summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c424
1 files changed, 299 insertions, 125 deletions
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 5b24b3d2b8..abfa794518 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1372,18 +1372,273 @@ char *valid_share_pathname(char *dos_pathname)
return ptr;
}
+static void setval_helper(struct registry_key *key, const char *name,
+ const char *value, WERROR *err)
+{
+ struct registry_value val;
+
+ if (!W_ERROR_IS_OK(*err)) {
+ return;
+ }
+
+ ZERO_STRUCT(val);
+ val.type = REG_SZ;
+ val.v.sz.str = CONST_DISCARD(char *, value);
+ val.v.sz.len = strlen(value)+1;
+
+ *err = reg_setvalue(key, name, &val);
+}
+
+static WERROR add_share(const char *share_name, const char *path,
+ const char *comment, uint32 max_connections,
+ const struct nt_user_token *token,
+ BOOL is_disk_op)
+{
+ if (lp_add_share_cmd() && *lp_add_share_cmd()) {
+ char *command;
+ int ret;
+
+ if (asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\" %d",
+ lp_add_share_cmd(), dyn_CONFIGFILE, share_name,
+ path, comment, max_connections) == -1) {
+ return WERR_NOMEM;
+ }
+
+ DEBUG(10,("add_share: Running [%s]\n", command ));
+
+ /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/
+
+ if ( is_disk_op )
+ become_root();
+
+ if ( (ret = smbrun(command, NULL)) == 0 ) {
+ /* Tell everyone we updated smb.conf. */
+ message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED,
+ NULL, 0, False, NULL);
+ }
+
+ if ( is_disk_op )
+ unbecome_root();
+
+ /********* END SeDiskOperatorPrivilege BLOCK *********/
+
+ DEBUG(3,("_srv_net_share_add: Running [%s] returned (%d)\n",
+ command, ret ));
+
+ /*
+ * No fallback to registry shares, the user did define a add
+ * share command, so fail here.
+ */
+
+ SAFE_FREE(command);
+ return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED;
+ }
+
+ if (lp_registry_shares()) {
+ char *keyname;
+ struct registry_key *key;
+ enum winreg_CreateAction action;
+ WERROR err;
+ TALLOC_CTX *mem_ctx;
+
+ if (!(keyname = talloc_asprintf(NULL, "%s\\%s", KEY_SMBCONF,
+ share_name))) {
+ return WERR_NOMEM;
+ }
+
+ mem_ctx = (TALLOC_CTX *)keyname;
+
+ err = reg_create_path(mem_ctx, keyname, REG_KEY_WRITE,
+ is_disk_op ? get_root_nt_token():token,
+ &action, &key);
+
+ if (action != REG_CREATED_NEW_KEY) {
+ err = WERR_ALREADY_EXISTS;
+ }
+
+ if (!W_ERROR_IS_OK(err)) {
+ TALLOC_FREE(mem_ctx);
+ return err;
+ }
+
+ setval_helper(key, "path", path, &err);
+ if ((comment != NULL) && (comment[0] != '\0')) {
+ setval_helper(key, "comment", comment, &err);
+ }
+ if (max_connections != 0) {
+ char tmp[16];
+ snprintf(tmp, sizeof(tmp), "%d", max_connections);
+ setval_helper(key, "max connections", tmp, &err);
+ }
+
+ if (!W_ERROR_IS_OK(err)) {
+ /*
+ * Hmmmm. We'd need transactions on the registry to
+ * get this right....
+ */
+ reg_delete_path(is_disk_op ? get_root_nt_token():token,
+ keyname);
+ }
+ TALLOC_FREE(mem_ctx);
+ return err;
+ }
+
+ return WERR_ACCESS_DENIED;
+}
+
+static WERROR delete_share(const char *sharename,
+ const struct nt_user_token *token,
+ BOOL is_disk_op)
+{
+ if (lp_delete_share_cmd() && *lp_delete_share_cmd()) {
+ char *command;
+ int ret;
+
+ if (asprintf(&command, "%s \"%s\" \"%s\"",
+ lp_delete_share_cmd(), dyn_CONFIGFILE,
+ sharename)) {
+ return WERR_NOMEM;
+ }
+
+ DEBUG(10,("delete_share: Running [%s]\n", command ));
+
+ /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/
+
+ if ( is_disk_op )
+ become_root();
+
+ if ( (ret = smbrun(command, NULL)) == 0 ) {
+ /* Tell everyone we updated smb.conf. */
+ message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED,
+ NULL, 0, False, NULL);
+ }
+
+ if ( is_disk_op )
+ unbecome_root();
+
+ /********* END SeDiskOperatorPrivilege BLOCK *********/
+
+ SAFE_FREE(command);
+
+ DEBUG(3,("_srv_net_share_del: Running [%s] returned (%d)\n",
+ command, ret ));
+ return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED;
+ }
+
+ if (lp_registry_shares()) {
+ char *keyname;
+ WERROR err;
+
+ if (asprintf(&keyname, "%s\\%s", KEY_SMBCONF,
+ sharename) == -1) {
+ return WERR_NOMEM;
+ }
+
+ err = reg_delete_path(is_disk_op ? get_root_nt_token():token,
+ keyname);
+ SAFE_FREE(keyname);
+ return err;
+ }
+
+ return WERR_ACCESS_DENIED;
+}
+
+static WERROR change_share(const char *share_name, const char *path,
+ const char *comment, uint32 max_connections,
+ const struct nt_user_token *token,
+ BOOL is_disk_op)
+{
+ if (lp_change_share_cmd() && *lp_change_share_cmd()) {
+ char *command;
+ int ret;
+
+ if (asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\" %d",
+ lp_change_share_cmd(), dyn_CONFIGFILE, share_name,
+ path, comment, max_connections) == -1) {
+ return WERR_NOMEM;
+ }
+
+ DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command));
+
+ /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/
+
+ if ( is_disk_op )
+ become_root();
+
+ if ( (ret = smbrun(command, NULL)) == 0 ) {
+ /* Tell everyone we updated smb.conf. */
+ message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED,
+ NULL, 0, False, NULL);
+ }
+
+ if ( is_disk_op )
+ unbecome_root();
+
+ /********* END SeDiskOperatorPrivilege BLOCK *********/
+
+ DEBUG(3,("_srv_net_share_set_info: Running [%s] returned "
+ "(%d)\n", command, ret ));
+
+ SAFE_FREE(command);
+
+ return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED;
+ }
+
+ if (lp_registry_shares()) {
+ char *keyname;
+ struct registry_key *key;
+ WERROR err;
+ TALLOC_CTX *mem_ctx;
+
+ if (!(keyname = talloc_asprintf(NULL, "%s\\%s", KEY_SMBCONF,
+ share_name))) {
+ return WERR_NOMEM;
+ }
+
+ mem_ctx = (TALLOC_CTX *)keyname;
+
+ err = reg_open_path(mem_ctx, keyname, REG_KEY_WRITE,
+ is_disk_op ? get_root_nt_token():token,
+ &key);
+ if (!W_ERROR_IS_OK(err)) {
+ TALLOC_FREE(mem_ctx);
+ return err;
+ }
+
+ setval_helper(key, "path", path, &err);
+
+ reg_deletevalue(key, "comment");
+ if ((comment != NULL) && (comment[0] != '\0')) {
+ setval_helper(key, "comment", comment, &err);
+ }
+
+ reg_deletevalue(key, "max connections");
+ if (max_connections != 0) {
+ char tmp[16];
+ snprintf(tmp, sizeof(tmp), "%d", max_connections);
+ setval_helper(key, "max connections", tmp, &err);
+ }
+
+ TALLOC_FREE(mem_ctx);
+ return err;
+ }
+
+ return WERR_ACCESS_DENIED;
+}
+
/*******************************************************************
Net share set info. Modify share details.
********************************************************************/
-WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, const char *server_unc, const char *share_name, uint32_t level, union srvsvc_NetShareInfo info, uint32_t *parm_error)
+WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, const char *server_unc,
+ const char *share_name, uint32_t level,
+ union srvsvc_NetShareInfo info,
+ uint32_t *parm_error)
{
- pstring command;
pstring comment;
pstring pathname;
int type;
int snum;
- int ret;
char *path;
SEC_DESC *psd = NULL;
SE_PRIV se_diskop = SE_DISK_OPERATOR;
@@ -1415,7 +1670,8 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, const char *server_unc, const ch
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->pipe_user.nt_user_token,
+ &se_diskop );
/* fail out now if you are not root and not a disk op */
@@ -1433,17 +1689,10 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, const char *server_unc, const ch
pstrcpy(comment, info.info2->comment);
pstrcpy(pathname, info.info2->path);
type = info.info2->type;
- max_connections = (info.info2->max_users == 0xffffffff) ? 0 : info.info2->max_users;
- psd = NULL;
- break;
-#if 0
- /* not supported on set but here for completeness */
- case 501:
- unistr2_to_ascii(comment, &q_u->info.share.info501.info_501_str.uni_remark, sizeof(comment));
- type = q_u->info.share.info501.info_501.type;
+ max_connections = (info.info2->max_users == 0xffffffff) ?
+ 0 : info.info2->max_users;
psd = NULL;
break;
-#endif
case 502:
pstrcpy(comment, info.info502->comment);
pstrcpy(pathname, info.info502->path);
@@ -1466,7 +1715,9 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, const char *server_unc, const ch
SHARE_1005_CSC_POLICY_SHIFT) == lp_csc_policy(snum))
return WERR_OK;
else {
- DEBUG(3, ("_srv_net_share_set_info: client is trying to change csc policy from the network; must be done with smb.conf\n"));
+ DEBUG(3, ("_srv_net_share_set_info: client is trying "
+ "to change csc policy from the network; "
+ "must be done with smb.conf\n"));
return WERR_ACCESS_DENIED;
}
case 1006:
@@ -1480,7 +1731,8 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, const char *server_unc, const ch
type = STYPE_DISKTREE;
break;
default:
- DEBUG(5,("_srv_net_share_set_info: unsupported switch value %d\n", level));
+ DEBUG(5,("_srv_net_share_set_info: unsupported switch value "
+ "%d\n", level));
return WERR_UNKNOWN_LEVEL;
}
@@ -1492,50 +1744,29 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, const char *server_unc, const ch
if (!(path = valid_share_pathname( pathname )))
return WERR_OBJECT_PATH_INVALID;
- /* Ensure share name, pathname and comment don't contain '"' characters. */
+ /* Ensure share name, pathname and comment don't contain '"'
+ * characters. */
string_replace(tmp_share_name, '"', ' ');
string_replace(path, '"', ' ');
string_replace(comment, '"', ' ');
DEBUG(10,("_srv_net_share_set_info: change share command = %s\n",
- lp_change_share_cmd() ? lp_change_share_cmd() : "NULL" ));
+ lp_change_share_cmd() ? lp_change_share_cmd() : "NULL" ));
/* Only call modify function if something changed. */
- if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum))
- || (lp_max_connections(snum) != max_connections) )
- {
- if (!lp_change_share_cmd() || !*lp_change_share_cmd()) {
- DEBUG(10,("_srv_net_share_set_info: No change share command\n"));
- return WERR_ACCESS_DENIED;
- }
+ if (strcmp(path, lp_pathname(snum))
+ || strcmp(comment, lp_comment(snum))
+ || (lp_max_connections(snum) != max_connections) ) {
+ WERROR err;
- slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" %d",
- lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment, max_connections );
+ err = change_share(tmp_share_name, path, comment,
+ max_connections, p->pipe_user.nt_user_token,
+ is_disk_op);
- DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command ));
-
- /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/
-
- if ( is_disk_op )
- become_root();
-
- if ( (ret = smbrun(command, NULL)) == 0 ) {
- /* Tell everyone we updated smb.conf. */
- message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
+ if (!W_ERROR_IS_OK(err)) {
+ return err;
}
-
- if ( is_disk_op )
- unbecome_root();
-
- /********* END SeDiskOperatorPrivilege BLOCK *********/
-
- DEBUG(3,("_srv_net_share_set_info: Running [%s] returned (%d)\n", command, ret ));
-
- if ( ret != 0 )
- return WERR_ACCESS_DENIED;
- } else {
- DEBUG(10,("_srv_net_share_set_info: No change to share name (%s)\n", share_name ));
}
/* Replace SD if changed. */
@@ -1547,9 +1778,11 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, const char *server_unc, const ch
&sd_size);
if (old_sd && !sec_desc_equal(old_sd, psd)) {
- if (!set_share_security(share_name, psd))
- DEBUG(0,("_srv_net_share_set_info: Failed to change security info in share %s.\n",
- share_name ));
+ if (!set_share_security(share_name, psd)) {
+ DEBUG(0,("_srv_net_share_set_info: Failed to "
+ "change security info in share %s.\n",
+ share_name ));
+ }
}
}
@@ -1558,6 +1791,7 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, const char *server_unc, const ch
return WERR_OK;
}
+
/*******************************************************************
Net share add. Call 'add_share_command "sharename" "pathname"
"comment" "max connections = "
@@ -1567,18 +1801,16 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p, const char *server_unc,
uint32_t level, union srvsvc_NetShareInfo info,
uint32_t *parm_error)
{
- pstring command;
pstring share_name;
pstring comment;
pstring pathname;
char *path;
int type;
- int snum;
- int ret;
SEC_DESC *psd = NULL;
SE_PRIV se_diskop = SE_DISK_OPERATOR;
BOOL is_disk_op;
- int max_connections = 0;
+ uint32 max_connections = 0;
+ WERROR err;
DEBUG(5,("_srv_net_share_add: %d\n", __LINE__));
@@ -1592,11 +1824,6 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p, const char *server_unc,
if (p->pipe_user.ut.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
- if (!lp_add_share_cmd() || !*lp_add_share_cmd()) {
- DEBUG(10,("_srv_net_share_add: No add share command\n"));
- return WERR_ACCESS_DENIED;
- }
-
switch (level) {
case 0:
/* No path. Not enough info in a level 0 to do anything. */
@@ -1656,11 +1883,10 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p, const char *server_unc,
return WERR_ACCESS_DENIED;
}
- snum = find_service(share_name);
-
- /* Share already exists. */
- if (snum >= 0)
+ if (get_share_params(p->mem_ctx, share_name) != NULL) {
+ /* Share already exists. */
return WERR_ALREADY_EXISTS;
+ }
/* We can only add disk shares. */
if (type != STYPE_DISKTREE)
@@ -1677,34 +1903,13 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p, const char *server_unc,
string_replace(path, '"', ' ');
string_replace(comment, '"', ' ');
- slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" "
- "%d", lp_add_share_cmd(), dyn_CONFIGFILE, share_name,
- path, comment, max_connections);
-
- DEBUG(10,("_srv_net_share_add: Running [%s]\n", command ));
-
- /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/
-
- if ( is_disk_op )
- become_root();
+ err = add_share(share_name, path, comment, max_connections,
+ p->pipe_user.nt_user_token, is_disk_op);
- if ( (ret = smbrun(command, NULL)) == 0 ) {
- /* Tell everyone we updated smb.conf. */
- message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0,
- False, NULL);
+ if (!W_ERROR_IS_OK(err)) {
+ return err;
}
- if ( is_disk_op )
- unbecome_root();
-
- /********* END SeDiskOperatorPrivilege BLOCK *********/
-
- DEBUG(3,("_srv_net_share_add: Running [%s] returned (%d)\n", command,
- ret ));
-
- if ( ret != 0 )
- return WERR_ACCESS_DENIED;
-
if (psd) {
if (!set_share_security(share_name, psd)) {
DEBUG(0,("_srv_net_share_add: Failed to add security "
@@ -1731,11 +1936,10 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p, const char *server_unc,
WERROR _srvsvc_NetShareDel(pipes_struct *p, const char *server_unc,
const char *share_name, uint32_t reserved)
{
- char *command;
- int ret;
struct share_params *params;
SE_PRIV se_diskop = SE_DISK_OPERATOR;
BOOL is_disk_op;
+ WERROR err;
DEBUG(5,("_srv_net_share_del: %d\n", __LINE__));
@@ -1760,43 +1964,13 @@ WERROR _srvsvc_NetShareDel(pipes_struct *p, const char *server_unc,
if (p->pipe_user.ut.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
- if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) {
- DEBUG(10,("_srv_net_share_del: No delete share command\n"));
- return WERR_ACCESS_DENIED;
- }
-
- if (asprintf(&command, "%s \"%s\" \"%s\"",
- lp_delete_share_cmd(), dyn_CONFIGFILE,
- lp_servicename(params->service)) == -1) {
- return WERR_NOMEM;
- }
-
- DEBUG(10,("_srv_net_share_del: Running [%s]\n", command ));
+ err = delete_share(lp_servicename(params->service),
+ p->pipe_user.nt_user_token, is_disk_op);
- /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/
-
- if ( is_disk_op )
- become_root();
-
- if ( (ret = smbrun(command, NULL)) == 0 ) {
- /* Tell everyone we updated smb.conf. */
- message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0,
- False, NULL);
+ if (!W_ERROR_IS_OK(err)) {
+ return err;
}
- if ( is_disk_op )
- unbecome_root();
-
- SAFE_FREE(command);
-
- /********* END SeDiskOperatorPrivilege BLOCK *********/
-
- DEBUG(3,("_srv_net_share_del: Running [%s] returned (%d)\n", command,
- ret ));
-
- if ( ret != 0 )
- return WERR_ACCESS_DENIED;
-
/* Delete the SD in the database. */
delete_share_security(params);