summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-11-03 01:50:49 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:05:22 -0500
commitd685e56a772973d74a53421aa118ecc49d74fab0 (patch)
treeaf2bd06b54b213c51844016cee3df8ab553ba455
parent1f8bb2f925ce37149ab893d489c176b09d29e458 (diff)
downloadsamba-d685e56a772973d74a53421aa118ecc49d74fab0.tar.gz
samba-d685e56a772973d74a53421aa118ecc49d74fab0.tar.bz2
samba-d685e56a772973d74a53421aa118ecc49d74fab0.zip
r3500: cleaned up the AS_USER/AS_GUEST stuff in the core smb packet processing
(This used to be commit 8fa456afc9be113f292a1952119b533e4dc04fc1)
-rw-r--r--source4/smb_server/smb_server.c132
-rw-r--r--source4/smbd/rewrite.c9
2 files changed, 36 insertions, 105 deletions
diff --git a/source4/smb_server/smb_server.c b/source4/smb_server/smb_server.c
index 39dc73096c..e1eb4e3179 100644
--- a/source4/smb_server/smb_server.c
+++ b/source4/smb_server/smb_server.c
@@ -170,18 +170,10 @@ static NTSTATUS receive_smb_request(struct smbsrv_connection *smb_conn)
}
/*
-These flags determine some of the permissions required to do an operation
-
-Note that I don't set NEED_WRITE on some write operations because they
-are used by some brain-dead clients when printing, and I don't want to
-force write permissions on print services.
+ These flags determine some of the permissions required to do an operation
*/
#define AS_USER (1<<0)
-#define NEED_WRITE (1<<1)
-#define TIME_INIT (1<<2)
-#define CAN_IPC (1<<3)
-#define AS_GUEST (1<<5)
-#define USE_MUTEX (1<<7)
+#define USE_MUTEX (1<<1)
/*
define a list of possible SMB messages and their corresponding
@@ -195,18 +187,18 @@ static const struct smb_message_struct
int flags;
}
smb_messages[256] = {
-/* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
-/* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
-/* 0x02 */ { "SMBopen",reply_open,AS_USER },
+/* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER},
+/* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER},
+/* 0x02 */ { "SMBopen",reply_open,AS_USER},
/* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
-/* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
+/* 0x04 */ { "SMBclose",reply_close,AS_USER},
/* 0x05 */ { "SMBflush",reply_flush,AS_USER},
-/* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
-/* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
+/* 0x06 */ { "SMBunlink",reply_unlink,AS_USER},
+/* 0x07 */ { "SMBmv",reply_mv,AS_USER},
/* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
-/* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
+/* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER},
/* 0x0a */ { "SMBread",reply_read,AS_USER},
-/* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
+/* 0x0b */ { "SMBwrite",reply_write,AS_USER},
/* 0x0c */ { "SMBlock",reply_lock,AS_USER},
/* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
/* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
@@ -229,23 +221,23 @@ static const struct smb_message_struct
/* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
/* 0x20 */ { "SMBwritec",NULL,0},
/* 0x21 */ { NULL, NULL, 0 },
-/* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
-/* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
-/* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
-/* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
-/* 0x26 */ { "SMBtranss",NULL,AS_USER | CAN_IPC},
+/* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER},
+/* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER},
+/* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER},
+/* 0x25 */ { "SMBtrans",reply_trans,AS_USER},
+/* 0x26 */ { "SMBtranss",NULL,AS_USER},
/* 0x27 */ { "SMBioctl",reply_ioctl,0},
/* 0x28 */ { "SMBioctls",NULL,AS_USER},
-/* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
-/* 0x2a */ { "SMBmove",NULL,AS_USER | NEED_WRITE },
+/* 0x29 */ { "SMBcopy",reply_copy,AS_USER},
+/* 0x2a */ { "SMBmove",NULL,AS_USER},
/* 0x2b */ { "SMBecho",reply_echo,0},
/* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
-/* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
-/* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
-/* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
+/* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER},
+/* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER},
+/* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER},
/* 0x30 */ { NULL, NULL, 0 },
/* 0x31 */ { NULL, NULL, 0 },
-/* 0x32 */ { "SMBtrans2", reply_trans2, AS_USER | CAN_IPC },
+/* 0x32 */ { "SMBtrans2", reply_trans2, AS_USER},
/* 0x33 */ { "SMBtranss2", reply_transs2, AS_USER},
/* 0x34 */ { "SMBfindclose", reply_findclose,AS_USER},
/* 0x35 */ { "SMBfindnclose", reply_findnclose, AS_USER},
@@ -355,9 +347,9 @@ static const struct smb_message_struct
/* 0x9d */ { NULL, NULL, 0 },
/* 0x9e */ { NULL, NULL, 0 },
/* 0x9f */ { NULL, NULL, 0 },
-/* 0xa0 */ { "SMBnttrans", reply_nttrans, AS_USER | CAN_IPC },
-/* 0xa1 */ { "SMBnttranss", reply_nttranss, AS_USER | CAN_IPC },
-/* 0xa2 */ { "SMBntcreateX", reply_ntcreate_and_X, AS_USER | CAN_IPC },
+/* 0xa0 */ { "SMBnttrans", reply_nttrans, AS_USER},
+/* 0xa1 */ { "SMBnttranss", reply_nttranss, AS_USER},
+/* 0xa2 */ { "SMBntcreateX", reply_ntcreate_and_X, AS_USER},
/* 0xa3 */ { NULL, NULL, 0 },
/* 0xa4 */ { "SMBntcancel", reply_ntcancel, 0 },
/* 0xa5 */ { "SMBntrename", reply_ntrename, 0 },
@@ -403,14 +395,14 @@ static const struct smb_message_struct
/* 0xcd */ { NULL, NULL, 0 },
/* 0xce */ { NULL, NULL, 0 },
/* 0xcf */ { NULL, NULL, 0 },
-/* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
-/* 0xd1 */ { "SMBsendb",NULL,AS_GUEST},
-/* 0xd2 */ { "SMBfwdname",NULL,AS_GUEST},
-/* 0xd3 */ { "SMBcancelf",NULL,AS_GUEST},
-/* 0xd4 */ { "SMBgetmac",NULL,AS_GUEST},
-/* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
-/* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
-/* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
+/* 0xd0 */ { "SMBsends",reply_sends,0},
+/* 0xd1 */ { "SMBsendb",NULL,0},
+/* 0xd2 */ { "SMBfwdname",NULL,0},
+/* 0xd3 */ { "SMBcancelf",NULL,0},
+/* 0xd4 */ { "SMBgetmac",NULL,0},
+/* 0xd5 */ { "SMBsendstrt",reply_sendstrt,0},
+/* 0xd6 */ { "SMBsendend",reply_sendend,0},
+/* 0xd7 */ { "SMBsendtxt",reply_sendtxt,0},
/* 0xd8 */ { NULL, NULL, 0 },
/* 0xd9 */ { NULL, NULL, 0 },
/* 0xda */ { NULL, NULL, 0 },
@@ -516,11 +508,6 @@ static void switch_message(int type, struct smbsrv_request *req)
DEBUG(3,("switch message %s (task_id %d)\n",smb_fn_name(type), smb_conn->connection->service->model_ops->get_id(req)));
- /* does this protocol need to be run as root? */
- if (!(flags & AS_USER)) {
- change_to_root_user();
- }
-
/* does this protocol need a valid tree connection? */
if ((flags & AS_USER) && !req->tcon) {
req_reply_error(req, NT_STATUS_INVALID_HANDLE);
@@ -529,59 +516,12 @@ static void switch_message(int type, struct smbsrv_request *req)
/* see if the vuid is valid */
if ((flags & AS_USER) && !req->session) {
- if (!(flags & AS_GUEST)) {
- req_reply_error(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
- return;
- }
- }
-
- /* does this protocol need to be run as the connected user? */
-#if HACK_REWRITE
- if ((flags & AS_USER) && !change_to_user(req->tcon,session_tag)) {
- if (!(flags & AS_GUEST)) {
- req_reply_error(req, NT_STATUS_ACCESS_DENIED);
- return;
- }
-
- /* we'll run it as guest */
- flags &= ~AS_USER;
- }
-#endif
-
- /* this code is to work around a bug is MS client 3 without
- introducing a security hole - it needs to be able to do
- print queue checks as guest if it isn't logged in properly */
- if (flags & AS_USER) {
- flags &= ~AS_GUEST;
- }
-
- /* does it need write permission? */
- if ((flags & NEED_WRITE) && !CAN_WRITE(req->tcon)) {
- req_reply_error(req, NT_STATUS_ACCESS_DENIED);
- return;
- }
-
- /* ipc services are limited */
- if (req->tcon && req->tcon->ntvfs_ctx->type == NTVFS_IPC && (flags & AS_USER) && !(flags & CAN_IPC)) {
- req_reply_error(req, NT_STATUS_ACCESS_DENIED);
- return;
- }
-
- /* load service specific parameters */
- if (req->tcon && !set_current_service(req->tcon,(flags & AS_USER)?True:False)) {
- req_reply_error(req, NT_STATUS_ACCESS_DENIED);
+ req_reply_error(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
return;
}
-
- /* does this protocol need to be run as guest? */
-#if HACK_REWRITE
- if ((flags & AS_GUEST) &&
- !change_to_guest()) {
- req_reply_error(req, NT_STATUS_ACCESS_DENIED);
- return;
- }
-#endif
- /* THREAD TESTING: use mutex to serialize calls to critical functions with global state */
+
+ /* THREAD TESTING: use mutex to serialize calls to critical
+ functions with global state */
if (flags & USE_MUTEX) {
MUTEX_LOCK_BY_ID(MUTEX_SMBD);
}
diff --git a/source4/smbd/rewrite.c b/source4/smbd/rewrite.c
index 44db95cdad..0e9260535c 100644
--- a/source4/smbd/rewrite.c
+++ b/source4/smbd/rewrite.c
@@ -7,12 +7,6 @@
This file will need to go away before the rewrite is complete
*/
-BOOL set_current_service(void *conn, BOOL x)
-{ return True; }
-
-void change_to_root_user(void)
-{}
-
BOOL pcap_printername_ok(const char *service, const char *foo)
{ return True; }
@@ -101,9 +95,6 @@ BOOL reload_services(struct smbsrv_connection *smb, BOOL test)
load_interfaces();
- /* this forces service parameters to be flushed */
- set_current_service(NULL,True);
-
return(ret);
}