diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-10-03 06:46:29 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:59:34 -0500 |
commit | 5a872512b0d6ed09c515f7f85c29add5934361d3 (patch) | |
tree | 2735134803ace3bd1ad8a53f7b7c460faedc1250 /source4/ntvfs | |
parent | 6b481af7f2860157dd0fa12e2cc6dbbc7c22a20e (diff) | |
download | samba-5a872512b0d6ed09c515f7f85c29add5934361d3.tar.gz samba-5a872512b0d6ed09c515f7f85c29add5934361d3.tar.bz2 samba-5a872512b0d6ed09c515f7f85c29add5934361d3.zip |
r2794: a very simple version of the unixuid NTVFS pass-thru module. In
conjunction with the posix backend this gives us a way to correctly
setup the unix security context in Samba4.
I chose the following method to determine the unix uid's and gid's to
use given the list of SIDs from the login process
- look for a "UnixID" field in the sam record. If present, then use it
(check if the record is of the right type as well)
- if UnixID is not present, then look for the "UnixName" sam
field. If it is present then use getpwnam() or getgrnam() to find
the unix id.
- if UnixID and UnixName are not present, then look for a unix
account of the right type called by the same name as the sAMAccountName field.
- if none of the above work then fail the operation with NT_STATUS_ACCESS_DENIED
obviously these steps only work well with a local SAM. It will need to
be more sophisticated in future.
I did not put any cache in place at all. That will need to be added
for decent performance.
(This used to be commit 78b67d19b9766131f0270e451089ee5bb1aa8bd9)
Diffstat (limited to 'source4/ntvfs')
-rw-r--r-- | source4/ntvfs/config.m4 | 3 | ||||
-rw-r--r-- | source4/ntvfs/posix/config.m4 | 55 | ||||
-rw-r--r-- | source4/ntvfs/unixuid/config.m4 | 58 | ||||
-rw-r--r-- | source4/ntvfs/unixuid/config.mk | 7 | ||||
-rw-r--r-- | source4/ntvfs/unixuid/vfs_unixuid.c | 753 |
5 files changed, 821 insertions, 55 deletions
diff --git a/source4/ntvfs/config.m4 b/source4/ntvfs/config.m4 index 051a6883e2..dd8e60adde 100644 --- a/source4/ntvfs/config.m4 +++ b/source4/ntvfs/config.m4 @@ -3,6 +3,9 @@ dnl # NTVFS Server subsystem SMB_INCLUDE_M4(ntvfs/posix/config.m4) SMB_MODULE_MK(ntvfs_posix, NTVFS, STATIC, ntvfs/posix/config.mk) +SMB_INCLUDE_M4(ntvfs/unixuid/config.m4) +SMB_MODULE_MK(ntvfs_unixuid, NTVFS, STATIC, ntvfs/unixuid/config.mk) + SMB_MODULE_MK(ntvfs_cifs, NTVFS, STATIC, ntvfs/config.mk) SMB_MODULE_MK(ntvfs_simple, NTVFS, STATIC, ntvfs/config.mk) diff --git a/source4/ntvfs/posix/config.m4 b/source4/ntvfs/posix/config.m4 index 3415948f95..b1de4c20e5 100644 --- a/source4/ntvfs/posix/config.m4 +++ b/source4/ntvfs/posix/config.m4 @@ -23,58 +23,3 @@ if test x"$ac_cv_decl_have_stat_tv_nsec" = x"yes"; then fi -################################################ -# look for a method of setting the effective uid -seteuid=no; -if test $seteuid = no; then -AC_CACHE_CHECK([for setresuid],samba_cv_USE_SETRESUID,[ -AC_TRY_RUN([ -#define AUTOCONF_TEST 1 -#define USE_SETRESUID 1 -#include "confdefs.h" -#include "${srcdir-.}/lib/util_sec.c"], - samba_cv_USE_SETRESUID=yes,samba_cv_USE_SETRESUID=no,samba_cv_USE_SETRESUID=cross)]) -if test x"$samba_cv_USE_SETRESUID" = x"yes"; then - seteuid=yes;AC_DEFINE(USE_SETRESUID,1,[Whether setresuid() is available]) -fi -fi - - -if test $seteuid = no; then -AC_CACHE_CHECK([for setreuid],samba_cv_USE_SETREUID,[ -AC_TRY_RUN([ -#define AUTOCONF_TEST 1 -#define USE_SETREUID 1 -#include "confdefs.h" -#include "${srcdir-.}/lib/util_sec.c"], - samba_cv_USE_SETREUID=yes,samba_cv_USE_SETREUID=no,samba_cv_USE_SETREUID=cross)]) -if test x"$samba_cv_USE_SETREUID" = x"yes"; then - seteuid=yes;AC_DEFINE(USE_SETREUID,1,[Whether setreuid() is available]) -fi -fi - -if test $seteuid = no; then -AC_CACHE_CHECK([for seteuid],samba_cv_USE_SETEUID,[ -AC_TRY_RUN([ -#define AUTOCONF_TEST 1 -#define USE_SETEUID 1 -#include "confdefs.h" -#include "${srcdir-.}/lib/util_sec.c"], - samba_cv_USE_SETEUID=yes,samba_cv_USE_SETEUID=no,samba_cv_USE_SETEUID=cross)]) -if test x"$samba_cv_USE_SETEUID" = x"yes"; then - seteuid=yes;AC_DEFINE(USE_SETEUID,1,[Whether seteuid() is available]) -fi -fi - -if test $seteuid = no; then -AC_CACHE_CHECK([for setuidx],samba_cv_USE_SETUIDX,[ -AC_TRY_RUN([ -#define AUTOCONF_TEST 1 -#define USE_SETUIDX 1 -#include "confdefs.h" -#include "${srcdir-.}/lib/util_sec.c"], - samba_cv_USE_SETUIDX=yes,samba_cv_USE_SETUIDX=no,samba_cv_USE_SETUIDX=cross)]) -if test x"$samba_cv_USE_SETUIDX" = x"yes"; then - seteuid=yes;AC_DEFINE(USE_SETUIDX,1,[Whether setuidx() is available]) -fi -fi diff --git a/source4/ntvfs/unixuid/config.m4 b/source4/ntvfs/unixuid/config.m4 new file mode 100644 index 0000000000..61e7db3d91 --- /dev/null +++ b/source4/ntvfs/unixuid/config.m4 @@ -0,0 +1,58 @@ +SMB_MODULE_MK(ntvfs_unixuid, NTVFS, STATIC, ntvfs/config.mk) + + +################################################ +# look for a method of setting the effective uid +seteuid=no; +if test $seteuid = no; then +AC_CACHE_CHECK([for setresuid],samba_cv_USE_SETRESUID,[ +AC_TRY_RUN([ +#define AUTOCONF_TEST 1 +#define USE_SETRESUID 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/util_sec.c"], + samba_cv_USE_SETRESUID=yes,samba_cv_USE_SETRESUID=no,samba_cv_USE_SETRESUID=cross)]) +if test x"$samba_cv_USE_SETRESUID" = x"yes"; then + seteuid=yes;AC_DEFINE(USE_SETRESUID,1,[Whether setresuid() is available]) +fi +fi + + +if test $seteuid = no; then +AC_CACHE_CHECK([for setreuid],samba_cv_USE_SETREUID,[ +AC_TRY_RUN([ +#define AUTOCONF_TEST 1 +#define USE_SETREUID 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/util_sec.c"], + samba_cv_USE_SETREUID=yes,samba_cv_USE_SETREUID=no,samba_cv_USE_SETREUID=cross)]) +if test x"$samba_cv_USE_SETREUID" = x"yes"; then + seteuid=yes;AC_DEFINE(USE_SETREUID,1,[Whether setreuid() is available]) +fi +fi + +if test $seteuid = no; then +AC_CACHE_CHECK([for seteuid],samba_cv_USE_SETEUID,[ +AC_TRY_RUN([ +#define AUTOCONF_TEST 1 +#define USE_SETEUID 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/util_sec.c"], + samba_cv_USE_SETEUID=yes,samba_cv_USE_SETEUID=no,samba_cv_USE_SETEUID=cross)]) +if test x"$samba_cv_USE_SETEUID" = x"yes"; then + seteuid=yes;AC_DEFINE(USE_SETEUID,1,[Whether seteuid() is available]) +fi +fi + +if test $seteuid = no; then +AC_CACHE_CHECK([for setuidx],samba_cv_USE_SETUIDX,[ +AC_TRY_RUN([ +#define AUTOCONF_TEST 1 +#define USE_SETUIDX 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/util_sec.c"], + samba_cv_USE_SETUIDX=yes,samba_cv_USE_SETUIDX=no,samba_cv_USE_SETUIDX=cross)]) +if test x"$samba_cv_USE_SETUIDX" = x"yes"; then + seteuid=yes;AC_DEFINE(USE_SETUIDX,1,[Whether setuidx() is available]) +fi +fi diff --git a/source4/ntvfs/unixuid/config.mk b/source4/ntvfs/unixuid/config.mk new file mode 100644 index 0000000000..76e7aebc76 --- /dev/null +++ b/source4/ntvfs/unixuid/config.mk @@ -0,0 +1,7 @@ +################################################ +# Start MODULE ntvfs_unixuid +[MODULE::ntvfs_unixuid] +INIT_OBJ_FILES = \ + ntvfs/unixuid/vfs_unixuid.o +# End MODULE ntvfs_unixuid +################################################ diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c new file mode 100644 index 0000000000..6eef6dbc37 --- /dev/null +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -0,0 +1,753 @@ +/* + Unix SMB/CIFS implementation. + + a pass-thru NTVFS module to setup a security context using unix + uid/gid + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +struct unixuid_private { + void *samctx; +}; + + +/* + map a sid to a unix uid +*/ +static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct dom_sid *sid, uid_t *uid) +{ + struct unixuid_private *private = ntvfs->private_data; + const char *attrs[] = { "sAMAccountName", "UnixID", "UnixName", "sAMAccountType", NULL }; + int ret; + const char *s; + void *ctx; + struct ldb_message **res; + const char *sidstr; + + ctx = talloc(req, 0); + sidstr = dom_sid_string(ctx, sid); + + ret = samdb_search(private->samctx, ctx, NULL, &res, attrs, "objectSid=%s", sidstr); + if (ret != 1) { + DEBUG(2,("Unable to map sid %s to unix uid\n", sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + + /* make sure its a user, not a group */ + if (samdb_result_uint(res[0], "sAMAccountType", 0) != ATYPE_NORMAL_ACCOUNT) { + DEBUG(0,("sid_to_unixuid: sid %s is not ATYPE_NORMAL_ACCOUNT\n", sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + + /* first try to get the uid directly */ + s = samdb_result_string(res[0], "UnixID", NULL); + if (s != NULL) { + *uid = strtoul(s, NULL, 0); + talloc_free(ctx); + return NT_STATUS_OK; + } + + /* next try via the UnixName attribute */ + s = samdb_result_string(res[0], "UnixName", NULL); + if (s != NULL) { + struct passwd *pwd = getpwnam(s); + if (!pwd) { + DEBUG(0,("UnixName %s for sid %s does not exist as a local user\n", s, sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + *uid = pwd->pw_uid; + talloc_free(ctx); + return NT_STATUS_OK; + } + + /* finally try via the sAMAccountName attribute */ + s = samdb_result_string(res[0], "sAMAccountName", NULL); + if (s != NULL) { + struct passwd *pwd = getpwnam(s); + if (!pwd) { + DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local user\n", s, sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + *uid = pwd->pw_uid; + talloc_free(ctx); + return NT_STATUS_OK; + } + + DEBUG(0,("No sAMAccountName for sid %s!?\n", sidstr)); + + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; +} + + +/* + map a sid to a unix gid +*/ +static NTSTATUS sid_to_unixgid(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct dom_sid *sid, gid_t *gid) +{ + struct unixuid_private *private = ntvfs->private_data; + const char *attrs[] = { "sAMAccountName", "UnixID", "UnixName", "sAMAccountType", NULL }; + int ret; + const char *s; + void *ctx; + struct ldb_message **res; + const char *sidstr; + + ctx = talloc(req, 0); + sidstr = dom_sid_string(ctx, sid); + + ret = samdb_search(private->samctx, ctx, NULL, &res, attrs, "objectSid=%s", sidstr); + if (ret != 1) { + DEBUG(2,("Unable to map sid %s to unix gid\n", sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + + /* make sure its not a user */ + if (samdb_result_uint(res[0], "sAMAccountType", 0) == ATYPE_NORMAL_ACCOUNT) { + DEBUG(0,("sid_to_unixgid: sid %s is a ATYPE_NORMAL_ACCOUNT\n", sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + + /* first try to get the gid directly */ + s = samdb_result_string(res[0], "UnixID", NULL); + if (s != NULL) { + *gid = strtoul(s, NULL, 0); + talloc_free(ctx); + return NT_STATUS_OK; + } + + /* next try via the UnixName attribute */ + s = samdb_result_string(res[0], "UnixName", NULL); + if (s != NULL) { + struct group *grp = getgrnam(s); + if (!grp) { + DEBUG(0,("UnixName '%s' for sid %s does not exist as a local group\n", s, sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + *gid = grp->gr_gid; + talloc_free(ctx); + return NT_STATUS_OK; + } + + /* finally try via the sAMAccountName attribute */ + s = samdb_result_string(res[0], "sAMAccountName", NULL); + if (s != NULL) { + struct group *grp = getgrnam(s); + if (!grp) { + DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local group\n", s, sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + *gid = grp->gr_gid; + talloc_free(ctx); + return NT_STATUS_OK; + } + + DEBUG(0,("No sAMAccountName for sid %s!?\n", sidstr)); + + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; +} + +struct unix_sec_ctx { + uid_t uid; + gid_t gid; + uint_t ngroups; + gid_t *groups; +}; + +/* + pull the current security context into a unix_sec_ctx +*/ +static struct unix_sec_ctx *save_unix_security(TALLOC_CTX *mem_ctx) +{ + struct unix_sec_ctx *sec = talloc_p(mem_ctx, struct unix_sec_ctx); + if (sec == NULL) { + return NULL; + } + sec->uid = geteuid(); + sec->gid = getegid(); + sec->ngroups = getgroups(0, NULL); + if (sec->ngroups == -1) { + talloc_free(sec); + return NULL; + } + sec->groups = talloc_array_p(sec, gid_t, sec->ngroups); + if (sec->groups == NULL) { + talloc_free(sec); + return NULL; + } + + if (getgroups(sec->ngroups, sec->groups) != sec->ngroups) { + talloc_free(sec); + return NULL; + } + + return sec; +} + +/* + set the current security context from a unix_sec_ctx +*/ +static NTSTATUS set_unix_security(struct unix_sec_ctx *sec) +{ + seteuid(0); + + if (setgroups(sec->ngroups, sec->groups) != 0) { + return NT_STATUS_ACCESS_DENIED; + } + if (setegid(sec->gid) != 0) { + return NT_STATUS_ACCESS_DENIED; + } + if (seteuid(sec->uid) != 0) { + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_OK; +} + +/* + form a unix_sec_ctx from the current session info +*/ +static NTSTATUS authinfo_to_unix_security(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, + struct auth_serversupplied_info *info, + struct unix_sec_ctx **sec) +{ + int i; + NTSTATUS status; + *sec = talloc_p(req, struct unix_sec_ctx); + + status = sid_to_unixuid(ntvfs, req, info->user_sid, &(*sec)->uid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = sid_to_unixgid(ntvfs, req, info->primary_group_sid, &(*sec)->gid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + (*sec)->ngroups = info->n_domain_groups; + (*sec)->groups = talloc_array_p(*sec, gid_t, (*sec)->ngroups); + if ((*sec)->groups == NULL) { + return NT_STATUS_NO_MEMORY; + } + + for (i=0;i<(*sec)->ngroups;i++) { + status = sid_to_unixgid(ntvfs, req, info->domain_groups[i], &(*sec)->groups[i]); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + return NT_STATUS_OK; +} + +/* + setup our unix security context according to the session authentication info +*/ +static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct unix_sec_ctx **sec) +{ + struct auth_serversupplied_info *info = req->session->session_info->server_info; + void *ctx = talloc(req, 0); + struct unix_sec_ctx *newsec; + NTSTATUS status; + + *sec = save_unix_security(req); + if (*sec == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = authinfo_to_unix_security(ntvfs, req, info, &newsec); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(ctx); + return status; + } + + status = set_unix_security(newsec); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(ctx); + return status; + } + + talloc_free(ctx); + + return NT_STATUS_OK; +} + +/* + this pass through macro operates on request contexts +*/ +#define PASS_THRU_REQ(ntvfs, req, op, args) do { \ + NTSTATUS status2; \ + struct unix_sec_ctx *sec; \ + status = unixuid_setup_security(ntvfs, req, &sec); \ + if (NT_STATUS_IS_OK(status)) status = ntvfs_next_##op args; \ + status2 = set_unix_security(sec); \ + if (!NT_STATUS_IS_OK(status2)) smb_panic("Unable to reset security context"); \ +} while (0) + + + +/* + connect to a share - used when a tree_connect operation comes in. +*/ +static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, const char *sharename) +{ + struct unixuid_private *private; + NTSTATUS status; + + private = talloc_p(req->tcon, struct unixuid_private); + if (!private) { + return NT_STATUS_NO_MEMORY; + } + + private->samctx = samdb_connect(private); + if (private->samctx == NULL) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + ntvfs->private_data = private; + + PASS_THRU_REQ(ntvfs, req, connect, (ntvfs, req, sharename)); + + return status; +} + +/* + disconnect from a share +*/ +static NTSTATUS unixuid_disconnect(struct ntvfs_module_context *ntvfs, + struct smbsrv_tcon *tcon) +{ + struct unixuid_private *private = ntvfs->private_data; + NTSTATUS status; + + talloc_free(private); + + status = ntvfs_next_disconnect(ntvfs, tcon); + + return status; +} + + +/* + delete a file +*/ +static NTSTATUS unixuid_unlink(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_unlink *unl) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, unlink, (ntvfs, req, unl)); + + return status; +} + +/* + ioctl interface +*/ +static NTSTATUS unixuid_ioctl(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_ioctl *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, ioctl, (ntvfs, req, io)); + + return status; +} + +/* + check if a directory exists +*/ +static NTSTATUS unixuid_chkpath(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_chkpath *cp) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, chkpath, (ntvfs, req, cp)); + + return status; +} + +/* + return info on a pathname +*/ +static NTSTATUS unixuid_qpathinfo(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_fileinfo *info) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, qpathinfo, (ntvfs, req, info)); + + return status; +} + +/* + query info on a open file +*/ +static NTSTATUS unixuid_qfileinfo(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_fileinfo *info) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, qfileinfo, (ntvfs, req, info)); + + return status; +} + + +/* + set info on a pathname +*/ +static NTSTATUS unixuid_setpathinfo(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_setfileinfo *st) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, setpathinfo, (ntvfs, req, st)); + + return status; +} + +/* + open a file +*/ +static NTSTATUS unixuid_open(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_open *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, open, (ntvfs, req, io)); + + return status; +} + +/* + create a directory +*/ +static NTSTATUS unixuid_mkdir(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_mkdir *md) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, mkdir, (ntvfs, req, md)); + + return status; +} + +/* + remove a directory +*/ +static NTSTATUS unixuid_rmdir(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_rmdir *rd) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, rmdir, (ntvfs, req, rd)); + + return status; +} + +/* + rename a set of files +*/ +static NTSTATUS unixuid_rename(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_rename *ren) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, rename, (ntvfs, req, ren)); + + return status; +} + +/* + copy a set of files +*/ +static NTSTATUS unixuid_copy(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_copy *cp) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, copy, (ntvfs, req, cp)); + + return status; +} + +/* + read from a file +*/ +static NTSTATUS unixuid_read(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_read *rd) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, read, (ntvfs, req, rd)); + + return status; +} + +/* + write to a file +*/ +static NTSTATUS unixuid_write(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_write *wr) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, write, (ntvfs, req, wr)); + + return status; +} + +/* + seek in a file +*/ +static NTSTATUS unixuid_seek(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_seek *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, seek, (ntvfs, req, io)); + + return status; +} + +/* + flush a file +*/ +static NTSTATUS unixuid_flush(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_flush *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, flush, (ntvfs, req, io)); + + return status; +} + +/* + close a file +*/ +static NTSTATUS unixuid_close(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_close *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, close, (ntvfs, req, io)); + + return status; +} + +/* + exit - closing files +*/ +static NTSTATUS unixuid_exit(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, exit, (ntvfs, req)); + + return status; +} + +/* + logoff - closing files +*/ +static NTSTATUS unixuid_logoff(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, logoff, (ntvfs, req)); + + return status; +} + +/* + lock a byte range +*/ +static NTSTATUS unixuid_lock(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_lock *lck) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, lock, (ntvfs, req, lck)); + + return status; +} + +/* + set info on a open file +*/ +static NTSTATUS unixuid_setfileinfo(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, + union smb_setfileinfo *info) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, setfileinfo, (ntvfs, req, info)); + + return status; +} + + +/* + return filesystem space info +*/ +static NTSTATUS unixuid_fsinfo(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_fsinfo *fs) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, fsinfo, (ntvfs, req, fs)); + + return status; +} + +/* + return print queue info +*/ +static NTSTATUS unixuid_lpq(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_lpq *lpq) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, lpq, (ntvfs, req, lpq)); + + return status; +} + +/* + list files in a directory matching a wildcard pattern +*/ +static NTSTATUS unixuid_search_first(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_search_first *io, + void *search_private, + BOOL (*callback)(void *, union smb_search_data *)) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, search_first, (ntvfs, req, io, search_private, callback)); + + return status; +} + +/* continue a search */ +static NTSTATUS unixuid_search_next(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_search_next *io, + void *search_private, + BOOL (*callback)(void *, union smb_search_data *)) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, search_next, (ntvfs, req, io, search_private, callback)); + + return status; +} + +/* close a search */ +static NTSTATUS unixuid_search_close(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_search_close *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, search_close, (ntvfs, req, io)); + + return status; +} + +/* SMBtrans - not used on file shares */ +static NTSTATUS unixuid_trans(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_trans2 *trans2) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, trans, (ntvfs, req, trans2)); + + return status; +} + +/* + initialise the unixuid backend, registering ourselves with the ntvfs subsystem + */ +NTSTATUS ntvfs_unixuid_init(void) +{ + NTSTATUS ret; + struct ntvfs_ops ops; + + ZERO_STRUCT(ops); + + /* fill in the name and type */ + ops.name = "unixuid"; + ops.type = NTVFS_DISK; + + /* fill in all the operations */ + ops.connect = unixuid_connect; + ops.disconnect = unixuid_disconnect; + ops.unlink = unixuid_unlink; + ops.chkpath = unixuid_chkpath; + ops.qpathinfo = unixuid_qpathinfo; + ops.setpathinfo = unixuid_setpathinfo; + ops.open = unixuid_open; + ops.mkdir = unixuid_mkdir; + ops.rmdir = unixuid_rmdir; + ops.rename = unixuid_rename; + ops.copy = unixuid_copy; + ops.ioctl = unixuid_ioctl; + ops.read = unixuid_read; + ops.write = unixuid_write; + ops.seek = unixuid_seek; + ops.flush = unixuid_flush; + ops.close = unixuid_close; + ops.exit = unixuid_exit; + ops.lock = unixuid_lock; + ops.setfileinfo = unixuid_setfileinfo; + ops.qfileinfo = unixuid_qfileinfo; + ops.fsinfo = unixuid_fsinfo; + ops.lpq = unixuid_lpq; + ops.search_first = unixuid_search_first; + ops.search_next = unixuid_search_next; + ops.search_close = unixuid_search_close; + ops.trans = unixuid_trans; + ops.logoff = unixuid_logoff; + + /* register ourselves with the NTVFS subsystem. */ + ret = register_backend("ntvfs", &ops); + + if (!NT_STATUS_IS_OK(ret)) { + DEBUG(0,("Failed to register unixuid backend!\n")); + } + + return ret; +} |