diff options
author | Jeremy Allison <jra@samba.org> | 2010-03-26 17:09:58 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2010-03-26 17:09:58 -0700 |
commit | fac8ca52ade6e490eea3cf3d0fc98287da321c13 (patch) | |
tree | 879b1e4611f59a26a524162893d7a14604dbd2c4 /source3 | |
parent | 203a661e01e1a138871aacb1cc329a3e3e79295a (diff) | |
download | samba-fac8ca52ade6e490eea3cf3d0fc98287da321c13.tar.gz samba-fac8ca52ade6e490eea3cf3d0fc98287da321c13.tar.bz2 samba-fac8ca52ade6e490eea3cf3d0fc98287da321c13.zip |
Fix bug #7240 - Net usershare is not case sensitive.
Updates usershare files in a backwards compatible way.
I don't intend to back port this fix to 3.5.x as it
depends on a version upgrade in the share_info.tdb share security database.
Jeremy.
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/proto.h | 1 | ||||
-rw-r--r-- | source3/include/smb.h | 4 | ||||
-rw-r--r-- | source3/param/loadparm.c | 118 | ||||
-rw-r--r-- | source3/utils/net_usershare.c | 23 |
4 files changed, 90 insertions, 56 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index ecb29618ae..7cc211b05a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4318,6 +4318,7 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx, int numlines, char **pp_sharepath, char **pp_comment, + char **pp_cp_share_name, SEC_DESC **ppsd, bool *pallow_guest); int load_usershare_service(const char *servicename); diff --git a/source3/include/smb.h b/source3/include/smb.h index 52b9843156..751f3a46a4 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1921,7 +1921,9 @@ enum usershare_err { USERSHARE_PATH_IS_DENIED, USERSHARE_PATH_NOT_ALLOWED, USERSHARE_PATH_NOT_DIRECTORY, - USERSHARE_POSIX_ERR + USERSHARE_POSIX_ERR, + USERSHARE_MALFORMED_SHARENAME_DEF, + USERSHARE_BAD_SHARENAME }; /* Different reasons for closing a file. */ diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 9e9930f7d4..c7497c4d04 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -8514,6 +8514,7 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx, int numlines, char **pp_sharepath, char **pp_comment, + char **pp_cp_servicename, SEC_DESC **ppsd, bool *pallow_guest) { @@ -8581,6 +8582,27 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx, if (lines[4][9] == 'y') { *pallow_guest = True; } + + /* Backwards compatible extension to file version #2. */ + if (numlines > 5) { + if (strncmp(lines[5], "sharename=", 10) != 0) { + return USERSHARE_MALFORMED_SHARENAME_DEF; + } + if (!strequal(&lines[5][10], servicename)) { + return USERSHARE_BAD_SHARENAME; + } + *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]); + if (!*pp_cp_servicename) { + return USERSHARE_POSIX_ERR; + } + } + } + + if (*pp_cp_servicename == NULL) { + *pp_cp_servicename = talloc_strdup(ctx, servicename); + if (!*pp_cp_servicename) { + return USERSHARE_POSIX_ERR; + } } if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->szPath) == 0)) { @@ -8692,26 +8714,34 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i char *fname = NULL; char *sharepath = NULL; char *comment = NULL; - fstring service_name; + char *cp_service_name = NULL; char **lines = NULL; int numlines = 0; int fd = -1; int iService = -1; - TALLOC_CTX *ctx = NULL; + TALLOC_CTX *ctx = talloc_stackframe(); SEC_DESC *psd = NULL; bool guest_ok = False; + char *canon_name = NULL; + bool added_service = false; + int ret = -1; /* Ensure share name doesn't contain invalid characters. */ if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) { DEBUG(0,("process_usershare_file: share name %s contains " "invalid characters (any of %s)\n", file_name, INVALID_SHARENAME_CHARS )); - return -1; + goto out; } - fstrcpy(service_name, file_name); + canon_name = canonicalize_servicename(ctx, file_name); + if (!canon_name) { + goto out; + } - if (asprintf(&fname, "%s/%s", dir_name, file_name) < 0) { + fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name); + if (!fname) { + goto out; } /* Minimize the race condition by doing an lstat before we @@ -8720,19 +8750,16 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i if (sys_lstat(fname, &lsbuf, false) != 0) { DEBUG(0,("process_usershare_file: stat of %s failed. %s\n", fname, strerror(errno) )); - SAFE_FREE(fname); - return -1; + goto out; } /* This must be a regular file, not a symlink, directory or other strange filetype. */ if (!check_usershare_stat(fname, &lsbuf)) { - SAFE_FREE(fname); - return -1; + goto out; } { - char *canon_name = canonicalize_servicename(talloc_tos(), service_name); TDB_DATA data = dbwrap_fetch_bystring( ServiceHash, canon_name, canon_name); @@ -8741,7 +8768,6 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i if ((data.dptr != NULL) && (data.dsize == sizeof(iService))) { iService = *(int *)data.dptr; } - TALLOC_FREE(canon_name); } if (iService != -1 && @@ -8749,10 +8775,10 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i &lsbuf.st_ex_mtime) == 0) { /* Nothing changed - Mark valid and return. */ DEBUG(10,("process_usershare_file: service %s not changed.\n", - service_name )); + canon_name )); ServicePtrs[iService]->usershare = USERSHARE_VALID; - SAFE_FREE(fname); - return iService; + ret = iService; + goto out; } /* Try and open the file read only - no symlinks allowed. */ @@ -8765,8 +8791,7 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i if (fd == -1) { DEBUG(0,("process_usershare_file: unable to open %s. %s\n", fname, strerror(errno) )); - SAFE_FREE(fname); - return -1; + goto out; } /* Now fstat to be *SURE* it's a regular file. */ @@ -8774,8 +8799,7 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i close(fd); DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n", fname, strerror(errno) )); - SAFE_FREE(fname); - return -1; + goto out; } /* Is it the same dev/inode as was lstated ? */ @@ -8783,15 +8807,13 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i close(fd); DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. " "Symlink spoofing going on ?\n", fname )); - SAFE_FREE(fname); - return -1; + goto out; } /* This must be a regular file, not a symlink, directory or other strange filetype. */ if (!check_usershare_stat(fname, &sbuf)) { - SAFE_FREE(fname); - return -1; + goto out; } lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL); @@ -8800,29 +8822,16 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i if (lines == NULL) { DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n", fname, (unsigned int)sbuf.st_ex_uid )); - SAFE_FREE(fname); - return -1; - } - - SAFE_FREE(fname); - - /* Should we allow printers to be shared... ? */ - ctx = talloc_init("usershare_sd_xctx"); - if (!ctx) { - TALLOC_FREE(lines); - return 1; + goto out; } - if (parse_usershare_file(ctx, &sbuf, service_name, + if (parse_usershare_file(ctx, &sbuf, file_name, iService, lines, numlines, &sharepath, - &comment, &psd, &guest_ok) != USERSHARE_OK) { - talloc_destroy(ctx); - TALLOC_FREE(lines); - return -1; + &comment, &cp_service_name, + &psd, &guest_ok) != USERSHARE_OK) { + goto out; } - TALLOC_FREE(lines); - /* Everything ok - add the service possibly using a template. */ if (iService < 0) { const struct service *sp = &sDefault; @@ -8830,25 +8839,24 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i sp = ServicePtrs[snum_template]; } - if ((iService = add_a_service(sp, service_name)) < 0) { + if ((iService = add_a_service(sp, cp_service_name)) < 0) { DEBUG(0, ("process_usershare_file: Failed to add " - "new service %s\n", service_name)); - talloc_destroy(ctx); - return -1; + "new service %s\n", cp_service_name)); + goto out; } + added_service = true; + /* Read only is controlled by usershare ACL below. */ ServicePtrs[iService]->bRead_only = False; } /* Write the ACL of the new/modified share. */ - if (!set_share_security(service_name, psd)) { + if (!set_share_security(canon_name, psd)) { DEBUG(0, ("process_usershare_file: Failed to set share " "security for user share %s\n", - service_name )); - lp_remove_service(iService); - talloc_destroy(ctx); - return -1; + canon_name )); + goto out; } /* If from a template it may be marked invalid. */ @@ -8867,9 +8875,17 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i string_set(&ServicePtrs[iService]->szPath, sharepath); string_set(&ServicePtrs[iService]->comment, comment); - talloc_destroy(ctx); + ret = iService; + + out: - return iService; + if (ret == -1 && iService != -1 && added_service) { + lp_remove_service(iService); + } + + TALLOC_FREE(lines); + TALLOC_FREE(ctx); + return ret; } /*************************************************************************** diff --git a/source3/utils/net_usershare.c b/source3/utils/net_usershare.c index 7a688c1330..05b3cbd015 100644 --- a/source3/utils/net_usershare.c +++ b/source3/utils/net_usershare.c @@ -37,6 +37,8 @@ struct { {N_("Path not allowed"), USERSHARE_PATH_NOT_ALLOWED}, {N_("Path is not a directory"), USERSHARE_PATH_NOT_DIRECTORY}, {N_("System error"), USERSHARE_POSIX_ERR}, + {N_("Malformed sharename definition"), USERSHARE_MALFORMED_SHARENAME_DEF}, + {N_("Bad sharename (doesn't match filename)"), USERSHARE_BAD_SHARENAME}, {NULL,(enum usershare_err)-1} }; @@ -332,6 +334,7 @@ static int info_fn(struct file_list *fl, void *priv) char *basepath; char *sharepath = NULL; char *comment = NULL; + char *cp_sharename = NULL; char *acl_str; int num_aces; char sep_str[2]; @@ -392,6 +395,7 @@ static int info_fn(struct file_list *fl, void *priv) us_err = parse_usershare_file(ctx, &sbuf, fl->pathname, -1, lines, numlines, &sharepath, &comment, + &cp_sharename, &psd, &guest_ok); @@ -473,13 +477,13 @@ static int info_fn(struct file_list *fl, void *priv) /* NOTE: This is smb.conf-like output. Do not translate. */ if (pi->op == US_INFO_OP) { - d_printf("[%s]\n", fl->pathname ); + d_printf("[%s]\n", cp_sharename ); d_printf("path=%s\n", sharepath ); d_printf("comment=%s\n", comment); d_printf("%s\n", acl_str); d_printf("guest_ok=%c\n\n", guest_ok ? 'y' : 'n'); } else if (pi->op == US_LIST_OP) { - d_printf("%s\n", fl->pathname); + d_printf("%s\n", cp_sharename); } return 0; @@ -617,6 +621,7 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) SMB_STRUCT_STAT sbuf; SMB_STRUCT_STAT lsbuf; char *sharename; + const char *cp_sharename; char *full_path; char *full_path_tmp; const char *us_path; @@ -645,21 +650,25 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) default: return net_usershare_add_usage(c, argc, argv); case 2: + cp_sharename = argv[0]; sharename = strlower_talloc(ctx, argv[0]); us_path = argv[1]; break; case 3: + cp_sharename = argv[0]; sharename = strlower_talloc(ctx, argv[0]); us_path = argv[1]; us_comment = argv[2]; break; case 4: + cp_sharename = argv[0]; sharename = strlower_talloc(ctx, argv[0]); us_path = argv[1]; us_comment = argv[2]; arg_acl = argv[3]; break; case 5: + cp_sharename = argv[0]; sharename = strlower_talloc(ctx, argv[0]); us_path = argv[1]; us_comment = argv[2]; @@ -929,8 +938,14 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv) /* Create the in-memory image of the file. */ file_img = talloc_strdup(ctx, "#VERSION 2\npath="); - file_img = talloc_asprintf_append(file_img, "%s\ncomment=%s\nusershare_acl=%s\nguest_ok=%c\n", - us_path, us_comment, us_acl, guest_ok ? 'y' : 'n'); + file_img = talloc_asprintf_append(file_img, + "%s\ncomment=%s\nusershare_acl=%s\n" + "guest_ok=%c\nsharename=%s\n", + us_path, + us_comment, + us_acl, + guest_ok ? 'y' : 'n', + cp_sharename); to_write = strlen(file_img); |