Fixes for the %U and %G problems people have reported.

Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.

These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.

Jeremy.
(This used to be commit b5187ad6a3b3af9fbbeee8bced0ab16b41e9825b)

6 files changed, 30 insertions, 18 deletions

diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 3bdff29621..13a8d1347f 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -85,7 +85,7 @@ static int CopyExpanded(int cnum, int snum, char** dst, char* src, int* n)
 
   StrnCpy(buf,src,sizeof(buf)/2);
   string_sub(buf,"%S",lp_servicename(snum));
-  standard_sub(cnum,buf);
+  standard_sub(cnum,buf,UID_FIELD_INVALID);
   StrnCpy(*dst,buf,*n);
   l = strlen(*dst) + 1;
   (*dst) += l;
@@ -110,7 +110,7 @@ static int StrlenExpanded(int cnum, int snum, char* s)
   if (!s) return(0);
   StrnCpy(buf,s,sizeof(buf)/2);
   string_sub(buf,"%S",lp_servicename(snum));
-  standard_sub(cnum,buf);
+  standard_sub(cnum,buf,UID_FIELD_INVALID);
   return strlen(buf) + 1;
 }
 
@@ -120,7 +120,7 @@ static char* Expand(int cnum, int snum, char* s)
   if (!s) return(NULL);
   StrnCpy(buf,s,sizeof(buf)/2);
   string_sub(buf,"%S",lp_servicename(snum));
-  standard_sub(cnum,buf);
+  standard_sub(cnum,buf,UID_FIELD_INVALID);
   return &buf[0];
 }
 
@@ -2058,7 +2058,7 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data,
 	SIVAL(p,6,0);
       } else {
 	SIVAL(p,6,PTR_DIFF(p2,*rdata));
-	standard_sub(cnum,comment);
+	standard_sub(cnum,comment,vuid);
 	StrnCpy(p2,comment,MAX(mdrcnt - struct_len,0));
 	p2 = skip_string(p2,1);
       }
@@ -2584,7 +2584,7 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data,
 /* JHT - By calling lp_logon_script() and standard_sub() we have */
 /* made sure all macros are fully substituted and available */
     logon_script = lp_logon_script();
-    standard_sub( cnum, logon_script );
+    standard_sub( cnum, logon_script, vuid );
     PACKS(&desc,"z", logon_script);		/* script path */
 /* End of JHT mods */
 
diff --git a/source3/smbd/message.c b/source3/smbd/message.c
index 24477f31ff..9fb506edd0 100644
--- a/source3/smbd/message.c
+++ b/source3/smbd/message.c
@@ -78,7 +78,7 @@ static void msg_deliver(void)
       string_sub(s,"%s",name);
       string_sub(s,"%f",msgfrom);
       string_sub(s,"%t",msgto);
-      standard_sub(-1,s);
+      standard_sub(-1,s,UID_FIELD_INVALID);
       smbrun(s,NULL,False);
     }
 
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 5127539466..53ed8c85f1 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -251,7 +251,7 @@ register a uid/name pair as being valid and that a valid password
 has been given. vuid is biased by an offset. This allows us to
 tell random client vuid's (normally zero) from valid vuids.
 ****************************************************************************/
-uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
+uint16 register_vuid(int uid,int gid, char *unix_name, char *requested_name, BOOL guest)
 {
   user_struct *vuser;
   struct passwd *pwfile; /* for getting real name from passwd file */
@@ -298,7 +298,8 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
   vuser->uid = uid;
   vuser->gid = gid;
   vuser->guest = guest;
-  strcpy(vuser->name,name);
+  fstrcpy(vuser->name,unix_name);
+  fstrcpy(vuser->requested_name,requested_name);
 
   vuser->n_sids = 0;
   vuser->sids   = NULL;
@@ -310,13 +311,13 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
 
   /* Find all the groups this uid is in and store them. 
      Used by become_user() */
-  setup_groups(name,uid,gid,
+  setup_groups(unix_name,uid,gid,
 	       &vuser->n_groups,
 	       &vuser->igroups,
 	       &vuser->groups,
 	       &vuser->attrs);
 
-  DEBUG(3,("uid %d registered to name %s\n",uid,name));
+  DEBUG(3,("uid %d registered to name %s\n",uid,unix_name));
 
   DEBUG(3, ("Clearing default real name\n"));
   fstrcpy(vuser->real_name, "<Full Name>\0");
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 3a0d4a9bee..50b977d49f 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -689,7 +689,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 
   /* register the name and uid as being validated, so further connections
      to a uid can get through without a password, on the same VC */
-  sess_vuid = register_vuid(uid,gid,user,guest);
+  sess_vuid = register_vuid(uid,gid,user,sesssetup_user,guest);
  
   SSVAL(outbuf,smb_uid,sess_vuid);
   SSVAL(inbuf,smb_uid,sess_vuid);
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index b6d2b82705..29ee8c9fc5 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -3537,7 +3537,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
   {
     pstring s;
     pstrcpy(s,lp_pathname(snum));
-    standard_sub(cnum,s);
+    standard_sub(cnum,s,vuid);
     string_set(&pcon->connectpath,s);
     DEBUG(3,("Connect path is %s\n",s));
   }
@@ -3574,7 +3574,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
     {
       pstring cmd;
       pstrcpy(cmd,lp_rootpreexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
+      standard_sub(cnum,cmd,vuid);
       DEBUG(5,("cmd=%s\n",cmd));
       smbrun(cmd,NULL,False);
     }
@@ -3628,7 +3628,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
     {
       pstring cmd;
       pstrcpy(cmd,lp_preexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
+      standard_sub(cnum,cmd,vuid);
       smbrun(cmd,NULL,False);
     }
   
@@ -4222,7 +4222,7 @@ void close_cnum(int cnum, uint16 vuid)
     {
       pstring cmd;
       strcpy(cmd,lp_postexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
+      standard_sub(cnum,cmd,vuid);
       smbrun(cmd,NULL,False);
       unbecome_user();
     }
@@ -4233,7 +4233,7 @@ void close_cnum(int cnum, uint16 vuid)
     {
       pstring cmd;
       strcpy(cmd,lp_rootpostexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
+      standard_sub(cnum,cmd,vuid);
       smbrun(cmd,NULL,False);
     }
 
@@ -4338,8 +4338,10 @@ void exit_server(char *reason)
 /****************************************************************************
 do some standard substitutions in a string
 ****************************************************************************/
-void standard_sub(int cnum,char *str)
+void standard_sub(int cnum,char *str,uint16 vuid)
 {
+  user_struct *vuser = get_valid_user_struct(vuid);
+
   if (VALID_CNUM(cnum)) {
     char *p, *s, *home;
 
@@ -4368,6 +4370,9 @@ void standard_sub(int cnum,char *str)
       }
     }
   }
+  if(vuser != NULL)
+    pstrcpy( sesssetup_user, vuser->requested_name);
+
   standard_sub_basic(str);
 }
 
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 14b0000f59..c01fa1b052 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -28,6 +28,7 @@ static int initial_gid;
 
 /* what user is current? */
 struct current_user current_user;
+extern pstring sesssetup_user;
 
 pstring OriginalDir;
 
@@ -276,7 +277,12 @@ BOOL become_user(connection_struct *conn, int cnum, uint16 vuid)
 
   current_user.cnum = cnum;
   current_user.vuid = vuid;
-  
+
+  /* Ensure sesssetup_user is set correctly if we are using
+     user security. */
+  if(vuser != NULL)
+    pstrcpy( sesssetup_user, vuser->requested_name);
+
   DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d)\n",
 	   getuid(),geteuid(),getgid(),getegid()));