      23             : #include "system/filesys.h"
      24             : #include "lib/util/server_id.h"
      25             : #include "printing.h"
      26             : #include "locking/share_mode_lock.h"
      27             : #include "smbd/smbd.h"
      28             : #include "smbd/globals.h"
      29             : #include "smbd/scavenger.h"
      30             : #include "fake_file.h"
      31             : #include "transfer_file.h"
      32             : #include "auth.h"
      33             : #include "messages.h"
      34             : #include "../librpc/gen_ndr/open_files.h"
      35             : #include "lib/util/tevent_ntstatus.h"
      36             : 
      37             : /****************************************************************************
      38             :  Run a file if it is a magic script.
      39             : ****************************************************************************/
      40             : 
      41      379916 : static NTSTATUS check_magic(struct files_struct *fsp)
      42             : {
      43             :         int ret;
      44      379916 :         const struct loadparm_substitution *lp_sub =
      45             :                 loadparm_s3_global_substitution();
      46      379916 :         const char *magic_output = NULL;
      47             :         SMB_STRUCT_STAT st;
      48             :         int tmp_fd, outfd;
      49      379916 :         TALLOC_CTX *ctx = NULL;
      50             :         const char *p;
      51      379916 :         struct connection_struct *conn = fsp->conn;
      52      379916 :         char *fname = NULL;
      53             :         NTSTATUS status;
      54             : 
      55      379916 :         if (!*lp_magic_script(talloc_tos(), lp_sub, SNUM(conn))) {
      56      379916 :                 return NT_STATUS_OK;
      57             :         }
      58             : 
      59           0 :         DEBUG(5,("checking magic for %s\n", fsp_str_dbg(fsp)));
      60             : 
      61           0 :         ctx = talloc_stackframe();
      62             : 
      63           0 :         fname = fsp->fsp_name->base_name;
      64             : 
      65           0 :         if (!(p = strrchr_m(fname,'/'))) {
      66           0 :                 p = fname;
      67             :         } else {
      68           0 :                 p++;
      69             :         }
      70             : 
      71           0 :         if (!strequal(lp_magic_script(talloc_tos(), lp_sub, SNUM(conn)),p)) {
      72           0 :                 status = NT_STATUS_OK;
      73           0 :                 goto out;
      74             :         }
      75             : 
      76           0 :         if (*lp_magic_output(talloc_tos(), lp_sub, SNUM(conn))) {
      77           0 :                 magic_output = lp_magic_output(talloc_tos(), lp_sub, SNUM(conn));
      78             :         } else {
      79           0 :                 magic_output = talloc_asprintf(ctx,
      80             :                                 "%s.out",
      81             :                                 fname);
      82             :         }
      83           0 :         if (!magic_output) {
      84           0 :                 status = NT_STATUS_NO_MEMORY;
      85           0 :                 goto out;
      86             :         }
      87             : 
      88             :         /* Ensure we don't depend on user's PATH. */
      89           0 :         p = talloc_asprintf(ctx, "./%s", fname);
      90           0 :         if (!p) {
      91           0 :                 status = NT_STATUS_NO_MEMORY;
      92           0 :                 goto out;
      93             :         }
      94             : 
      95           0 :         if (chmod(fname, 0755) == -1) {
      96           0 :                 status = map_nt_error_from_unix(errno);
      97           0 :                 goto out;
      98             :         }
      99           0 :         ret = smbrun(p, &tmp_fd, NULL);
     100           0 :         DEBUG(3,("Invoking magic command %s gave %d\n",
     101             :                 p,ret));
     102             : 
     103           0 :         unlink(fname);
     104           0 :         if (ret != 0 || tmp_fd == -1) {
     105           0 :                 if (tmp_fd != -1) {
     106           0 :                         close(tmp_fd);
     107             :                 }
     108           0 :                 status = NT_STATUS_UNSUCCESSFUL;
     109           0 :                 goto out;
     110             :         }
     111           0 :         outfd = open(magic_output, O_CREAT|O_EXCL|O_RDWR, 0600);
     112           0 :         if (outfd == -1) {
     113           0 :                 int err = errno;
     114           0 :                 close(tmp_fd);
     115           0 :                 status = map_nt_error_from_unix(err);
     116           0 :                 goto out;
     117             :         }
     118             : 
     119           0 :         if (sys_fstat(tmp_fd, &st, false) == -1) {
     120           0 :                 int err = errno;
     121           0 :                 close(tmp_fd);
     122           0 :                 close(outfd);
     123           0 :                 status = map_nt_error_from_unix(err);
     124           0 :                 goto out;
     125             :         }
     126             : 
     127           0 :         if (transfer_file(tmp_fd,outfd,(off_t)st.st_ex_size) == (off_t)-1) {
     128           0 :                 int err = errno;
     129           0 :                 close(tmp_fd);
     130           0 :                 close(outfd);
     131           0 :                 status = map_nt_error_from_unix(err);
     132           0 :                 goto out;
     133             :         }
     134           0 :         close(tmp_fd);
     135           0 :         if (close(outfd) == -1) {
     136           0 :                 status = map_nt_error_from_unix(errno);
     137           0 :                 goto out;
     138             :         }
     139             : 
     140           0 :         status = NT_STATUS_OK;
     141             : 
     142           0 :  out:
     143           0 :         TALLOC_FREE(ctx);
     144           0 :         return status;
     145             : }
     146             : 
     147             : /****************************************************************************
     148             :  Delete all streams
     149             : ****************************************************************************/
     150             : 
     151      142685 : NTSTATUS delete_all_streams(connection_struct *conn,
     152             :                         const struct smb_filename *smb_fname)
     153             : {
     154      142685 :         struct stream_struct *stream_info = NULL;
     155             :         unsigned int i;
     156      142685 :         unsigned int num_streams = 0;
     157      142685 :         TALLOC_CTX *frame = talloc_stackframe();
     158             :         NTSTATUS status;
     159             : 
     160      142685 :         status = vfs_fstreaminfo(smb_fname->fsp, talloc_tos(),
     161             :                                 &num_streams, &stream_info);
     162             : 
     163      142685 :         if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
     164           0 :                 DEBUG(10, ("no streams around\n"));
     165           0 :                 TALLOC_FREE(frame);
     166           0 :                 return NT_STATUS_OK;
     167             :         }
     168             : 
     169      142685 :         if (!NT_STATUS_IS_OK(status)) {
     170           0 :                 DEBUG(10, ("vfs_fstreaminfo failed: %s\n",
     171             :                            nt_errstr(status)));
     172           0 :                 goto fail;
     173             :         }
     174             : 
     175      142685 :         DEBUG(10, ("delete_all_streams found %d streams\n",
     176             :                    num_streams));
     177             : 
     178      142685 :         if (num_streams == 0) {
     179        9689 :                 TALLOC_FREE(frame);
     180        9689 :                 return NT_STATUS_OK;
     181             :         }
     182             : 
     183      266359 :         for (i=0; i<num_streams; i++) {
     184             :                 int res;
     185             :                 struct smb_filename *smb_fname_stream;
     186             : 
     187      133558 :                 if (strequal(stream_info[i].name, "::$DATA")) {
     188      132949 :                         continue;
     189             :                 }
     190             : 
     191        1218 :                 status = synthetic_pathref(talloc_tos(),
     192             :                                            conn->cwd_fsp,
     193         609 :                                            smb_fname->base_name,
     194         609 :                                            stream_info[i].name,
     195             :                                            NULL,
     196             :                                            smb_fname->twrp,
     197         609 :                                            (smb_fname->flags &
     198             :                                             ~SMB_FILENAME_POSIX_PATH),
     199             :                                            &smb_fname_stream);
     200         609 :                 if (!NT_STATUS_IS_OK(status)) {
     201           0 :                         DEBUG(0, ("talloc_aprintf failed\n"));
     202           0 :                         status = NT_STATUS_NO_MEMORY;
     203           0 :                         goto fail;
     204             :                 }
     205             : 
     206         609 :                 res = SMB_VFS_UNLINKAT(conn,
     207             :                                 conn->cwd_fsp,
     208             :                                 smb_fname_stream,
     209             :                                 0);
     210             : 
     211         609 :                 if (res == -1) {
     212           0 :                         status = map_nt_error_from_unix(errno);
     213           0 :                         DEBUG(10, ("Could not delete stream %s: %s\n",
     214             :                                    smb_fname_str_dbg(smb_fname_stream),
     215             :                                    strerror(errno)));
     216           0 :                         TALLOC_FREE(smb_fname_stream);
     217           0 :                         break;
     218             :                 }
     219         609 :                 TALLOC_FREE(smb_fname_stream);
     220             :         }
     221             : 
     222      132996 :  fail:
     223      132996 :         TALLOC_FREE(frame);
     224      132996 :         return status;
     225             : }
     226             : 
     227             : struct has_other_nonposix_opens_state {
     228             :         files_struct *fsp;
     229             :         bool found_another;
     230             : };
     231             : 
     232      184542 : static bool has_other_nonposix_opens_fn(
     233             :         struct share_mode_entry *e,
     234             :         bool *modified,
     235             :         void *private_data)
     236             : {
     237      184542 :         struct has_other_nonposix_opens_state *state = private_data;
     238      184542 :         struct files_struct *fsp = state->fsp;
     239             : 
     240      184542 :         if (e->name_hash != fsp->name_hash) {
     241           4 :                 return false;
     242             :         }
     243      185056 :         if ((fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) &&
     244         518 :             (e->flags & SHARE_MODE_FLAG_POSIX_OPEN)) {
     245         510 :                 return false;
     246             :         }
     247      184028 :         if (e->share_file_id == fh_get_gen_id(fsp->fh)) {
     248      183784 :                 struct server_id self = messaging_server_id(
     249      183784 :                         fsp->conn->sconn->msg_ctx);
     250      183784 :                 if (server_id_equal(&self, &e->pid)) {
     251      183779 :                         return false;
     252             :                 }
     253             :         }
     254         249 :         if (share_entry_stale_pid(e)) {
     255           0 :                 return false;
     256             :         }
     257             : 
     258         249 :         state->found_another = true;
     259         249 :         return true;
     260             : }
     261             : 
     262      184365 : bool has_other_nonposix_opens(struct share_mode_lock *lck,
     263             :                               struct files_struct *fsp)
     264             : {
     265      184365 :         struct has_other_nonposix_opens_state state = { .fsp = fsp };
     266             :         bool ok;
     267             : 
     268      184365 :         ok = share_mode_forall_entries(
     269             :                 lck, has_other_nonposix_opens_fn, &state);
     270      184365 :         if (!ok) {
     271           0 :                 return false;
     272             :         }
     273      184365 :         return state.found_another;
     274             : }
     275             : 
     276             : /****************************************************************************
     277             :  Deal with removing a share mode on last close.
     278             : ****************************************************************************/
     279             : 
     280      383102 : static NTSTATUS close_remove_share_mode(files_struct *fsp,
     281             :                                         enum file_close_type close_type)
     282             : {
     283      383102 :         connection_struct *conn = fsp->conn;
     284      383102 :         bool delete_file = false;
     285      383102 :         bool changed_user = false;
     286      383102 :         struct share_mode_lock *lck = NULL;
     287      383102 :         NTSTATUS status = NT_STATUS_OK;
     288             :         NTSTATUS tmp_status;
     289             :         struct file_id id;
     290      383102 :         const struct security_unix_token *del_token = NULL;
     291      383102 :         const struct security_token *del_nt_token = NULL;
     292      383102 :         struct smb_filename *parent_fname = NULL;
     293      383102 :         struct smb_filename *base_fname = NULL;
     294      383102 :         bool got_tokens = false;
     295             :         bool normal_close;
     296             :         int ret;
     297             : 
     298             :         /* Ensure any pending write time updates are done. */
     299      383102 :         if (fsp->update_write_time_event) {
     300        4812 :                 fsp_flush_write_time_update(fsp);
     301             :         }
     302             : 
     303             :         /*
     304             :          * Lock the share entries, and determine if we should delete
     305             :          * on close. If so delete whilst the lock is still in effect.
     306             :          * This prevents race conditions with the file being created. JRA.
     307             :          */
     308             : 
     309      383102 :         lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
     310      383102 :         if (lck == NULL) {
     311           0 :                 DEBUG(0, ("close_remove_share_mode: Could not get share mode "
     312             :                           "lock for file %s\n", fsp_str_dbg(fsp)));
     313           0 :                 return NT_STATUS_INVALID_PARAMETER;
     314             :         }
     315             : 
     316             :         /* Remove the oplock before potentially deleting the file. */
     317      383102 :         if(fsp->oplock_type) {
     318        2389 :                 remove_oplock(fsp);
     319             :         }
     320             : 
     321      383102 :         if (fsp->fsp_flags.write_time_forced) {
     322         963 :                 NTTIME mtime = share_mode_changed_write_time(lck);
     323         963 :                 struct timespec ts = nt_time_to_full_timespec(mtime);
     324             : 
     325         963 :                 DEBUG(10,("close_remove_share_mode: write time forced "
     326             :                         "for file %s\n",
     327             :                         fsp_str_dbg(fsp)));
     328         963 :                 set_close_write_time(fsp, ts);
     329      382139 :         } else if (fsp->fsp_flags.update_write_time_on_close) {
     330             :                 /* Someone had a pending write. */
     331         100 :                 if (is_omit_timespec(&fsp->close_write_time)) {
     332          69 :                         DEBUG(10,("close_remove_share_mode: update to current time "
     333             :                                 "for file %s\n",
     334             :                                 fsp_str_dbg(fsp)));
     335             :                         /* Update to current time due to "normal" write. */
     336          69 :                         set_close_write_time(fsp, timespec_current());
     337             :                 } else {
     338          31 :                         DEBUG(10,("close_remove_share_mode: write time pending "
     339             :                                 "for file %s\n",
     340             :                                 fsp_str_dbg(fsp)));
     341             :                         /* Update to time set on close call. */
     342          31 :                         set_close_write_time(fsp, fsp->close_write_time);
     343             :                 }
     344             :         }
     345             : 
     346      533192 :         if (fsp->fsp_flags.initial_delete_on_close &&
     347      150090 :                         !is_delete_on_close_set(lck, fsp->name_hash)) {
     348             :                 /* Initial delete on close was set and no one else
     349             :                  * wrote a real delete on close. */
     350             : 
     351      150083 :                 fsp->fsp_flags.delete_on_close = true;
     352      150083 :                 set_delete_on_close_lck(fsp, lck,
     353      150083 :                                         fsp->conn->session_info->security_token,
     354      150083 :                                         fsp->conn->session_info->unix_token);
     355             :         }
     356             : 
     357      557005 :         delete_file = is_delete_on_close_set(lck, fsp->name_hash) &&
     358      173903 :                 !has_other_nonposix_opens(lck, fsp);
     359             : 
     360             :         /*
     361             :          * NT can set delete_on_close of the last open
     362             :          * reference to a file.
     363             :          */
     364             : 
     365      383102 :         normal_close = (close_type == NORMAL_CLOSE || close_type == SHUTDOWN_CLOSE);
     366             : 
     367      383102 :         if (!normal_close || !delete_file) {
     368      209114 :                 status = NT_STATUS_OK;
     369      209114 :                 goto done;
     370             :         }
     371             : 
     372             :         /*
     373             :          * Ok, we have to delete the file
     374             :          */
     375             : 
     376      173691 :         DEBUG(5,("close_remove_share_mode: file %s. Delete on close was set "
     377             :                  "- deleting file.\n", fsp_str_dbg(fsp)));
     378             : 
     379             :         /*
     380             :          * Don't try to update the write time when we delete the file
     381             :          */
     382      173691 :         fsp->fsp_flags.update_write_time_on_close = false;
     383             : 
     384      173691 :         got_tokens = get_delete_on_close_token(lck, fsp->name_hash,
     385             :                                         &del_nt_token, &del_token);
     386      173691 :         SMB_ASSERT(got_tokens);
     387             : 
     388      173691 :         if (!unix_token_equal(del_token, get_current_utok(conn))) {
     389             :                 /* Become the user who requested the delete. */
     390             : 
     391         190 :                 DEBUG(5,("close_remove_share_mode: file %s. "
     392             :                         "Change user to uid %u\n",
     393             :                         fsp_str_dbg(fsp),
     394             :                         (unsigned int)del_token->uid));
     395             : 
     396         190 :                 if (!push_sec_ctx()) {
     397           0 :                         smb_panic("close_remove_share_mode: file %s. failed to push "
     398             :                                   "sec_ctx.\n");
     399             :                 }
     400             : 
     401         759 :                 set_sec_ctx(del_token->uid,
     402         189 :                             del_token->gid,
     403         190 :                             del_token->ngroups,
     404         190 :                             del_token->groups,
     405             :                             del_nt_token);
     406             : 
     407         190 :                 changed_user = true;
     408             :         }
     409             : 
     410             :         /* We can only delete the file if the name we have is still valid and
     411             :            hasn't been renamed. */
     412             : 
     413      173691 :         tmp_status = vfs_stat_fsp(fsp);
     414      173691 :         if (!NT_STATUS_IS_OK(tmp_status)) {
     415           0 :                 DEBUG(5,("close_remove_share_mode: file %s. Delete on close "
     416             :                          "was set and stat failed with error %s\n",
     417             :                          fsp_str_dbg(fsp), nt_errstr(tmp_status)));
     418             :                 /*
     419             :                  * Don't save the errno here, we ignore this error
     420             :                  */
     421           0 :                 goto done;
     422             :         }
     423             : 
     424      173691 :         id = vfs_file_id_from_sbuf(conn, &fsp->fsp_name->st);
     425             : 
     426      173691 :         if (!file_id_equal(&fsp->file_id, &id)) {
     427             :                 struct file_id_buf ftmp1, ftmp2;
     428           0 :                 DEBUG(5,("close_remove_share_mode: file %s. Delete on close "
     429             :                          "was set and dev and/or inode does not match\n",
     430             :                          fsp_str_dbg(fsp)));
     431           0 :                 DEBUG(5,("close_remove_share_mode: file %s. stored file_id %s, "
     432             :                          "stat file_id %s\n",
     433             :                          fsp_str_dbg(fsp),
     434             :                          file_id_str_buf(fsp->file_id, &ftmp1),
     435             :                          file_id_str_buf(id, &ftmp2)));
     436             :                 /*
     437             :                  * Don't save the errno here, we ignore this error
     438             :                  */
     439           0 :                 goto done;
     440             :         }
     441             : 
     442      173691 :         if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
     443      132934 :             && !is_ntfs_stream_smb_fname(fsp->fsp_name)) {
     444             : 
     445      132464 :                 status = delete_all_streams(conn, fsp->fsp_name);
     446             : 
     447      132464 :                 if (!NT_STATUS_IS_OK(status)) {
     448           0 :                         DEBUG(5, ("delete_all_streams failed: %s\n",
     449             :                                   nt_errstr(status)));
     450           0 :                         goto done;
     451             :                 }
     452             :         }
     453             : 
     454      173691 :         if (fsp->fsp_flags.kernel_share_modes_taken) {
     455             :                 int ret_flock;
     456             : 
     457             :                 /*
     458             :                  * A file system sharemode could block the unlink;
     459             :                  * remove filesystem sharemodes first.
     460             :                  */
     461         964 :                 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, 0, 0);
     462         964 :                 if (ret_flock == -1) {
     463           0 :                         DBG_INFO("removing kernel flock for %s failed: %s\n",
     464             :                                   fsp_str_dbg(fsp), strerror(errno));
     465             :                 }
     466             : 
     467         964 :                 fsp->fsp_flags.kernel_share_modes_taken = false;
     468             :         }
     469             : 
     470      173691 :         status = parent_pathref(talloc_tos(),
     471             :                                 conn->cwd_fsp,
     472      173691 :                                 fsp->fsp_name,
     473             :                                 &parent_fname,
     474             :                                 &base_fname);
     475      173691 :         if (!NT_STATUS_IS_OK(status)) {
     476           0 :                 goto done;
     477             :         }
     478             : 
     479      173691 :         ret = SMB_VFS_UNLINKAT(conn,
     480             :                                parent_fname->fsp,
     481             :                                base_fname,
     482             :                                0);
     483      173691 :         TALLOC_FREE(parent_fname);
     484      173691 :         base_fname = NULL;
     485      173691 :         if (ret != 0) {
     486             :                 /*
     487             :                  * This call can potentially fail as another smbd may
     488             :                  * have had the file open with delete on close set and
     489             :                  * deleted it when its last reference to this file
     490             :                  * went away. Hence we log this but not at debug level
     491             :                  * zero.
     492             :                  */
     493             : 
     494           4 :                 DEBUG(5,("close_remove_share_mode: file %s. Delete on close "
     495             :                          "was set and unlink failed with error %s\n",
     496             :                          fsp_str_dbg(fsp), strerror(errno)));
     497             : 
     498           4 :                 status = map_nt_error_from_unix(errno);
     499             :         }
     500             : 
     501             :         /* As we now have POSIX opens which can unlink
     502             :          * with other open files we may have taken
     503             :          * this code path with more than one share mode
     504             :          * entry - ensure we only delete once by resetting
     505             :          * the delete on close flag. JRA.
     506             :          */
     507             : 
     508      173691 :         fsp->fsp_flags.delete_on_close = false;
     509      173691 :         reset_delete_on_close_lck(fsp, lck);
     510             : 
     511      382805 :  done:
     512             : 
     513      382805 :         if (changed_user) {
     514             :                 /* unbecome user. */
     515         190 :                 pop_sec_ctx();
     516             :         }
     517             : 
     518      383102 :         if (fsp->fsp_flags.kernel_share_modes_taken) {
     519             :                 int ret_flock;
     520             : 
     521             :                 /* remove filesystem sharemodes */
     522      191134 :                 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, 0, 0);
     523      191134 :                 if (ret_flock == -1) {
     524           0 :                         DEBUG(2, ("close_remove_share_mode: removing kernel "
     525             :                                   "flock for %s failed: %s\n",
     526             :                                   fsp_str_dbg(fsp), strerror(errno)));
     527             :                 }
     528             :         }
     529             : 
     530      383102 :         if (!del_share_mode(lck, fsp)) {
     531           0 :                 DEBUG(0, ("close_remove_share_mode: Could not delete share "
     532             :                           "entry for file %s\n", fsp_str_dbg(fsp)));
     533             :         }
     534             : 
     535      383102 :         TALLOC_FREE(lck);
     536             : 
     537      383102 :         if (delete_file) {
     538             :                 /*
     539             :                  * Do the notification after we released the share
     540             :                  * mode lock. Inside notify_fname we take out another
     541             :                  * tdb lock. With ctdb also accessing our databases,
     542             :                  * this can lead to deadlocks. Putting this notify
     543             :                  * after the TALLOC_FREE(lck) above we avoid locking
     544             :                  * two records simultaneously. Notifies are async and
     545             :                  * informational only, so calling the notify_fname
     546             :                  * without holding the share mode lock should not do
     547             :                  * any harm.
     548             :                  */
     549      173691 :                 notify_fname(conn, NOTIFY_ACTION_REMOVED,
     550             :                              FILE_NOTIFY_CHANGE_FILE_NAME,
     551      173691 :                              fsp->fsp_name->base_name);
     552             :         }
     553             : 
     554      383102 :         return status;
     555             : }
     556             : 
     557       31933 : void set_close_write_time(struct files_struct *fsp, struct timespec ts)
     558             : {
     559       31933 :         DEBUG(6,("close_write_time: %s" , time_to_asc(convert_timespec_to_time_t(ts))));
     560             : 
     561       31933 :         if (is_omit_timespec(&ts)) {
     562       30552 :                 return;
     563             :         }
     564        1094 :         fsp->fsp_flags.write_time_forced = false;
     565        1094 :         fsp->fsp_flags.update_write_time_on_close = true;
     566        1094 :         fsp->close_write_time = ts;
     567             : }
     568             : 
     569      383215 : static NTSTATUS update_write_time_on_close(struct files_struct *fsp)
     570             : {
     571             :         struct smb_file_time ft;
     572             :         NTSTATUS status;
     573      383215 :         struct share_mode_lock *lck = NULL;
     574             : 
     575      383215 :         init_smb_file_time(&ft);
     576             : 
     577      383215 :         if (!(fsp->fsp_flags.update_write_time_on_close)) {
     578      382161 :                 return NT_STATUS_OK;
     579             :         }
     580             : 
     581        1054 :         if (is_omit_timespec(&fsp->close_write_time)) {
     582           5 :                 fsp->close_write_time = timespec_current();
     583             :         }
     584             : 
     585             :         /* Ensure we have a valid stat struct for the source. */
     586        1054 :         status = vfs_stat_fsp(fsp);
     587        1054 :         if (!NT_STATUS_IS_OK(status)) {
     588           0 :                 return status;
     589             :         }
     590             : 
     591        1054 :         if (!VALID_STAT(fsp->fsp_name->st)) {
     592             :                 /* if it doesn't seem to be a real file */
     593           0 :                 return NT_STATUS_OK;
     594             :         }
     595             : 
     596             :         /*
     597             :          * get_existing_share_mode_lock() isn't really the right
     598             :          * call here, as we're being called after
     599             :          * close_remove_share_mode() inside close_normal_file()
     600             :          * so it's quite normal to not have an existing share
     601             :          * mode here. However, get_share_mode_lock() doesn't
     602             :          * work because that will create a new share mode if
     603             :          * one doesn't exist - so stick with this call (just
     604             :          * ignore any error we get if the share mode doesn't
     605             :          * exist.
     606             :          */
     607             : 
     608        1054 :         lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
     609        1054 :         if (lck) {
     610          21 :                 NTTIME share_mtime = share_mode_changed_write_time(lck);
     611             :                 /* On close if we're changing the real file time we
     612             :                  * must update it in the open file db too. */
     613          21 :                 (void)set_write_time(fsp->file_id, fsp->close_write_time);
     614             : 
     615             :                 /* Close write times overwrite sticky write times
     616             :                    so we must replace any sticky write time here. */
     617          21 :                 if (!null_nttime(share_mtime)) {
     618          16 :                         (void)set_sticky_write_time(fsp->file_id, fsp->close_write_time);
     619             :                 }
     620          21 :                 TALLOC_FREE(lck);
     621             :         }
     622             : 
     623        1054 :         ft.mtime = fsp->close_write_time;
     624             :         /* As this is a close based update, we are not directly changing the
     625             :            file attributes from a client call, but indirectly from a write. */
     626        1054 :         status = smb_set_file_time(fsp->conn, fsp, fsp->fsp_name, &ft, false);
     627        1054 :         if (!NT_STATUS_IS_OK(status)) {
     628           0 :                 DEBUG(10,("update_write_time_on_close: smb_set_file_time "
     629             :                         "on file %s returned %s\n",
     630             :                         fsp_str_dbg(fsp),
     631             :                         nt_errstr(status)));
     632           0 :                 return status;
     633             :         }
     634             : 
     635        1054 :         return status;
     636             : }
     637             : 
     638     1527670 : static NTSTATUS ntstatus_keeperror(NTSTATUS s1, NTSTATUS s2)
     639             : {
     640     1529002 :         if (!NT_STATUS_IS_OK(s1)) {
     641          12 :                 return s1;
     642             :         }
     643     1527658 :         return s2;
     644             : }
     645             : 
     646      433293 : static void assert_no_pending_aio(struct files_struct *fsp,
     647             :                                   enum file_close_type close_type)
     648             : {
     649      433293 :         struct smbXsrv_client *client = global_smbXsrv_client;
     650             :         size_t num_connections_alive;
     651      433293 :         unsigned num_requests = fsp->num_aio_requests;
     652             : 
     653      433293 :         if (num_requests == 0) {
     654      432566 :                 return;
     655             :         }
     656             : 
     657           2 :         num_connections_alive = smbXsrv_client_valid_connections(client);
     658             : 
     659           2 :         if (close_type == SHUTDOWN_CLOSE && num_connections_alive == 0) {
     660             :                 /*
     661             :                  * fsp->aio_requests and the contents (fsp->aio_requests[x])
     662             :                  * are both independently owned by fsp and are not in a
     663             :                  * talloc heirarchy. This allows the fsp->aio_requests array to
     664             :                  * be reallocated independently of the array contents so it can
     665             :                  * grow on demand.
     666             :                  *
     667             :                  * This means we must ensure order of deallocation
     668             :                  * on a SHUTDOWN_CLOSE by deallocating the fsp->aio_requests[x]
     669             :                  * contents first, as their destructors access the
     670             :                  * fsp->aio_request array. If we don't deallocate them
     671             :                  * first, when fsp is deallocated fsp->aio_requests
     672             :                  * could have been deallocated *before* its contents
     673             :                  * fsp->aio_requests[x], causing a crash.
     674             :                  */
     675           8 :                 while (fsp->num_aio_requests != 0) {
     676             :                         /*
     677             :                          * NB. We *MUST* use
     678             :                          * talloc_free(fsp->aio_requests[0]),
     679             :                          * and *NOT* TALLOC_FREE() here, as
     680             :                          * TALLOC_FREE(fsp->aio_requests[0])
     681             :                          * will overwrite any new contents of
     682             :                          * fsp->aio_requests[0] that were
     683             :                          * copied into it via the destructor
     684             :                          * aio_del_req_from_fsp().
     685             :                          *
     686             :                          * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14515
     687             :                          */
     688           4 :                         talloc_free(fsp->aio_requests[0]);
     689             :                 }
     690           2 :                 return;
     691             :         }
     692             : 
     693           0 :         DBG_ERR("fsp->num_aio_requests=%u\n", num_requests);
     694           0 :         smb_panic("can not close with outstanding aio requests");
     695             :         return;
     696             : }
     697             : 
     698             : /****************************************************************************
     699             :  Close a file.
     700             : 
     701             :  close_type can be NORMAL_CLOSE=0,SHUTDOWN_CLOSE,ERROR_CLOSE.
     702             :  printing and magic scripts are only run on normal close.
     703             :  delete on close is done on normal and shutdown close.
     704             : ****************************************************************************/
     705             : 
     706      383371 : static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
     707             :                                   enum file_close_type close_type)
     708             : {
     709      383371 :         NTSTATUS status = NT_STATUS_OK;
     710             :         NTSTATUS tmp;
     711      383371 :         connection_struct *conn = fsp->conn;
     712      383371 :         bool is_durable = false;
     713             : 
     714      383371 :         SMB_ASSERT(fsp->fsp_flags.is_fsa);
     715             : 
     716      383371 :         assert_no_pending_aio(fsp, close_type);
     717             : 
     718      766790 :         while (talloc_array_length(fsp->blocked_smb1_lock_reqs) != 0) {
     719          48 :                 smbd_smb1_brl_finish_by_req(
     720          48 :                         fsp->blocked_smb1_lock_reqs[0],
     721          48 :                         NT_STATUS_RANGE_NOT_LOCKED);
     722             :         }
     723             : 
     724             :         /*
     725             :          * If we're flushing on a close we can get a write
     726             :          * error here, we must remember this.
     727             :          */
     728             : 
     729      383371 :         if (NT_STATUS_IS_OK(status) && fsp->op != NULL) {
     730      375715 :                 is_durable = fsp->op->global->durable;
     731             :         }
     732             : 
     733      383371 :         if (close_type != SHUTDOWN_CLOSE) {
     734      382039 :                 is_durable = false;
     735             :         }
     736             : 
     737      382933 :         if (is_durable) {
     738         164 :                 DATA_BLOB new_cookie = data_blob_null;
     739             : 
     740         164 :                 tmp = SMB_VFS_DURABLE_DISCONNECT(fsp,
     741             :                                         fsp->op->global->backend_cookie,
     742             :                                         fsp->op,
     743             :                                         &new_cookie);
     744         164 :                 if (NT_STATUS_IS_OK(tmp)) {
     745             :                         struct timeval tv;
     746             :                         NTTIME now;
     747             : 
     748         156 :                         if (req != NULL) {
     749          28 :                                 tv = req->request_time;
     750             :                         } else {
     751         128 :                                 tv = timeval_current();
     752             :                         }
     753         156 :                         now = timeval_to_nttime(&tv);
     754             : 
     755         156 :                         data_blob_free(&fsp->op->global->backend_cookie);
     756         156 :                         fsp->op->global->backend_cookie = new_cookie;
     757             : 
     758         156 :                         fsp->op->compat = NULL;
     759         156 :                         tmp = smbXsrv_open_close(fsp->op, now);
     760         156 :                         if (!NT_STATUS_IS_OK(tmp)) {
     761           0 :                                 DEBUG(1, ("Failed to update smbXsrv_open "
     762             :                                           "record when disconnecting durable "
     763             :                                           "handle for file %s: %s - "
     764             :                                           "proceeding with normal close\n",
     765             :                                           fsp_str_dbg(fsp), nt_errstr(tmp)));
     766             :                         }
     767         156 :                         scavenger_schedule_disconnected(fsp);
     768             :                 } else {
     769           8 :                         DEBUG(1, ("Failed to disconnect durable handle for "
     770             :                                   "file %s: %s - proceeding with normal "
     771             :                                   "close\n", fsp_str_dbg(fsp), nt_errstr(tmp)));
     772             :                 }
     773         164 :                 if (!NT_STATUS_IS_OK(tmp)) {
     774           8 :                         is_durable = false;
     775             :                 }
     776             :         }
     777             : 
     778      383371 :         if (is_durable) {
     779             :                 /*
     780             :                  * This is the case where we successfully disconnected
     781             :                  * a durable handle and closed the underlying file.
     782             :                  * In all other cases, we proceed with a genuine close.
     783             :                  */
     784         156 :                 DEBUG(10, ("%s disconnected durable handle for file %s\n",
     785             :                            conn->session_info->unix_info->unix_name,
     786             :                            fsp_str_dbg(fsp)));
     787         156 :                 file_free(req, fsp);
     788         156 :                 return NT_STATUS_OK;
     789             :         }
     790             : 
     791      383215 :         if (fsp->op != NULL) {
     792             :                 /*
     793             :                  * Make sure the handle is not marked as durable anymore
     794             :                  */
     795      375559 :                 fsp->op->global->durable = false;
     796             :         }
     797             : 
     798             :         /* If this is an old DOS or FCB open and we have multiple opens on
     799             :            the same handle we only have one share mode. Ensure we only remove
     800             :            the share mode on the last close. */
     801             : 
     802      383215 :         if (fh_get_refcount(fsp->fh) == 1) {
     803             :                 /* Should we return on error here... ? */
     804      383102 :                 tmp = close_remove_share_mode(fsp, close_type);
     805      382656 :                 status = ntstatus_keeperror(status, tmp);
     806             :         }
     807             : 
     808      383215 :         locking_close_file(fsp, close_type);
     809             : 
     810             :         /*
     811             :          * Ensure pending modtime is set before closing underlying fd.
     812             :          */
     813             : 
     814      383215 :         tmp = update_write_time_on_close(fsp);
     815      383215 :         if (NT_STATUS_EQUAL(tmp, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
     816             :                 /*
     817             :                  * Someone renamed the file or a parent directory containing
     818             :                  * this file. We can't do anything about this, eat the error.
     819             :                  */
     820           0 :                 tmp = NT_STATUS_OK;
     821             :         }
     822      382768 :         status = ntstatus_keeperror(status, tmp);
     823             : 
     824      383215 :         tmp = fd_close(fsp);
     825      382768 :         status = ntstatus_keeperror(status, tmp);
     826             : 
     827             :         /* check for magic scripts */
     828      383215 :         if (close_type == NORMAL_CLOSE) {
     829      379916 :                 tmp = check_magic(fsp);
     830      379478 :                 status = ntstatus_keeperror(status, tmp);
     831             :         }
     832             : 
     833      383215 :         DEBUG(2,("%s closed file %s (numopen=%d) %s\n",
     834             :                 conn->session_info->unix_info->unix_name, fsp_str_dbg(fsp),
     835             :                 conn->num_files_open - 1,
     836             :                 nt_errstr(status) ));
     837             : 
     838      383215 :         file_free(req, fsp);
     839      383215 :         return status;
     840             : }
     841             : /****************************************************************************
     842             :  Function used by reply_rmdir to delete an entire directory
     843             :  tree recursively. Return True on ok, False on fail.
     844             : ****************************************************************************/
     845             : 
     846           0 : bool recursive_rmdir(TALLOC_CTX *ctx,
     847             :                      connection_struct *conn,
     848             :                      struct smb_filename *smb_dname)
     849             : {
     850           0 :         const char *dname = NULL;
     851           0 :         char *talloced = NULL;
     852           0 :         bool ret = True;
     853           0 :         long offset = 0;
     854             :         SMB_STRUCT_STAT st;
     855             :         struct smb_Dir *dir_hnd;
     856           0 :         struct files_struct *dirfsp = NULL;
     857             :         int retval;
     858             :         NTSTATUS status;
     859             : 
     860           0 :         SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
     861             : 
     862           0 :         dir_hnd = OpenDir(talloc_tos(), conn, smb_dname, NULL, 0);
     863           0 :         if (dir_hnd == NULL)
     864           0 :                 return False;
     865             : 
     866           0 :         dirfsp = dir_hnd_fetch_fsp(dir_hnd);
     867             : 
     868           0 :         while ((dname = ReadDirName(dir_hnd, &offset, &st, &talloced))) {
     869           0 :                 struct smb_filename *atname = NULL;
     870           0 :                 struct smb_filename *smb_dname_full = NULL;
     871           0 :                 char *fullname = NULL;
     872           0 :                 bool do_break = true;
     873           0 :                 int unlink_flags = 0;
     874             : 
     875           0 :                 if (ISDOT(dname) || ISDOTDOT(dname)) {
     876           0 :                         TALLOC_FREE(talloced);
     877           0 :                         continue;
     878             :                 }
     879             : 
     880             :                 /* Construct the full name. */
     881           0 :                 fullname = talloc_asprintf(ctx,
     882             :                                 "%s/%s",
     883             :                                 smb_dname->base_name,
     884             :                                 dname);
     885           0 :                 if (!fullname) {
     886           0 :                         errno = ENOMEM;
     887           0 :                         goto err_break;
     888             :                 }
     889             : 
     890           0 :                 smb_dname_full = synthetic_smb_fname(talloc_tos(),
     891             :                                                 fullname,
     892             :                                                 NULL,
     893             :                                                 NULL,
     894             :                                                 smb_dname->twrp,
     895             :                                                 smb_dname->flags);
     896           0 :                 if (smb_dname_full == NULL) {
     897           0 :                         errno = ENOMEM;
     898           0 :                         goto err_break;
     899             :                 }
     900             : 
     901           0 :                 if (SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
     902           0 :                         goto err_break;
     903             :                 }
     904             : 
     905           0 :                 if (smb_dname_full->st.st_ex_mode & S_IFDIR) {
     906           0 :                         if (!recursive_rmdir(ctx, conn, smb_dname_full)) {
     907           0 :                                 goto err_break;
     908             :                         }
     909           0 :                         unlink_flags = AT_REMOVEDIR;
     910             :                 }
     911             : 
     912           0 :                 status = synthetic_pathref(talloc_tos(),
     913             :                                            dirfsp,
     914             :                                            dname,
     915             :                                            NULL,
     916           0 :                                            &smb_dname_full->st,
     917             :                                            smb_dname_full->twrp,
     918             :                                            smb_dname_full->flags,
     919             :                                            &atname);
     920           0 :                 if (!NT_STATUS_IS_OK(status)) {
     921           0 :                         errno = map_errno_from_nt_status(status);
     922           0 :                         goto err_break;
     923             :                 }
     924             : 
     925           0 :                 if (!is_visible_fsp(atname->fsp)) {
     926           0 :                         TALLOC_FREE(smb_dname_full);
     927           0 :                         TALLOC_FREE(fullname);
     928           0 :                         TALLOC_FREE(talloced);
     929           0 :                         TALLOC_FREE(atname);
     930           0 :                         continue;
     931             :                 }
     932             : 
     933           0 :                 retval = SMB_VFS_UNLINKAT(conn,
     934             :                                           dirfsp,
     935             :                                           atname,
     936             :                                           unlink_flags);
     937           0 :                 if (retval != 0) {
     938           0 :                         goto err_break;
     939             :                 }
     940             : 
     941             :                 /* Successful iteration. */
     942           0 :                 do_break = false;
     943             : 
     944           0 :          err_break:
     945           0 :                 TALLOC_FREE(smb_dname_full);
     946           0 :                 TALLOC_FREE(fullname);
     947           0 :                 TALLOC_FREE(talloced);
     948           0 :                 TALLOC_FREE(atname);
     949           0 :                 if (do_break) {
     950           0 :                         ret = false;
     951           0 :                         break;
     952             :                 }
     953             :         }
     954           0 :         TALLOC_FREE(dir_hnd);
     955           0 :         return ret;
     956             : }
     957             : 
     958             : /****************************************************************************
     959             :  The internals of the rmdir code - called elsewhere.
     960             : ****************************************************************************/
     961             : 
     962       10181 : static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
     963             : {
     964       10181 :         struct connection_struct *conn = fsp->conn;
     965       10181 :         struct smb_filename *smb_dname = fsp->fsp_name;
     966       10181 :         struct smb_filename *parent_fname = NULL;
     967       10181 :         struct smb_filename *at_fname = NULL;
     968       10181 :         const struct loadparm_substitution *lp_sub =
     969             :                 loadparm_s3_global_substitution();
     970             :         SMB_STRUCT_STAT st;
     971       10181 :         const char *dname = NULL;
     972       10181 :         char *talloced = NULL;
     973       10181 :         long dirpos = 0;
     974       10181 :         struct smb_Dir *dir_hnd = NULL;
     975       10181 :         struct files_struct *dirfsp = NULL;
     976       10181 :         int unlink_flags = 0;
     977             :         NTSTATUS status;
     978             :         int ret;
     979             : 
     980       10181 :         SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
     981             : 
     982       10181 :         status = parent_pathref(talloc_tos(),
     983             :                                 conn->cwd_fsp,
     984       10181 :                                 fsp->fsp_name,
     985             :                                 &parent_fname,
     986             :                                 &at_fname);
     987       10181 :         if (!NT_STATUS_IS_OK(status)) {
     988           0 :                 return status;
     989             :         }
     990             : 
     991             :         /*
     992             :          * Todo: use SMB_VFS_STATX() once it's available.
     993             :          */
     994             : 
     995             :         /* Might be a symlink. */
     996       10181 :         ret = SMB_VFS_LSTAT(conn, smb_dname);
     997       10181 :         if (ret != 0) {
     998           0 :                 TALLOC_FREE(parent_fname);
     999           0 :                 return map_nt_error_from_unix(errno);
    1000             :         }
    1001             : 
    1002       10181 :         if (S_ISLNK(smb_dname->st.st_ex_mode)) {
    1003             :                 /* Is what it points to a directory ? */
    1004           0 :                 ret = SMB_VFS_STAT(conn, smb_dname);
    1005           0 :                 if (ret != 0) {
    1006           0 :                         TALLOC_FREE(parent_fname);
    1007           0 :                         return map_nt_error_from_unix(errno);
    1008             :                 }
    1009           0 :                 if (!(S_ISDIR(smb_dname->st.st_ex_mode))) {
    1010           0 :                         TALLOC_FREE(parent_fname);
    1011           0 :                         return NT_STATUS_NOT_A_DIRECTORY;
    1012             :                 }
    1013             :         } else {
    1014       10118 :                 unlink_flags = AT_REMOVEDIR;
    1015             :         }
    1016             : 
    1017       10181 :         ret = SMB_VFS_UNLINKAT(conn,
    1018             :                                parent_fname->fsp,
    1019             :                                at_fname,
    1020             :                                unlink_flags);
    1021       10181 :         if (ret == 0) {
    1022       10181 :                 TALLOC_FREE(parent_fname);
    1023       10181 :                 notify_fname(conn, NOTIFY_ACTION_REMOVED,
    1024             :                              FILE_NOTIFY_CHANGE_DIR_NAME,
    1025       10181 :                              smb_dname->base_name);
    1026       10181 :                 return NT_STATUS_OK;
    1027             :         }
    1028             : 
    1029           0 :         if (!((errno == ENOTEMPTY) || (errno == EEXIST)) ||
    1030           0 :             !*lp_veto_files(talloc_tos(), lp_sub, SNUM(conn)))
    1031             :         {
    1032           0 :                 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
    1033             :                          "%s\n", smb_fname_str_dbg(smb_dname),
    1034             :                          strerror(errno)));
    1035           0 :                 TALLOC_FREE(parent_fname);
    1036           0 :                 return map_nt_error_from_unix(errno);
    1037             :         }
    1038             : 
    1039             :         /*
    1040             :          * Check to see if the only thing in this directory are
    1041             :          * vetoed files/directories. If so then delete them and
    1042             :          * retry. If we fail to delete any of them (and we *don't*
    1043             :          * do a recursive delete) then fail the rmdir.
    1044             :          */
    1045             : 
    1046           0 :         dir_hnd = OpenDir(talloc_tos(), conn, smb_dname, NULL, 0);
    1047           0 :         if (dir_hnd == NULL) {
    1048           0 :                 errno = ENOTEMPTY;
    1049           0 :                 goto err;
    1050             :         }
    1051             : 
    1052           0 :         while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) {
    1053           0 :                 struct smb_filename *smb_dname_full = NULL;
    1054           0 :                 struct smb_filename *direntry_fname = NULL;
    1055           0 :                 char *fullname = NULL;
    1056             : 
    1057           0 :                 if (ISDOT(dname) || ISDOTDOT(dname)) {
    1058           0 :                         TALLOC_FREE(talloced);
    1059           0 :                         continue;
    1060             :                 }
    1061           0 :                 if (IS_VETO_PATH(conn, dname)) {
    1062           0 :                         TALLOC_FREE(talloced);
    1063           0 :                         continue;
    1064             :                 }
    1065             : 
    1066           0 :                 fullname = talloc_asprintf(talloc_tos(),
    1067             :                                            "%s/%s",
    1068             :                                            smb_dname->base_name,
    1069             :                                            dname);
    1070             : 
    1071           0 :                 if (fullname == NULL) {
    1072           0 :                         TALLOC_FREE(talloced);
    1073           0 :                         errno = ENOMEM;
    1074           0 :                         goto err;
    1075             :                 }
    1076             : 
    1077           0 :                 smb_dname_full = synthetic_smb_fname(talloc_tos(),
    1078             :                                                      fullname,
    1079             :                                                      NULL,
    1080             :                                                      NULL,
    1081             :                                                      smb_dname->twrp,
    1082             :                                                      smb_dname->flags);
    1083           0 :                 if (smb_dname_full == NULL) {
    1084           0 :                         TALLOC_FREE(talloced);
    1085           0 :                         TALLOC_FREE(fullname);
    1086           0 :                         errno = ENOMEM;
    1087           0 :                         goto err;
    1088             :                 }
    1089             : 
    1090           0 :                 ret = SMB_VFS_LSTAT(conn, smb_dname_full);
    1091           0 :                 if (ret != 0) {
    1092           0 :                         int saved_errno = errno;
    1093           0 :                         TALLOC_FREE(talloced);
    1094           0 :                         TALLOC_FREE(fullname);
    1095           0 :                         TALLOC_FREE(smb_dname_full);
    1096           0 :                         errno = saved_errno;
    1097           0 :                         goto err;
    1098             :                 }
    1099             : 
    1100             :                 /*
    1101             :                  * is_visible_fsp() always returns true
    1102             :                  * for the symlink/MSDFS case.
    1103             :                  */
    1104           0 :                 if (S_ISLNK(smb_dname_full->st.st_ex_mode)) {
    1105           0 :                         TALLOC_FREE(talloced);
    1106           0 :                         TALLOC_FREE(fullname);
    1107           0 :                         TALLOC_FREE(smb_dname_full);
    1108           0 :                         continue;
    1109             :                 }
    1110             : 
    1111             :                 /* Not a symlink, get a pathref. */
    1112           0 :                 status = synthetic_pathref(talloc_tos(),
    1113             :                                            dirfsp,
    1114             :                                            dname,
    1115             :                                            NULL,
    1116           0 :                                            &smb_dname_full->st,
    1117             :                                            smb_dname->twrp,
    1118             :                                            smb_dname->flags,
    1119             :                                            &direntry_fname);
    1120           0 :                 if (!NT_STATUS_IS_OK(status)) {
    1121           0 :                         TALLOC_FREE(talloced);
    1122           0 :                         TALLOC_FREE(fullname);
    1123           0 :                         TALLOC_FREE(smb_dname_full);
    1124           0 :                         errno = map_errno_from_nt_status(status);
    1125           0 :                         goto err;
    1126             :                 }
    1127             : 
    1128           0 :                 if (!is_visible_fsp(direntry_fname->fsp)) {
    1129           0 :                         TALLOC_FREE(talloced);
    1130           0 :                         TALLOC_FREE(fullname);
    1131           0 :                         TALLOC_FREE(smb_dname_full);
    1132           0 :                         TALLOC_FREE(direntry_fname);
    1133           0 :                         continue;
    1134             :                 }
    1135             : 
    1136           0 :                 TALLOC_FREE(talloced);
    1137           0 :                 TALLOC_FREE(fullname);
    1138           0 :                 TALLOC_FREE(smb_dname_full);
    1139           0 :                 TALLOC_FREE(direntry_fname);
    1140             :         }
    1141             : 
    1142             :         /* We only have veto files/directories.
    1143             :          * Are we allowed to delete them ? */
    1144             : 
    1145           0 :         if (!lp_delete_veto_files(SNUM(conn))) {
    1146           0 :                 errno = ENOTEMPTY;
    1147           0 :                 goto err;
    1148             :         }
    1149             : 
    1150             :         /* Do a recursive delete. */
    1151           0 :         RewindDir(dir_hnd,&dirpos);
    1152           0 :         dirfsp = dir_hnd_fetch_fsp(dir_hnd);
    1153             : 
    1154           0 :         while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) {
    1155           0 :                 struct smb_filename *direntry_fname = NULL;
    1156           0 :                 struct smb_filename *smb_dname_full = NULL;
    1157           0 :                 char *fullname = NULL;
    1158           0 :                 bool do_break = true;
    1159             :                 int retval;
    1160             : 
    1161           0 :                 if (ISDOT(dname) || ISDOTDOT(dname)) {
    1162           0 :                         TALLOC_FREE(talloced);
    1163           0 :                         continue;
    1164             :                 }
    1165             : 
    1166           0 :                 fullname = talloc_asprintf(ctx,
    1167             :                                            "%s/%s",
    1168             :                                            smb_dname->base_name,
    1169             :                                            dname);
    1170             : 
    1171           0 :                 if (fullname == NULL) {
    1172           0 :                         errno = ENOMEM;
    1173           0 :                         goto err_break;
    1174             :                 }
    1175             : 
    1176           0 :                 smb_dname_full = synthetic_smb_fname(talloc_tos(),
    1177             :                                                      fullname,
    1178             :                                                      NULL,
    1179             :                                                      NULL,
    1180             :                                                      smb_dname->twrp,
    1181             :                                                      smb_dname->flags);
    1182           0 :                 if (smb_dname_full == NULL) {
    1183           0 :                         errno = ENOMEM;
    1184           0 :                         goto err_break;
    1185             :                 }
    1186             : 
    1187             :                 /*
    1188             :                  * Todo: use SMB_VFS_STATX() once that's available.
    1189             :                  */
    1190             : 
    1191           0 :                 ret = SMB_VFS_LSTAT(conn, smb_dname_full);
    1192           0 :                 if (ret != 0) {
    1193           0 :                         goto err_break;
    1194             :                 }
    1195             : 
    1196             :                 /*
    1197             :                  * We are only dealing with VETO'ed objects
    1198             :                  * here. If it's a symlink, just delete the
    1199             :                  * link without caring what it is pointing
    1200             :                  * to.
    1201             :                  */
    1202           0 :                 if (S_ISLNK(smb_dname_full->st.st_ex_mode)) {
    1203           0 :                         direntry_fname = synthetic_smb_fname(talloc_tos(),
    1204             :                                                         dname,
    1205             :                                                         NULL,
    1206           0 :                                                         &smb_dname_full->st,
    1207             :                                                         smb_dname->twrp,
    1208             :                                                         smb_dname->flags);
    1209           0 :                         if (direntry_fname == NULL) {
    1210           0 :                                 errno = ENOMEM;
    1211           0 :                                 goto err_break;
    1212             :                         }
    1213             :                 } else {
    1214           0 :                         status = synthetic_pathref(talloc_tos(),
    1215             :                                                    dirfsp,
    1216             :                                                    dname,
    1217             :                                                    NULL,
    1218           0 :                                                    &smb_dname_full->st,
    1219             :                                                    smb_dname->twrp,
    1220             :                                                    smb_dname->flags,
    1221             :                                                    &direntry_fname);
    1222           0 :                         if (!NT_STATUS_IS_OK(status)) {
    1223           0 :                                 errno = map_errno_from_nt_status(status);
    1224           0 :                                 goto err_break;
    1225             :                         }
    1226             : 
    1227           0 :                         if (!is_visible_fsp(direntry_fname->fsp)) {
    1228           0 :                                 TALLOC_FREE(fullname);
    1229           0 :                                 TALLOC_FREE(smb_dname_full);
    1230           0 :                                 TALLOC_FREE(talloced);
    1231           0 :                                 TALLOC_FREE(direntry_fname);
    1232           0 :                                 continue;
    1233             :                         }
    1234             :                 }
    1235             : 
    1236           0 :                 unlink_flags = 0;
    1237             : 
    1238           0 :                 if (smb_dname_full->st.st_ex_mode & S_IFDIR) {
    1239           0 :                         if (!recursive_rmdir(ctx, conn,
    1240             :                                              smb_dname_full))
    1241             :                         {
    1242           0 :                                 goto err_break;
    1243             :                         }
    1244           0 :                         unlink_flags = AT_REMOVEDIR;
    1245             :                 }
    1246             : 
    1247           0 :                 retval = SMB_VFS_UNLINKAT(conn,
    1248             :                                           dirfsp,
    1249             :                                           direntry_fname,
    1250             :                                           unlink_flags);
    1251           0 :                 if (retval != 0) {
    1252           0 :                         goto err_break;
    1253             :                 }
    1254             : 
    1255             :                 /* Successful iteration. */
    1256           0 :                 do_break = false;
    1257             : 
    1258           0 :         err_break:
    1259           0 :                 TALLOC_FREE(fullname);
    1260           0 :                 TALLOC_FREE(smb_dname_full);
    1261           0 :                 TALLOC_FREE(talloced);
    1262           0 :                 TALLOC_FREE(direntry_fname);
    1263           0 :                 if (do_break) {
    1264           0 :                         break;
    1265             :                 }
    1266             :         }
    1267             : 
    1268             :         /* Retry the rmdir */
    1269           0 :         ret = SMB_VFS_UNLINKAT(conn,
    1270             :                                dirfsp,
    1271             :                                at_fname,
    1272             :                                AT_REMOVEDIR);
    1273             : 
    1274             : 
    1275           0 :   err:
    1276             : 
    1277           0 :         TALLOC_FREE(dir_hnd);
    1278           0 :         TALLOC_FREE(parent_fname);
    1279             : 
    1280           0 :         if (ret != 0) {
    1281           0 :                 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
    1282             :                          "%s\n", smb_fname_str_dbg(smb_dname),
    1283             :                          strerror(errno)));
    1284           0 :                 return map_nt_error_from_unix(errno);
    1285             :         }
    1286             : 
    1287           0 :         notify_fname(conn, NOTIFY_ACTION_REMOVED,
    1288             :                      FILE_NOTIFY_CHANGE_DIR_NAME,
    1289           0 :                      smb_dname->base_name);
    1290             : 
    1291           0 :         return NT_STATUS_OK;
    1292             : }
    1293             : 
    1294             : /****************************************************************************
    1295             :  Close a directory opened by an NT SMB call. 
    1296             : ****************************************************************************/
    1297             :   
    1298       49922 : static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
    1299             :                                 enum file_close_type close_type)
    1300             : {
    1301       49922 :         struct share_mode_lock *lck = NULL;
    1302       49922 :         bool delete_dir = False;
    1303       49922 :         NTSTATUS status = NT_STATUS_OK;
    1304       49922 :         NTSTATUS status1 = NT_STATUS_OK;
    1305       49922 :         const struct security_token *del_nt_token = NULL;
    1306       49922 :         const struct security_unix_token *del_token = NULL;
    1307             :         NTSTATUS notify_status;
    1308             : 
    1309       49922 :         SMB_ASSERT(fsp->fsp_flags.is_fsa);
    1310             : 
    1311       49922 :         if (fsp->conn->sconn->using_smb2) {
    1312       28220 :                 notify_status = NT_STATUS_NOTIFY_CLEANUP;
    1313             :         } else {
    1314       21702 :                 notify_status = NT_STATUS_OK;
    1315             :         }
    1316             : 
    1317       49922 :         assert_no_pending_aio(fsp, close_type);
    1318             : 
    1319             :         /*
    1320             :          * NT can set delete_on_close of the last open
    1321             :          * reference to a directory also.
    1322             :          */
    1323             : 
    1324       49922 :         lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
    1325       49922 :         if (lck == NULL) {
    1326           0 :                 DEBUG(0, ("close_directory: Could not get share mode lock for "
    1327             :                           "%s\n", fsp_str_dbg(fsp)));
    1328           0 :                 file_free(req, fsp);
    1329           0 :                 return NT_STATUS_INVALID_PARAMETER;
    1330             :         }
    1331             : 
    1332       49922 :         if (fsp->fsp_flags.initial_delete_on_close) {
    1333             :                 /* Initial delete on close was set - for
    1334             :                  * directories we don't care if anyone else
    1335             :                  * wrote a real delete on close. */
    1336             : 
    1337        1731 :                 send_stat_cache_delete_message(fsp->conn->sconn->msg_ctx,
    1338        1731 :                                                fsp->fsp_name->base_name);
    1339        1731 :                 set_delete_on_close_lck(fsp, lck,
    1340        1731 :                                         fsp->conn->session_info->security_token,
    1341        1731 :                                         fsp->conn->session_info->unix_token);
    1342        1731 :                 fsp->fsp_flags.delete_on_close = true;
    1343             :         }
    1344             : 
    1345       99844 :         delete_dir = get_delete_on_close_token(
    1346       60132 :                 lck, fsp->name_hash, &del_nt_token, &del_token) &&
    1347       10210 :                 !has_other_nonposix_opens(lck, fsp);
    1348             : 
    1349       49922 :         if ((close_type == NORMAL_CLOSE || close_type == SHUTDOWN_CLOSE) &&
    1350             :                                 delete_dir) {
    1351             :         
    1352             :                 /* Become the user who requested the delete. */
    1353             : 
    1354       10181 :                 if (!push_sec_ctx()) {
    1355           0 :                         smb_panic("close_directory: failed to push sec_ctx.\n");
    1356             :                 }
    1357             : 
    1358       40661 :                 set_sec_ctx(del_token->uid,
    1359       10118 :                                 del_token->gid,
    1360       10181 :                                 del_token->ngroups,
    1361       10181 :                                 del_token->groups,
    1362             :                                 del_nt_token);
    1363             : 
    1364       10181 :                 if (!del_share_mode(lck, fsp)) {
    1365           0 :                         DEBUG(0, ("close_directory: Could not delete share entry for "
    1366             :                                   "%s\n", fsp_str_dbg(fsp)));
    1367             :                 }
    1368             : 
    1369       10181 :                 TALLOC_FREE(lck);
    1370             : 
    1371       10181 :                 if ((fsp->conn->fs_capabilities & FILE_NAMED_STREAMS)
    1372        9626 :                     && !is_ntfs_stream_smb_fname(fsp->fsp_name)) {
    1373             : 
    1374        9626 :                         status = delete_all_streams(fsp->conn, fsp->fsp_name);
    1375        9626 :                         if (!NT_STATUS_IS_OK(status)) {
    1376           0 :                                 DEBUG(5, ("delete_all_streams failed: %s\n",
    1377             :                                           nt_errstr(status)));
    1378           0 :                                 file_free(req, fsp);
    1379           0 :                                 return status;
    1380             :                         }
    1381             :                 }
    1382             : 
    1383       10181 :                 status = rmdir_internals(talloc_tos(), fsp);
    1384             : 
    1385       10181 :                 DEBUG(5,("close_directory: %s. Delete on close was set - "
    1386             :                          "deleting directory returned %s.\n",
    1387             :                          fsp_str_dbg(fsp), nt_errstr(status)));
    1388             : 
    1389             :                 /* unbecome user. */
    1390       10181 :                 pop_sec_ctx();
    1391             : 
    1392             :                 /*
    1393             :                  * Ensure we remove any change notify requests that would
    1394             :                  * now fail as the directory has been deleted.
    1395             :                  */
    1396             : 
    1397       20299 :                 if (NT_STATUS_IS_OK(status)) {
    1398       10181 :                         notify_status = NT_STATUS_DELETE_PENDING;
    1399             :                 }
    1400             :         } else {
    1401       39741 :                 if (!del_share_mode(lck, fsp)) {
    1402           0 :                         DEBUG(0, ("close_directory: Could not delete share entry for "
    1403             :                                   "%s\n", fsp_str_dbg(fsp)));
    1404             :                 }
    1405             : 
    1406       39741 :                 TALLOC_FREE(lck);
    1407             :         }
    1408             : 
    1409       49922 :         remove_pending_change_notify_requests_by_fid(fsp, notify_status);
    1410             : 
    1411       49922 :         status1 = fd_close(fsp);
    1412             : 
    1413       49922 :         if (!NT_STATUS_IS_OK(status1)) {
    1414           0 :                 DEBUG(0, ("Could not close dir! fname=%s, fd=%d, err=%d=%s\n",
    1415             :                           fsp_str_dbg(fsp), fsp_get_pathref_fd(fsp), errno,
    1416             :                           strerror(errno)));
    1417             :         }
    1418             : 
    1419             :         /*
    1420             :          * Do the code common to files and directories.
    1421             :          */
    1422       49922 :         file_free(req, fsp);
    1423             : 
    1424       49922 :         if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(status1)) {
    1425           0 :                 status = status1;
    1426             :         }
    1427       49922 :         return status;
    1428             : }
    1429             : 
    1430             : /****************************************************************************
    1431             :  Close a files_struct.
    1432             : ****************************************************************************/
    1433             :   
    1434      563169 : NTSTATUS close_file(struct smb_request *req, files_struct *fsp,
    1435             :                     enum file_close_type close_type)
    1436             : {
    1437             :         NTSTATUS status;
    1438      563169 :         struct files_struct *base_fsp = fsp->base_fsp;
    1439      563169 :         bool close_base_fsp = false;
    1440             : 
    1441             :         /*
    1442             :          * This fsp can never be an internal dirfsp. They must
    1443             :          * be explicitly closed by TALLOC_FREE of the dir handle.
    1444             :          */
    1445      563169 :         SMB_ASSERT(!fsp->fsp_flags.is_dirfsp);
    1446             : 
    1447      563169 :         if (fsp->stream_fsp != NULL) {
    1448             :                 /*
    1449             :                  * fsp is the base for a stream.
    1450             :                  *
    1451             :                  * We're called with SHUTDOWN_CLOSE from files.c which walks the
    1452             :                  * complete list of files.
    1453             :                  *
    1454             :                  * We need to wait until the stream is closed.
    1455             :                  */
    1456           0 :                 SMB_ASSERT(close_type == SHUTDOWN_CLOSE);
    1457           0 :                 return NT_STATUS_OK;
    1458             :         }
    1459             : 
    1460      563169 :         if (base_fsp != NULL) {
    1461             :                 /*
    1462             :                  * We need to remove the link in order to
    1463             :                  * recurse for the base fsp below.
    1464             :                  */
    1465        7001 :                 SMB_ASSERT(base_fsp->base_fsp == NULL);
    1466        7001 :                 SMB_ASSERT(base_fsp->stream_fsp == fsp);
    1467        7001 :                 base_fsp->stream_fsp = NULL;
    1468             : 
    1469        7001 :                 if (close_type == SHUTDOWN_CLOSE) {
    1470             :                         /*
    1471             :                          * We're called with SHUTDOWN_CLOSE from files.c
    1472             :                          * which walks the complete list of files.
    1473             :                          *
    1474             :                          * We may need to defer the SHUTDOWN_CLOSE
    1475             :                          * if it's the next in the linked list.
    1476             :                          *
    1477             :                          * So we only close if the base is *not* the
    1478             :                          * next in the list.
    1479             :                          */
    1480          72 :                         close_base_fsp = (fsp->next != base_fsp);
    1481             :                 } else {
    1482        6926 :                         close_base_fsp = true;
    1483             :                 }
    1484             :         }
    1485             : 
    1486      563169 :         if (fsp->fake_file_handle != NULL) {
    1487       16439 :                 status = close_fake_file(req, fsp);
    1488      546730 :         } else if (fsp->print_file != NULL) {
    1489             :                 /* FIXME: return spool errors */
    1490          28 :                 print_spool_end(fsp, close_type);
    1491          28 :                 file_free(req, fsp);
    1492          28 :                 status = NT_STATUS_OK;
    1493      546702 :         } else if (!fsp->fsp_flags.is_fsa) {
    1494      113409 :                 if (close_type == NORMAL_CLOSE) {
    1495           0 :                         DBG_ERR("unexpected NORMAL_CLOSE for [%s] "
    1496             :                                 "is_fsa[%u] is_pathref[%u] is_directory[%u]\n",
    1497             :                                 fsp_str_dbg(fsp),
    1498             :                                 fsp->fsp_flags.is_fsa,
    1499             :                                 fsp->fsp_flags.is_pathref,
    1500             :                                 fsp->fsp_flags.is_directory);
    1501             :                 }
    1502      113409 :                 SMB_ASSERT(close_type != NORMAL_CLOSE);
    1503      113409 :                 fd_close(fsp);
    1504      113409 :                 file_free(req, fsp);
    1505      113409 :                 status = NT_STATUS_OK;
    1506      433293 :         } else if (fsp->fsp_flags.is_directory) {
    1507       49922 :                 status = close_directory(req, fsp, close_type);
    1508             :         } else {
    1509      383371 :                 status = close_normal_file(req, fsp, close_type);
    1510             :         }
    1511             : 
    1512      563169 :         if (close_base_fsp) {
    1513             : 
    1514             :                 /*
    1515             :                  * fsp was a stream, the base fsp can't be a stream as well
    1516             :                  *
    1517             :                  * For SHUTDOWN_CLOSE this is not possible here
    1518             :                  * (if the base_fsp was the next in the linked list), because
    1519             :                  * SHUTDOWN_CLOSE only happens from files.c which walks the
    1520             :                  * complete list of files. If we mess with more than one fsp
    1521             :                  * those loops will become confused.
    1522             :                  */
    1523             : 
    1524        6973 :                 close_file(req, base_fsp, close_type);
    1525             :         }
    1526             : 
    1527      563169 :         return status;
    1528             : }
    1529             : 
    1530             : /****************************************************************************
    1531             :  Deal with an (authorized) message to close a file given the share mode
    1532             :  entry.
    1533             : ****************************************************************************/
    1534             : 
    1535           0 : void msg_close_file(struct messaging_context *msg_ctx,
    1536             :                         void *private_data,
    1537             :                         uint32_t msg_type,
    1538             :                         struct server_id server_id,
    1539             :                         DATA_BLOB *data)
    1540             : {
    1541           0 :         files_struct *fsp = NULL;
    1542             :         struct file_id id;
    1543             :         struct share_mode_entry e;
    1544           0 :         struct smbd_server_connection *sconn =
    1545             :                 talloc_get_type_abort(private_data,
    1546             :                 struct smbd_server_connection);
    1547             : 
    1548           0 :         message_to_share_mode_entry(&id, &e, (char *)data->data);
    1549             : 
    1550           0 :         if(DEBUGLVL(10)) {
    1551           0 :                 char *sm_str = share_mode_str(NULL, 0, &id, &e);
    1552           0 :                 if (!sm_str) {
    1553           0 :                         smb_panic("talloc failed");
    1554             :                 }
    1555           0 :                 DEBUG(10,("msg_close_file: got request to close share mode "
    1556             :                         "entry %s\n", sm_str));
    1557           0 :                 TALLOC_FREE(sm_str);
    1558             :         }
    1559             : 
    1560           0 :         fsp = file_find_dif(sconn, id, e.share_file_id);
    1561           0 :         if (!fsp) {
    1562           0 :                 DEBUG(10,("msg_close_file: failed to find file.\n"));
    1563           0 :                 return;
    1564             :         }
    1565           0 :         close_file(NULL, fsp, NORMAL_CLOSE);
    1566             : }

Generated by: LCOV version 1.13