diff options
author | Stefan Metzmacher <metze@samba.org> | 2004-04-21 14:19:03 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:51:20 -0500 |
commit | ee0588bb6fbfbb250f5f2a3373556b100f2eb399 (patch) | |
tree | 48bc2955b05ef720db1288bd40c526cf850a7f08 /source4/ntvfs | |
parent | 7feebcb33a615c77d8885d625cfc70c501760233 (diff) | |
download | samba-ee0588bb6fbfbb250f5f2a3373556b100f2eb399.tar.gz samba-ee0588bb6fbfbb250f5f2a3373556b100f2eb399.tar.bz2 samba-ee0588bb6fbfbb250f5f2a3373556b100f2eb399.zip |
r312: let ntvfs posix backend return NT_STATUS_ACCESS_DENIED in the connect hook
and print out an error message to the debug log which say:
use 'cifs' or 'simple' as ntvfs handler
this also warns about 'root' fileaccess in the 'simple' module
the 'default' ntvfs handler is now registered by the posix backend
metze
(This used to be commit 84b3589daa60cfdd2c868d9468192b0a6e1eebae)
Diffstat (limited to 'source4/ntvfs')
-rw-r--r-- | source4/ntvfs/config.m4 | 2 | ||||
-rw-r--r-- | source4/ntvfs/posix/vfs_posix.c | 99 | ||||
-rw-r--r-- | source4/ntvfs/simple/vfs_simple.c | 10 |
3 files changed, 16 insertions, 95 deletions
diff --git a/source4/ntvfs/config.m4 b/source4/ntvfs/config.m4 index a0b07ffd1b..420c3ec62a 100644 --- a/source4/ntvfs/config.m4 +++ b/source4/ntvfs/config.m4 @@ -240,7 +240,7 @@ SMB_MODULE(ntvfs_print, NTVFS, STATIC, [ntvfs/print/vfs_print.o]) SMB_MODULE(ntvfs_ipc, NTVFS, STATIC, [ntvfs/ipc/vfs_ipc.o]) -SMB_MODULE(ntvfs_posix, NTVFS, NOT, [ntvfs/posix/vfs_posix.o]) +SMB_MODULE(ntvfs_posix, NTVFS, STATIC, [ntvfs/posix/vfs_posix.o]) SMB_MODULE(ntvfs_nbench, NTVFS, STATIC, [ntvfs/nbench/vfs_nbench.o]) diff --git a/source4/ntvfs/posix/vfs_posix.c b/source4/ntvfs/posix/vfs_posix.c index 9a35f19322..e013e01979 100644 --- a/source4/ntvfs/posix/vfs_posix.c +++ b/source4/ntvfs/posix/vfs_posix.c @@ -1,8 +1,8 @@ /* Unix SMB/CIFS implementation. POSIX NTVFS backend - Copyright (C) Andrew Tridgell 1992-2003 - Copyright (C) Andrew Bartlett 2001 + Copyright (C) Andrew Tridgell 2003 + Copyright (C) Stefan (metze) Metzmacher 2004 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -31,99 +31,29 @@ directory exists (tho it doesn't need to be accessible by the user, that comes later) */ -static NTSTATUS pvfs_connect(struct ntvfs_context *ctx, const char *sharename) +static NTSTATUS pvfs_connect(struct request_context *req, const char *sharename) { - struct stat st; - struct connection_struct *conn = ctx->conn; - NTSTATUS status; - - /* the directory must exist */ - if (stat(conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) { - DEBUG(0,("'%s' is not a directory, when connecting to [%s]\n", - conn->connectpath, lp_servicename(SNUM(conn)))); - return NT_STATUS_BAD_NETWORK_NAME; - } - - /* Initialise old VFS function pointers */ - if (!smbd_vfs_init(conn)) { - DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn)))); - return NT_STATUS_BAD_NETWORK_NAME; - } - - /* become the user for the rest */ - status = ntvfs_change_to_user(ctx); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - /* the posix backend can do preexec */ - status = ntvfs_connect_preexec(ctx); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - /* Invoke the old POSIX VFS make connection hook */ - if (conn->vfs_ops.connect && - conn->vfs_ops.connect(conn, lp_servicename(snum), user) < 0) { - DEBUG(0,("make_connection: POSIX VFS make connection failed!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - } - - - /* - * Print out the 'connected as' stuff here as we need - * to know the effective uid and gid we will be using - * (at least initially). - */ - if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) { - dbgtext( "%s (%s) ", get_remote_machine_name(), conn->client_address ); - dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) ); - dbgtext( "initially as user %s ", user ); - dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() ); - dbgtext( "(pid %d)\n", (int)sys_getpid() ); - } - - return NT_STATUS_OK; + DEBUG(0, ("Connection to share [%s] ACCESS DENIED!\n", sharename)); + DEBUGADD(0,("This is because your using the 'ntvfs handler = default'.\n")); + DEBUGADD(0,("This backend is not functional at the moment.\n")); + DEBUGADD(0,("Please use one of the following backends:\n")); + DEBUGADD(0,("cifs - a proxy to another cifs-server\n")); + DEBUGADD(0,("simple - a very, very simple posix backend\n")); + DEBUGADD(0,(" all file acess is done as user 'root'\n")); + DEBUGADD(0,(" Please don't use this a sensitive data!!!\n")); + + return NT_STATUS_ACCESS_DENIED; } /* disconnect from a share */ -static NTSTATUS pvfs_disconnect(struct ntvfs_context *ctx) +static NTSTATUS pvfs_disconnect(struct tcon_context *tcon) { return NT_STATUS_OK; } /* - delete a file - the dirtype specifies the file types to include in the search. - The name can contain CIFS wildcards, but rarely does (except with OS/2 clients) -*/ -static NTSTATUS pvfs_unlink(struct ntvfs_context *ctx, const char *name, uint16 dirtype) -{ - NTSTATUS status; - - if (ntvfs_dfs_redirect(ctx, name)) { - return NT_STATUS_PATH_NOT_COVERED; - } - - status = unlink_internals(ctx->conn, dirtype, name); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - ntvfs_run_change_notify_queue(); - - return NT_STATUS_OK; -} - - - - - - - -/* initialialise the POSIX disk backend, registering ourselves with the ntvfs subsystem */ NTSTATUS ntvfs_posix_init(void) @@ -139,7 +69,6 @@ NTSTATUS ntvfs_posix_init(void) /* fill in all the operations */ ops.connect = pvfs_connect; ops.disconnect = pvfs_disconnect; - ops.unlink = pvfs_unlink; /* register ourselves with the NTVFS subsystem. We register under the name 'default' as we wish to be the default backend */ diff --git a/source4/ntvfs/simple/vfs_simple.c b/source4/ntvfs/simple/vfs_simple.c index c2ad7d7aa4..e36e4a62c4 100644 --- a/source4/ntvfs/simple/vfs_simple.c +++ b/source4/ntvfs/simple/vfs_simple.c @@ -948,7 +948,7 @@ NTSTATUS ntvfs_simple_init(void) ops.trans = svfs_trans; /* register ourselves with the NTVFS subsystem. We register - under two names 'simple' and 'default' + under names 'simple' */ ops.name = "simple"; ret = register_backend("ntvfs", &ops); @@ -958,13 +958,5 @@ NTSTATUS ntvfs_simple_init(void) ops.name)); } - /* also register as "default" */ - ops.name = "default"; - ret = register_backend("ntvfs", &ops); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0,("Failed to register simple backend with name: %s!\n", - ops.name)); - } - return ret; } |