Ok here it is my latest work on privileges

This patch add privilege support for samba
Currently it is implemented only for tdbsam backend but estending it to
other sam backends is straightforward.

I must make a big thank to JFM for his teachings on the matter and the
functions at the base of this work.

At thye moment only samr_create_user honours SeAddUsersPrivilege and
SeMachineAccountPrivilege to permit any user to add machines and/or users to
the server.

The command "net priv" has been provided to manipulate the privileges
database.

There are still many things to do (like support in "net rpc vampire") but
the working core is here.

Feel free to comment/extend on this work.

Of course I will deny that any bug may affect this code :-)
Simo.


This patch adds also my patch about add share command enhancements.
(This used to be commit 7a78c3605e203bd8e0d7ae244605f076a5d0b0bc)

1 files changed, 52 insertions, 18 deletions

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 40d3a43bef..7487e106bc 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1405,10 +1405,7 @@ WERROR _srv_net_share_get_info(pipes_struct *p, SRV_Q_NET_SHARE_GET_INFO *q_u, S
 
 static char *valid_share_pathname(char *dos_pathname)
 {
-	pstring saved_pathname;
-	pstring unix_pathname;
 	char *ptr;
-	int ret;
 
 	/* Convert any '\' paths to '/' */
 	unix_format(dos_pathname);
@@ -1423,21 +1420,29 @@ static char *valid_share_pathname(char *dos_pathname)
 	if (*ptr != '/')
 		return NULL;
 
+	return ptr;
+}
+
+static BOOL exist_share_pathname(char *unix_pathname)
+{
+	pstring saved_pathname;
+	int ret;
+
 	/* Can we cd to it ? */
 
 	/* First save our current directory. */
 	if (getcwd(saved_pathname, sizeof(saved_pathname)) == NULL)
 		return False;
 
-	pstrcpy(unix_pathname, ptr);
-	
 	ret = chdir(unix_pathname);
 
 	/* We *MUST* be able to chdir back. Abort if we can't. */
 	if (chdir(saved_pathname) == -1)
 		smb_panic("valid_share_pathname: Unable to restore current directory.\n");
 
-	return (ret != -1) ? ptr : NULL;
+	if (ret == -1) return False;
+
+	return True;
 }
 
 /*******************************************************************
@@ -1454,7 +1459,7 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
 	int type;
 	int snum;
 	int ret;
-	char *ptr;
+	char *path;
 	SEC_DESC *psd = NULL;
 
 	DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__));
@@ -1549,12 +1554,12 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
 		return WERR_ACCESS_DENIED;
 		
 	/* Check if the pathname is valid. */
-	if (!(ptr = valid_share_pathname( pathname )))
+	if (!(path = valid_share_pathname( pathname )))
 		return WERR_OBJECT_PATH_INVALID;
 
 	/* Ensure share name, pathname and comment don't contain '"' characters. */
 	string_replace(share_name, '"', ' ');
-	string_replace(ptr, '"', ' ');
+	string_replace(path, '"', ' ');
 	string_replace(comment, '"', ' ');
 
 	DEBUG(10,("_srv_net_share_set_info: change share command = %s\n",
@@ -1562,12 +1567,12 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
 
 	/* Only call modify function if something changed. */
 
-	if (strcmp(ptr, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) {
+	if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) {
 		if (!lp_change_share_cmd() || !*lp_change_share_cmd())
 			return WERR_ACCESS_DENIED;
 
 		slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
-				lp_change_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment);
+				lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment);
 
 		DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command ));
 		if ((ret = smbrun(command, NULL)) != 0) {
@@ -1575,6 +1580,12 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
 			return WERR_ACCESS_DENIED;
 		}
 
+		/* Check if the new share pathname exist, if not return an error */
+		if (!exist_share_pathname(path)) {
+			DEBUG(1, ("_srv_net_share_set_info: change share command was ok but path (%s) has not been created!\n", path));
+			return WERR_OBJECT_PATH_INVALID;
+		}
+
 		/* Tell everyone we updated smb.conf. */
 		message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
 
@@ -1615,7 +1626,7 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S
 	int type;
 	int snum;
 	int ret;
-	char *ptr;
+	char *path;
 	SEC_DESC *psd = NULL;
 
 	DEBUG(5,("_srv_net_share_add: %d\n", __LINE__));
@@ -1689,16 +1700,16 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S
 		return WERR_ACCESS_DENIED;
 		
 	/* Check if the pathname is valid. */
-	if (!(ptr = valid_share_pathname( pathname )))
+	if (!(path = valid_share_pathname( pathname )))
 		return WERR_OBJECT_PATH_INVALID;
 
 	/* Ensure share name, pathname and comment don't contain '"' characters. */
 	string_replace(share_name, '"', ' ');
-	string_replace(ptr, '"', ' ');
+	string_replace(path, '"', ' ');
 	string_replace(comment, '"', ' ');
 
 	slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
-			lp_add_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment);
+			lp_add_share_cmd(), dyn_CONFIGFILE, share_name, path, comment);
 
 	DEBUG(10,("_srv_net_share_add: Running [%s]\n", command ));
 	if ((ret = smbrun(command, NULL)) != 0) {
@@ -1706,10 +1717,33 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S
 		return WERR_ACCESS_DENIED;
 	}
 
+	/* Check if the new share pathname exist, if not try to delete the
+	 * share and return an error */
+	if (!exist_share_pathname(path)) {
+		DEBUG(1, ("_srv_net_share_add: add share command was ok but path (%s) has not been created!\n", path));
+		DEBUG(1, ("_srv_net_share_add: trying to rollback and delete the share\n"));
+
+		if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) {
+			DEBUG(1, ("_srv_net_share_add: Error! delete share command is not defined! Please check share (%s) in the config file\n", share_name));
+			return WERR_OBJECT_PATH_INVALID;
+		}
+
+		slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"",
+				lp_delete_share_cmd(), dyn_CONFIGFILE, share_name);
+
+		DEBUG(10,("_srv_net_share_add: Running [%s]\n", command ));
+		if ((ret = smbrun(command, NULL)) != 0) {
+			DEBUG(0,("_srv_net_share_add: Running [%s] returned (%d)\n", command, ret ));
+			DEBUG(1, ("_srv_net_share_add: Error! delete share command failed! Please check share (%s) in the config file\n", share_name));
+		}
+
+		return WERR_OBJECT_PATH_INVALID;
+	}
+
 	if (psd) {
-		if (!set_share_security(p->mem_ctx, share_name, psd))
-			DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n",
-				share_name ));
+		if (!set_share_security(p->mem_ctx, share_name, psd)) {
+			DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n", share_name ));
+		}
 	}
 
 	/* Tell everyone we updated smb.conf. */