From c3effa8b599a6a0a2fe05487edc3a0d13e83d427 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 17 Aug 1998 13:11:34 +0000 Subject: this completes the splitup of server.c. the splitup was done with an axe, not a scalpel, so there are some rough edges. I mostly wanted to get the general form right with fine tuning of what goes where to come later. Still, this is better than what we had before where server.c was a general repository for anything that didn't fit elsewhere. (This used to be commit a6d194886a4a5f7507fa37289ff96c1be56f14a6) --- source3/smbd/service.c | 542 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 542 insertions(+) create mode 100644 source3/smbd/service.c (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c new file mode 100644 index 0000000000..b0c74aa53e --- /dev/null +++ b/source3/smbd/service.c @@ -0,0 +1,542 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + service (connection) opening and closing + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern int DEBUGLEVEL; + +extern time_t smb_last_time; +extern int case_default; +extern BOOL case_preserve; +extern BOOL short_case_preserve; +extern BOOL case_mangle; +extern BOOL case_sensitive; +extern BOOL use_mangled_map; +extern fstring remote_machine; +extern pstring sesssetup_user; +extern fstring remote_machine; + + +/**************************************************************************** +load parameters specific to a connection/service +****************************************************************************/ +BOOL become_service(connection_struct *conn,BOOL do_chdir) +{ + extern char magic_char; + static connection_struct *last_conn; + int snum; + + if (!conn) { + last_conn = NULL; + return(False); + } + + conn->lastused = smb_last_time; + + snum = SNUM(conn); + + if (do_chdir && + ChDir(conn->connectpath) != 0 && + ChDir(conn->origpath) != 0) { + DEBUG(0,("chdir (%s) failed\n", + conn->connectpath)); + return(False); + } + + if (conn == last_conn) + return(True); + + last_conn = conn; + + case_default = lp_defaultcase(snum); + case_preserve = lp_preservecase(snum); + short_case_preserve = lp_shortpreservecase(snum); + case_mangle = lp_casemangle(snum); + case_sensitive = lp_casesensitive(snum); + magic_char = lp_magicchar(snum); + use_mangled_map = (*lp_mangled_map(snum) ? True:False); + return(True); +} + + +/**************************************************************************** + find a service entry +****************************************************************************/ +int find_service(char *service) +{ + int iService; + + string_sub(service,"\\","/"); + + iService = lp_servicenumber(service); + + /* now handle the special case of a home directory */ + if (iService < 0) + { + char *phome_dir = get_home_dir(service); + + if(!phome_dir) + { + /* + * Try mapping the servicename, it may + * be a Windows to unix mapped user name. + */ + if(map_username(service)) + phome_dir = get_home_dir(service); + } + + DEBUG(3,("checking for home directory %s gave %s\n",service, + phome_dir?phome_dir:"(NULL)")); + + if (phome_dir) + { + int iHomeService; + if ((iHomeService = lp_servicenumber(HOMES_NAME)) >= 0) + { + lp_add_home(service,iHomeService,phome_dir); + iService = lp_servicenumber(service); + } + } + } + + /* If we still don't have a service, attempt to add it as a printer. */ + if (iService < 0) + { + int iPrinterService; + + if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0) + { + char *pszTemp; + + DEBUG(3,("checking whether %s is a valid printer name...\n", service)); + pszTemp = PRINTCAP; + if ((pszTemp != NULL) && pcap_printername_ok(service, pszTemp)) + { + DEBUG(3,("%s is a valid printer name\n", service)); + DEBUG(3,("adding %s as a printer service\n", service)); + lp_add_printer(service,iPrinterService); + iService = lp_servicenumber(service); + if (iService < 0) + DEBUG(0,("failed to add %s as a printer service!\n", service)); + } + else + DEBUG(3,("%s is not a valid printer name\n", service)); + } + } + + /* just possibly it's a default service? */ + if (iService < 0) + { + char *pdefservice = lp_defaultservice(); + if (pdefservice && *pdefservice && !strequal(pdefservice,service)) + { + /* + * We need to do a local copy here as lp_defaultservice() + * returns one of the rotating lp_string buffers that + * could get overwritten by the recursive find_service() call + * below. Fix from Josef Hinteregger . + */ + pstring defservice; + pstrcpy(defservice, pdefservice); + iService = find_service(defservice); + if (iService >= 0) + { + string_sub(service,"_","/"); + iService = lp_add_service(service,iService); + } + } + } + + if (iService >= 0) + if (!VALID_SNUM(iService)) + { + DEBUG(0,("Invalid snum %d for %s\n",iService,service)); + iService = -1; + } + + if (iService < 0) + DEBUG(3,("find_service() failed to find service %s\n", service)); + + return (iService); +} + + +/**************************************************************************** + make a connection to a service +****************************************************************************/ +connection_struct *make_connection(char *service,char *user,char *password, int pwlen, char *dev,uint16 vuid, int *ecode) +{ + int snum; + struct passwd *pass = NULL; + BOOL guest = False; + BOOL force = False; + extern int Client; + connection_struct *conn; + + strlower(service); + + snum = find_service(service); + if (snum < 0) { + extern int Client; + if (strequal(service,"IPC$")) { + DEBUG(3,("refusing IPC connection\n")); + *ecode = ERRnoipc; + return NULL; + } + + DEBUG(0,("%s (%s) couldn't find service %s\n", + remote_machine, client_addr(Client), service)); + *ecode = ERRinvnetname; + return NULL; + } + + if (strequal(service,HOMES_NAME)) { + if (*user && Get_Pwnam(user,True)) + return(make_connection(user,user,password, + pwlen,dev,vuid,ecode)); + + if(lp_security() != SEC_SHARE) { + if (validated_username(vuid)) { + pstrcpy(user,validated_username(vuid)); + return(make_connection(user,user,password,pwlen,dev,vuid,ecode)); + } + } else { + /* Security = share. Try with sesssetup_user + * as the username. */ + if(*sesssetup_user) { + pstrcpy(user,sesssetup_user); + return(make_connection(user,user,password,pwlen,dev,vuid,ecode)); + } + } + } + + if (!lp_snum_ok(snum) || + !check_access(Client, + lp_hostsallow(snum), lp_hostsdeny(snum))) { + *ecode = ERRaccess; + return NULL; + } + + /* you can only connect to the IPC$ service as an ipc device */ + if (strequal(service,"IPC$")) + pstrcpy(dev,"IPC"); + + if (*dev == '?' || !*dev) { + if (lp_print_ok(snum)) { + pstrcpy(dev,"LPT1:"); + } else { + pstrcpy(dev,"A:"); + } + } + + /* if the request is as a printer and you can't print then refuse */ + strupper(dev); + if (!lp_print_ok(snum) && (strncmp(dev,"LPT",3) == 0)) { + DEBUG(1,("Attempt to connect to non-printer as a printer\n")); + *ecode = ERRinvdevice; + return NULL; + } + + /* lowercase the user name */ + strlower(user); + + /* add it as a possible user name */ + add_session_user(service); + + /* shall we let them in? */ + if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) { + DEBUG( 2, ( "Invalid username/password for %s\n", service ) ); + *ecode = ERRbadpw; + return NULL; + } + + conn = conn_new(); + if (!conn) { + DEBUG(0,("Couldn't find free connection.\n")); + *ecode = ERRnoresource; + conn_free(conn); + return NULL; + } + + /* find out some info about the user */ + pass = Get_Pwnam(user,True); + + if (pass == NULL) { + DEBUG(0,( "Couldn't find account %s\n",user)); + *ecode = ERRbaduid; + conn_free(conn); + return NULL; + } + + conn->read_only = lp_readonly(snum); + + { + pstring list; + StrnCpy(list,lp_readlist(snum),sizeof(pstring)-1); + string_sub(list,"%S",service); + + if (user_in_list(user,list)) + conn->read_only = True; + + StrnCpy(list,lp_writelist(snum),sizeof(pstring)-1); + string_sub(list,"%S",service); + + if (user_in_list(user,list)) + conn->read_only = False; + } + + /* admin user check */ + + /* JRA - original code denied admin user if the share was + marked read_only. Changed as I don't think this is needed, + but old code left in case there is a problem here. + */ + if (user_in_list(user,lp_admin_users(snum)) +#if 0 + && !conn->read_only +#endif + ) { + conn->admin_user = True; + DEBUG(0,("%s logged in as admin user (root privileges)\n",user)); + } else { + conn->admin_user = False; + } + + conn->force_user = force; + conn->vuid = vuid; + conn->uid = pass->pw_uid; + conn->gid = pass->pw_gid; + conn->num_files_open = 0; + conn->lastused = time(NULL); + conn->service = snum; + conn->used = True; + conn->printer = (strncmp(dev,"LPT",3) == 0); + conn->ipc = (strncmp(dev,"IPC",3) == 0); + conn->dirptr = NULL; + conn->veto_list = NULL; + conn->hide_list = NULL; + conn->veto_oplock_list = NULL; + string_set(&conn->dirpath,""); + string_set(&conn->user,user); + +#ifdef HAVE_GETGRNAM + if (*lp_force_group(snum)) { + struct group *gptr; + pstring gname; + + StrnCpy(gname,lp_force_group(snum),sizeof(pstring)-1); + /* default service may be a group name */ + string_sub(gname,"%S",service); + gptr = (struct group *)getgrnam(gname); + + if (gptr) { + conn->gid = gptr->gr_gid; + DEBUG(3,("Forced group %s\n",gname)); + } else { + DEBUG(1,("Couldn't find group %s\n",gname)); + } + } +#endif + + if (*lp_force_user(snum)) { + struct passwd *pass2; + fstring fuser; + fstrcpy(fuser,lp_force_user(snum)); + pass2 = (struct passwd *)Get_Pwnam(fuser,True); + if (pass2) { + conn->uid = pass2->pw_uid; + string_set(&conn->user,fuser); + fstrcpy(user,fuser); + conn->force_user = True; + DEBUG(3,("Forced user %s\n",fuser)); + } else { + DEBUG(1,("Couldn't find user %s\n",fuser)); + } + } + + { + pstring s; + pstrcpy(s,lp_pathname(snum)); + standard_sub(conn,s); + string_set(&conn->connectpath,s); + DEBUG(3,("Connect path is %s\n",s)); + } + + /* groups stuff added by ih */ + conn->ngroups = 0; + conn->groups = NULL; + + if (!IS_IPC(conn)) { + /* Find all the groups this uid is in and + store them. Used by become_user() */ + setup_groups(conn->user,conn->uid,conn->gid, + &conn->ngroups,&conn->groups); + + /* check number of connections */ + if (!claim_connection(conn, + lp_servicename(SNUM(conn)), + lp_max_connections(SNUM(conn)), + False)) { + DEBUG(1,("too many connections - rejected\n")); + *ecode = ERRnoresource; + conn_free(conn); + return NULL; + } + + if (lp_status(SNUM(conn))) + claim_connection(conn,"STATUS.", + MAXSTATUS,False); + } /* IS_IPC */ + + /* execute any "root preexec = " line */ + if (*lp_rootpreexec(SNUM(conn))) { + pstring cmd; + pstrcpy(cmd,lp_rootpreexec(SNUM(conn))); + standard_sub(conn,cmd); + DEBUG(5,("cmd=%s\n",cmd)); + smbrun(cmd,NULL,False); + } + + if (!become_user(conn, conn->vuid)) { + DEBUG(0,("Can't become connected user!\n")); + if (!IS_IPC(conn)) { + yield_connection(conn, + lp_servicename(SNUM(conn)), + lp_max_connections(SNUM(conn))); + if (lp_status(SNUM(conn))) { + yield_connection(conn,"STATUS.",MAXSTATUS); + } + } + conn_free(conn); + *ecode = ERRbadpw; + return NULL; + } + + if (ChDir(conn->connectpath) != 0) { + DEBUG(0,("Can't change directory to %s (%s)\n", + conn->connectpath,strerror(errno))); + unbecome_user(); + if (!IS_IPC(conn)) { + yield_connection(conn, + lp_servicename(SNUM(conn)), + lp_max_connections(SNUM(conn))); + if (lp_status(SNUM(conn))) + yield_connection(conn,"STATUS.",MAXSTATUS); + } + conn_free(conn); + *ecode = ERRinvnetname; + return NULL; + } + + string_set(&conn->origpath,conn->connectpath); + +#if SOFTLINK_OPTIMISATION + /* resolve any soft links early */ + { + pstring s; + pstrcpy(s,conn->connectpath); + GetWd(s); + string_set(&conn->connectpath,s); + ChDir(conn->connectpath); + } +#endif + + add_session_user(user); + + /* execute any "preexec = " line */ + if (*lp_preexec(SNUM(conn))) { + pstring cmd; + pstrcpy(cmd,lp_preexec(SNUM(conn))); + standard_sub(conn,cmd); + smbrun(cmd,NULL,False); + } + + /* we've finished with the sensitive stuff */ + unbecome_user(); + + /* Add veto/hide lists */ + if (!IS_IPC(conn) && !IS_PRINT(conn)) { + set_namearray( &conn->veto_list, lp_veto_files(SNUM(conn))); + set_namearray( &conn->hide_list, lp_hide_files(SNUM(conn))); + set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(SNUM(conn))); + } + + if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) { + extern int Client; + + dbgtext( "%s (%s) ", remote_machine, client_addr(Client) ); + dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) ); + dbgtext( "as user %s ", user ); + dbgtext( "(uid=%d, gid=%d) ", conn->uid, conn->gid ); + dbgtext( "(pid %d)\n", (int)getpid() ); + } + + return(conn); +} + + +/**************************************************************************** +close a cnum +****************************************************************************/ +void close_cnum(connection_struct *conn, uint16 vuid) +{ + extern int Client; + DirCacheFlush(SNUM(conn)); + + unbecome_user(); + + DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n", + remote_machine,client_addr(Client), + lp_servicename(SNUM(conn)))); + + yield_connection(conn, + lp_servicename(SNUM(conn)), + lp_max_connections(SNUM(conn))); + + if (lp_status(SNUM(conn))) + yield_connection(conn,"STATUS.",MAXSTATUS); + + file_close_conn(conn); + dptr_closecnum(conn); + + /* execute any "postexec = " line */ + if (*lp_postexec(SNUM(conn)) && + become_user(conn, vuid)) { + pstring cmd; + pstrcpy(cmd,lp_postexec(SNUM(conn))); + standard_sub(conn,cmd); + smbrun(cmd,NULL,False); + unbecome_user(); + } + + unbecome_user(); + /* execute any "root postexec = " line */ + if (*lp_rootpostexec(SNUM(conn))) { + pstring cmd; + pstrcpy(cmd,lp_rootpostexec(SNUM(conn))); + standard_sub(conn,cmd); + smbrun(cmd,NULL,False); + } + + conn_free(conn); +} + + -- cgit From 9066025a8a4afe1f7f559c455d86fc023792ed17 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 29 Sep 1998 20:24:17 +0000 Subject: Got very strict about the differences and uses of uid_t, gid_t and vuid. Added sys_getgroups() to get around the int * return problem. Set correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b0c74aa53e..ee195e12ec 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -485,7 +485,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int dbgtext( "%s (%s) ", remote_machine, client_addr(Client) ); dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) ); dbgtext( "as user %s ", user ); - dbgtext( "(uid=%d, gid=%d) ", conn->uid, conn->gid ); + dbgtext( "(uid=%d, gid=%d) ", (int)conn->uid, (int)conn->gid ); dbgtext( "(pid %d)\n", (int)getpid() ); } -- cgit From 74d539f5573a3ed3ff1b96c54752a389da4c3e14 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 17 Nov 1998 16:19:04 +0000 Subject: - group database API. oops and oh dear, the threat has been carried out: the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ee195e12ec..cedac1c76f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -387,7 +387,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!IS_IPC(conn)) { /* Find all the groups this uid is in and store them. Used by become_user() */ - setup_groups(conn->user,conn->uid,conn->gid, + get_unixgroups(conn->user,conn->uid,conn->gid, &conn->ngroups,&conn->groups); /* check number of connections */ -- cgit From bfc38ff872446e0ad365c22327c779e72a81bef9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 25 Nov 1998 21:17:20 +0000 Subject: Makefile.in: Added maintainer mode fixes. aclocal.m4: Added AC_LIBTESTFUNC. configure.in: Fixed -lsecurity -lsec problems. client.c: dos_ fixes. groupdb/aliasunix.c: Dead code removal. include/includes.h: Added default PRINTCAP_NAME. lib/genrand.c: dos_ fixes. lib/replace.c: Added strtoul. lib/system.c: dos_ fixes. lib/util.c: dos_ fixes. lib/util_sid.c: Signed/unsigned fixes. lib/util_str.c: removed bad const. locking/locking_slow.c: dos_ fixes. printing/printing.c: dos_ fixes. rpc_server/srv_samr.c: Dead code removal. rpc_server/srv_sid.c: global_myworkgroup defined with wrong size AGAIN ! smbd/dir.c: dos_ fixes. smbd/open.c: dos_ fixes. smbd/oplock.c: dos_ fixes. smbd/reply.c smbd/server.c smbd/service.c smbd/uid.c: dos_ fixes. Jeremy. (This used to be commit 6acb4b68f68d516e2ac3c47e500f5600d653435e) --- source3/smbd/service.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index cedac1c76f..b4a1115867 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -54,8 +54,8 @@ BOOL become_service(connection_struct *conn,BOOL do_chdir) snum = SNUM(conn); if (do_chdir && - ChDir(conn->connectpath) != 0 && - ChDir(conn->origpath) != 0) { + dos_ChDir(conn->connectpath) != 0 && + dos_ChDir(conn->origpath) != 0) { DEBUG(0,("chdir (%s) failed\n", conn->connectpath)); return(False); @@ -430,7 +430,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int return NULL; } - if (ChDir(conn->connectpath) != 0) { + if (dos_ChDir(conn->connectpath) != 0) { DEBUG(0,("Can't change directory to %s (%s)\n", conn->connectpath,strerror(errno))); unbecome_user(); @@ -453,9 +453,9 @@ connection_struct *make_connection(char *service,char *user,char *password, int { pstring s; pstrcpy(s,conn->connectpath); - GetWd(s); + dos_GetWd(s); string_set(&conn->connectpath,s); - ChDir(conn->connectpath); + dos_ChDir(conn->connectpath); } #endif -- cgit From 6192feac174627a9191de7c8f162f4ce78d272df Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 29 Nov 1998 06:23:16 +0000 Subject: don't allow ".." in service name when doing "default service" processing. (This used to be commit 702263bba555a1d7c7999d40e5789b7e920dbce4) --- source3/smbd/service.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b4a1115867..bc7fb88387 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -146,7 +146,9 @@ int find_service(char *service) if (iService < 0) { char *pdefservice = lp_defaultservice(); - if (pdefservice && *pdefservice && !strequal(pdefservice,service)) + if (pdefservice && *pdefservice && + !strequal(pdefservice,service) && + !strstr(service,"..")) { /* * We need to do a local copy here as lp_defaultservice() -- cgit From d4385df3e80d63dbc7a1c90cc903d8343dfba652 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 14 Dec 1998 20:21:39 +0000 Subject: trying to track down issues in get_home_dir(). (This used to be commit 2cce78aa00f31b79d51aaf46da72019b926e8226) --- source3/smbd/service.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index bc7fb88387..4dd3cb4d97 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -92,8 +92,9 @@ int find_service(char *service) if (iService < 0) { char *phome_dir = get_home_dir(service); + pstring home_dir; - if(!phome_dir) + if(phome_dir == NULL) { /* * Try mapping the servicename, it may @@ -109,9 +110,10 @@ int find_service(char *service) if (phome_dir) { int iHomeService; + pstrcpy(home_dir, phome_dir); if ((iHomeService = lp_servicenumber(HOMES_NAME)) >= 0) { - lp_add_home(service,iHomeService,phome_dir); + lp_add_home(service,iHomeService,home_dir); iService = lp_servicenumber(service); } } -- cgit From afc00dbd6f1c7281893ea55f4cca0bdb483f0c75 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sun, 4 Apr 1999 06:22:22 +0000 Subject: Call VFS initialisation, share connect and share disconnect functions. Initialise VFS function pointers with symbols from the 'vfs object' file, use disk pointers otherwise. Added a hook to check for a 'default' VFS share (like the [homes] section). Currently empty - I'm unsure whether this will be useful or not. (This used to be commit 15805164fe77b127372eba1ec51c70758467adee) --- source3/smbd/service.c | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 4dd3cb4d97..8202294293 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -144,6 +144,11 @@ int find_service(char *service) } } + /* Check for default vfs service? Unsure whether to implement this */ + if (iService < 0) + { + } + /* just possibly it's a default service? */ if (iService < 0) { @@ -340,7 +345,24 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->veto_oplock_list = NULL; string_set(&conn->dirpath,""); string_set(&conn->user,user); - + + /* Initialise VFS function pointers */ + + if (*lp_vfsobj(SNUM(conn))) { + + /* Loadable object file */ + + if (vfs_init_custom(conn) < 0) { + return NULL; + } + + } else { + + /* Normal share - initialise with disk access functions */ + + vfs_init_default(conn); + } + #ifdef HAVE_GETGRNAM if (*lp_force_group(snum)) { struct group *gptr; @@ -492,6 +514,14 @@ connection_struct *make_connection(char *service,char *user,char *password, int dbgtext( "(uid=%d, gid=%d) ", (int)conn->uid, (int)conn->gid ); dbgtext( "(pid %d)\n", (int)getpid() ); } + + /* Invoke make connection hook */ + + if (conn->vfs_ops.connect) { + if (conn->vfs_ops.connect(conn, service, user) < 0) { + return NULL; + } + } return(conn); } @@ -511,6 +541,10 @@ void close_cnum(connection_struct *conn, uint16 vuid) remote_machine,client_addr(Client), lp_servicename(SNUM(conn)))); + if (conn->vfs_ops.disconnect != NULL) { + conn->vfs_ops.disconnect(conn, lp_servicename(SNUM(conn))); + } + yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); -- cgit From 69ae7902bb2ba16f6312aaaa0cdee1204297905a Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 5 Apr 1999 05:18:07 +0000 Subject: Disable VFS routines if no libdl available. (This used to be commit cbfd8a8990b4d06d0c866274e7d28e4a5e384686) --- source3/smbd/service.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 8202294293..5c7929d1b6 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -350,11 +350,18 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (*lp_vfsobj(SNUM(conn))) { +#ifdef HAVE_LIBDL + /* Loadable object file */ if (vfs_init_custom(conn) < 0) { return NULL; } +#else + DEBUG(0, ("No libdl present - cannot use VFS objects\n")); + conn_free(conn); + return NULL; +#endif } else { -- cgit From b7100673febaaaf37e0875ded640126425be9f8e Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 20 Apr 1999 03:37:11 +0000 Subject: Changed the way a VFS is initialised. The vfs_init() function is executed from the VFS object file and it returns a pointer to a vfs_ops structure. If any of the function pointers in vfs_ops are NULL, then they are replaced with the standard disk functions. This should allow disk-related VFS modules to be easily added. I've written an auditing VFS module which logs various calls (connect, disconnect, mkdir, rmdir, open and a few others) to syslog in a couple of pages of code. Thanks to tridge for various useful suggestions. (This used to be commit 346c78d7078d87bc95abc274f2bc66476aeee54c) --- source3/smbd/service.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 51 insertions(+), 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 5c7929d1b6..7628f9c8f0 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -354,7 +354,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int /* Loadable object file */ - if (vfs_init_custom(conn) < 0) { + if (!vfs_init_custom(conn)) { return NULL; } #else @@ -516,7 +516,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int extern int Client; dbgtext( "%s (%s) ", remote_machine, client_addr(Client) ); - dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) ); + dbgtext( "connect to service %s ", lp_servicename(SNUM(conn))); dbgtext( "as user %s ", user ); dbgtext( "(uid=%d, gid=%d) ", (int)conn->uid, (int)conn->gid ); dbgtext( "(pid %d)\n", (int)getpid() ); @@ -525,7 +525,42 @@ connection_struct *make_connection(char *service,char *user,char *password, int /* Invoke make connection hook */ if (conn->vfs_ops.connect) { - if (conn->vfs_ops.connect(conn, service, user) < 0) { + struct vfs_connection_struct *vconn; + + vconn = (struct vfs_connection_struct *) + malloc(sizeof(struct vfs_connection_struct)); + + if (vconn == NULL) { + DEBUG(0, ("No memory to create vfs_connection_struct")); + return NULL; + } + + ZERO_STRUCTP(vconn); + + /* Copy across relevant data from connection struct */ + + vconn->printer = conn->printer; + vconn->ipc = conn->ipc; + vconn->read_only = conn->read_only; + vconn->admin_user = conn->admin_user; + + pstrcpy(vconn->dirpath, conn->dirpath); + pstrcpy(vconn->connectpath, conn->connectpath); + pstrcpy(vconn->origpath, conn->origpath); + + pstrcpy(vconn->user, conn->user); + vconn->uid = conn->uid; + vconn->gid = conn->gid; + vconn->ngroups = conn->ngroups; + vconn->groups = (gid_t *)malloc(conn->ngroups * sizeof(gid_t)); + if (vconn->groups != NULL) { + memcpy(vconn->groups, conn->groups, + conn->ngroups * sizeof(gid_t)); + } + + /* Call connect hook */ + + if (conn->vfs_ops.connect(vconn, service, user) < 0) { return NULL; } } @@ -549,7 +584,19 @@ void close_cnum(connection_struct *conn, uint16 vuid) lp_servicename(SNUM(conn)))); if (conn->vfs_ops.disconnect != NULL) { - conn->vfs_ops.disconnect(conn, lp_servicename(SNUM(conn))); + + /* Call disconnect hook */ + + conn->vfs_ops.disconnect(); + + /* Free vfs_connection_struct */ + + if (conn->vfs_conn != NULL) { + if (conn->vfs_conn->groups != NULL) { + free(conn->vfs_conn->groups); + } + free(conn->vfs_conn); + } } yield_connection(conn, -- cgit From 731c7f2ecfe17651506ba05b88358360e4654a37 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sun, 13 Jun 1999 04:14:24 +0000 Subject: Moved code that changes the pw_passwd entry (i.e shadow password and weird unixware stuff) into _Get_Pwnam() to fix a memory allocation bug. Note that the Get_Pwnam() function now returns a const struct passwd * as a hint to other developers not to change entries in the struct passwd. (This used to be commit 36d7cb4ccc42268e8e6a7b783c945d1853624958) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 7628f9c8f0..becfd01504 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -194,7 +194,7 @@ int find_service(char *service) connection_struct *make_connection(char *service,char *user,char *password, int pwlen, char *dev,uint16 vuid, int *ecode) { int snum; - struct passwd *pass = NULL; + const struct passwd *pass = NULL; BOOL guest = False; BOOL force = False; extern int Client; -- cgit From 73891ca8e4f6cca6aa8bb0ae043f660a64baa056 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 29 Jun 1999 18:47:06 +0000 Subject: improving authentication code (tidyup). (This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index becfd01504..232579a0f1 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -390,10 +390,10 @@ connection_struct *make_connection(char *service,char *user,char *password, int #endif if (*lp_force_user(snum)) { - struct passwd *pass2; + const struct passwd *pass2; fstring fuser; fstrcpy(fuser,lp_force_user(snum)); - pass2 = (struct passwd *)Get_Pwnam(fuser,True); + pass2 = (const struct passwd *)Get_Pwnam(fuser,True); if (pass2) { conn->uid = pass2->pw_uid; string_set(&conn->user,fuser); -- cgit From 331ab45321dd37ba72b9569c1d62e887200595f3 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 22 Jul 1999 04:47:14 +0000 Subject: Copy service name into vfs_connection_struct. (This used to be commit 19242cd44e059d90e91f1c27bfb45899ce5de26a) --- source3/smbd/service.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 232579a0f1..f0af82fb4e 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -548,7 +548,9 @@ connection_struct *make_connection(char *service,char *user,char *password, int pstrcpy(vconn->connectpath, conn->connectpath); pstrcpy(vconn->origpath, conn->origpath); + pstrcpy(vconn->service, service); pstrcpy(vconn->user, conn->user); + vconn->uid = conn->uid; vconn->gid = conn->gid; vconn->ngroups = conn->ngroups; -- cgit From f6276724bafdb6145c0c7b565172d80cb04516ea Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 12 Dec 1999 21:00:35 +0000 Subject: changed function name of get_home_dir() to get_unixhome_dir(), to stop clash with gnu readline library. fixed issue with [homes] service not being there - call lp_add_home() just before starting the msrpc processing. (This used to be commit 054195df9b6187c663ede5cf4489499abbdc29fc) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index f0af82fb4e..64abf3de1d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -91,7 +91,7 @@ int find_service(char *service) /* now handle the special case of a home directory */ if (iService < 0) { - char *phome_dir = get_home_dir(service); + char *phome_dir = get_unixhome_dir(service); pstring home_dir; if(phome_dir == NULL) @@ -101,7 +101,7 @@ int find_service(char *service) * be a Windows to unix mapped user name. */ if(map_username(service)) - phome_dir = get_home_dir(service); + phome_dir = get_unixhome_dir(service); } DEBUG(3,("checking for home directory %s gave %s\n",service, -- cgit From 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Dec 1999 13:27:58 +0000 Subject: first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154) --- source3/smbd/service.c | 262 ++++++++++++++++++++++--------------------------- 1 file changed, 118 insertions(+), 144 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 64abf3de1d..92807e2d43 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -23,7 +23,7 @@ extern int DEBUGLEVEL; -extern time_t smb_last_time; +extern struct timeval smb_last_time; extern int case_default; extern BOOL case_preserve; extern BOOL short_case_preserve; @@ -49,7 +49,7 @@ BOOL become_service(connection_struct *conn,BOOL do_chdir) return(False); } - conn->lastused = smb_last_time; + conn->lastused = smb_last_time.tv_sec; snum = SNUM(conn); @@ -84,24 +84,23 @@ int find_service(char *service) { int iService; - string_sub(service,"\\","/"); + all_string_sub(service,"\\","/",0); iService = lp_servicenumber(service); /* now handle the special case of a home directory */ if (iService < 0) { - char *phome_dir = get_unixhome_dir(service); - pstring home_dir; + char *phome_dir = get_user_home_dir(service); - if(phome_dir == NULL) + if(!phome_dir) { /* * Try mapping the servicename, it may * be a Windows to unix mapped user name. */ if(map_username(service)) - phome_dir = get_unixhome_dir(service); + phome_dir = get_user_home_dir(service); } DEBUG(3,("checking for home directory %s gave %s\n",service, @@ -110,10 +109,9 @@ int find_service(char *service) if (phome_dir) { int iHomeService; - pstrcpy(home_dir, phome_dir); if ((iHomeService = lp_servicenumber(HOMES_NAME)) >= 0) { - lp_add_home(service,iHomeService,home_dir); + lp_add_home(service,iHomeService,phome_dir); iService = lp_servicenumber(service); } } @@ -144,11 +142,6 @@ int find_service(char *service) } } - /* Check for default vfs service? Unsure whether to implement this */ - if (iService < 0) - { - } - /* just possibly it's a default service? */ if (iService < 0) { @@ -168,7 +161,7 @@ int find_service(char *service) iService = find_service(defservice); if (iService >= 0) { - string_sub(service,"_","/"); + all_string_sub(service,"_","/",0); iService = lp_add_service(service,iService); } } @@ -194,11 +187,12 @@ int find_service(char *service) connection_struct *make_connection(char *service,char *user,char *password, int pwlen, char *dev,uint16 vuid, int *ecode) { int snum; - const struct passwd *pass = NULL; + struct passwd *pass = NULL; BOOL guest = False; BOOL force = False; extern int Client; connection_struct *conn; + int ret; strlower(service); @@ -218,21 +212,31 @@ connection_struct *make_connection(char *service,char *user,char *password, int } if (strequal(service,HOMES_NAME)) { - if (*user && Get_Pwnam(user,True)) - return(make_connection(user,user,password, + if (*user && Get_Pwnam(user,True)) { + fstring dos_username; + fstrcpy(dos_username, user); + unix_to_dos(dos_username, True); + return(make_connection(dos_username,user,password, pwlen,dev,vuid,ecode)); + } if(lp_security() != SEC_SHARE) { if (validated_username(vuid)) { - pstrcpy(user,validated_username(vuid)); - return(make_connection(user,user,password,pwlen,dev,vuid,ecode)); + fstring dos_username; + fstrcpy(user,validated_username(vuid)); + fstrcpy(dos_username, user); + unix_to_dos(dos_username, True); + return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode)); } } else { /* Security = share. Try with sesssetup_user * as the username. */ if(*sesssetup_user) { - pstrcpy(user,sesssetup_user); - return(make_connection(user,user,password,pwlen,dev,vuid,ecode)); + fstring dos_username; + fstrcpy(user,sesssetup_user); + fstrcpy(dos_username, user); + unix_to_dos(dos_username, True); + return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode)); } } } @@ -300,13 +304,13 @@ connection_struct *make_connection(char *service,char *user,char *password, int { pstring list; StrnCpy(list,lp_readlist(snum),sizeof(pstring)-1); - string_sub(list,"%S",service); + pstring_sub(list,"%S",service); if (user_in_list(user,list)) conn->read_only = True; StrnCpy(list,lp_writelist(snum),sizeof(pstring)-1); - string_sub(list,"%S",service); + pstring_sub(list,"%S",service); if (user_in_list(user,list)) conn->read_only = False; @@ -333,6 +337,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->vuid = vuid; conn->uid = pass->pw_uid; conn->gid = pass->pw_gid; + safe_strcpy(conn->client_address, client_addr(Client), sizeof(conn->client_address)-1); conn->num_files_open = 0; conn->lastused = time(NULL); conn->service = snum; @@ -345,65 +350,83 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->veto_oplock_list = NULL; string_set(&conn->dirpath,""); string_set(&conn->user,user); + + /* + * If force user is true, then store the + * given userid and also the primary groupid + * of the user we're forcing. + */ + + if (*lp_force_user(snum)) { + struct passwd *pass2; + pstring fuser; + pstrcpy(fuser,lp_force_user(snum)); - /* Initialise VFS function pointers */ - - if (*lp_vfsobj(SNUM(conn))) { - -#ifdef HAVE_LIBDL - - /* Loadable object file */ - - if (!vfs_init_custom(conn)) { - return NULL; - } -#else - DEBUG(0, ("No libdl present - cannot use VFS objects\n")); - conn_free(conn); - return NULL; -#endif - - } else { - - /* Normal share - initialise with disk access functions */ + /* Allow %S to be used by force user. */ + pstring_sub(fuser,"%S",service); - vfs_init_default(conn); + pass2 = (struct passwd *)Get_Pwnam(fuser,True); + if (pass2) { + conn->uid = pass2->pw_uid; + conn->gid = pass2->pw_gid; + string_set(&conn->user,fuser); + fstrcpy(user,fuser); + conn->force_user = True; + DEBUG(3,("Forced user %s\n",fuser)); + } else { + DEBUG(1,("Couldn't find user %s\n",fuser)); + } } #ifdef HAVE_GETGRNAM + /* + * If force group is true, then override + * any groupid stored for the connecting user. + */ + if (*lp_force_group(snum)) { struct group *gptr; pstring gname; + pstring tmp_gname; + BOOL user_must_be_member = False; - StrnCpy(gname,lp_force_group(snum),sizeof(pstring)-1); + StrnCpy(tmp_gname,lp_force_group(snum),sizeof(pstring)-1); + + if (tmp_gname[0] == '+') { + user_must_be_member = True; + StrnCpy(gname,&tmp_gname[1],sizeof(pstring)-2); + } else { + StrnCpy(gname,tmp_gname,sizeof(pstring)-1); + } /* default service may be a group name */ - string_sub(gname,"%S",service); + pstring_sub(gname,"%S",service); gptr = (struct group *)getgrnam(gname); if (gptr) { - conn->gid = gptr->gr_gid; - DEBUG(3,("Forced group %s\n",gname)); + /* + * If the user has been forced and the forced group starts + * with a '+', then we only set the group to be the forced + * group if the forced user is a member of that group. + * Otherwise, the meaning of the '+' would be ignored. + */ + if (conn->force_user && user_must_be_member) { + int i; + for (i = 0; gptr->gr_mem[i] != NULL; i++) { + if (strcmp(user,gptr->gr_mem[i]) == 0) { + conn->gid = gptr->gr_gid; + DEBUG(3,("Forced group %s for member %s\n",gname,user)); + break; + } + } + } else { + conn->gid = gptr->gr_gid; + DEBUG(3,("Forced group %s\n",gname)); + } } else { DEBUG(1,("Couldn't find group %s\n",gname)); } } -#endif - - if (*lp_force_user(snum)) { - const struct passwd *pass2; - fstring fuser; - fstrcpy(fuser,lp_force_user(snum)); - pass2 = (const struct passwd *)Get_Pwnam(fuser,True); - if (pass2) { - conn->uid = pass2->pw_uid; - string_set(&conn->user,fuser); - fstrcpy(user,fuser); - conn->force_user = True; - DEBUG(3,("Forced user %s\n",fuser)); - } else { - DEBUG(1,("Couldn't find user %s\n",fuser)); - } - } +#endif /* HAVE_GETGRNAM */ { pstring s; @@ -420,7 +443,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!IS_IPC(conn)) { /* Find all the groups this uid is in and store them. Used by become_user() */ - get_unixgroups(conn->user,conn->uid,conn->gid, + setup_groups(conn->user,conn->uid,conn->gid, &conn->ngroups,&conn->groups); /* check number of connections */ @@ -445,7 +468,13 @@ connection_struct *make_connection(char *service,char *user,char *password, int pstrcpy(cmd,lp_rootpreexec(SNUM(conn))); standard_sub(conn,cmd); DEBUG(5,("cmd=%s\n",cmd)); - smbrun(cmd,NULL,False); + ret = smbrun(cmd,NULL,False); + if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { + DEBUG(1,("preexec gave %d - failing connection\n", ret)); + conn_free(conn); + *ecode = ERRsrverror; + return NULL; + } } if (!become_user(conn, conn->vuid)) { @@ -499,7 +528,26 @@ connection_struct *make_connection(char *service,char *user,char *password, int pstring cmd; pstrcpy(cmd,lp_preexec(SNUM(conn))); standard_sub(conn,cmd); - smbrun(cmd,NULL,False); + ret = smbrun(cmd,NULL,False); + if (ret != 0 && lp_preexec_close(SNUM(conn))) { + DEBUG(1,("preexec gave %d - failing connection\n", ret)); + conn_free(conn); + *ecode = ERRsrverror; + return NULL; + } + } + + /* + * Print out the 'connected as' stuff here as we need + * to know the effective uid and gid we will be using. + */ + + if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) { + dbgtext( "%s (%s) ", remote_machine, conn->client_address ); + dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) ); + dbgtext( "as user %s ", user ); + dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() ); + dbgtext( "(pid %d)\n", (int)getpid() ); } /* we've finished with the sensitive stuff */ @@ -512,61 +560,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(SNUM(conn))); } - if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) { - extern int Client; - - dbgtext( "%s (%s) ", remote_machine, client_addr(Client) ); - dbgtext( "connect to service %s ", lp_servicename(SNUM(conn))); - dbgtext( "as user %s ", user ); - dbgtext( "(uid=%d, gid=%d) ", (int)conn->uid, (int)conn->gid ); - dbgtext( "(pid %d)\n", (int)getpid() ); - } - - /* Invoke make connection hook */ - - if (conn->vfs_ops.connect) { - struct vfs_connection_struct *vconn; - - vconn = (struct vfs_connection_struct *) - malloc(sizeof(struct vfs_connection_struct)); - - if (vconn == NULL) { - DEBUG(0, ("No memory to create vfs_connection_struct")); - return NULL; - } - - ZERO_STRUCTP(vconn); - - /* Copy across relevant data from connection struct */ - - vconn->printer = conn->printer; - vconn->ipc = conn->ipc; - vconn->read_only = conn->read_only; - vconn->admin_user = conn->admin_user; - - pstrcpy(vconn->dirpath, conn->dirpath); - pstrcpy(vconn->connectpath, conn->connectpath); - pstrcpy(vconn->origpath, conn->origpath); - - pstrcpy(vconn->service, service); - pstrcpy(vconn->user, conn->user); - - vconn->uid = conn->uid; - vconn->gid = conn->gid; - vconn->ngroups = conn->ngroups; - vconn->groups = (gid_t *)malloc(conn->ngroups * sizeof(gid_t)); - if (vconn->groups != NULL) { - memcpy(vconn->groups, conn->groups, - conn->ngroups * sizeof(gid_t)); - } - - /* Call connect hook */ - - if (conn->vfs_ops.connect(vconn, service, user) < 0) { - return NULL; - } - } - return(conn); } @@ -576,31 +569,14 @@ close a cnum ****************************************************************************/ void close_cnum(connection_struct *conn, uint16 vuid) { - extern int Client; DirCacheFlush(SNUM(conn)); unbecome_user(); DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n", - remote_machine,client_addr(Client), + remote_machine,conn->client_address, lp_servicename(SNUM(conn)))); - if (conn->vfs_ops.disconnect != NULL) { - - /* Call disconnect hook */ - - conn->vfs_ops.disconnect(); - - /* Free vfs_connection_struct */ - - if (conn->vfs_conn != NULL) { - if (conn->vfs_conn->groups != NULL) { - free(conn->vfs_conn->groups); - } - free(conn->vfs_conn); - } - } - yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); @@ -632,5 +608,3 @@ void close_cnum(connection_struct *conn, uint16 vuid) conn_free(conn); } - - -- cgit From 69d24d869bf97978b31a51fe8e8d08cac4874d67 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 21 Dec 1999 04:54:30 +0000 Subject: first cut at using the tdb code for the connections structure, the SWAT status page and smbstatus. It made the code _much_ simpler, I wish we'd done a database module a long time ago! (This used to be commit 4951755413c11d4c5b9af4699a6e622056d52433) --- source3/smbd/service.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 92807e2d43..ec723e13b9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -458,7 +458,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int } if (lp_status(SNUM(conn))) - claim_connection(conn,"STATUS.", + claim_connection(conn,"", MAXSTATUS,False); } /* IS_IPC */ @@ -484,7 +484,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); if (lp_status(SNUM(conn))) { - yield_connection(conn,"STATUS.",MAXSTATUS); + yield_connection(conn,"",MAXSTATUS); } } conn_free(conn); @@ -501,7 +501,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); if (lp_status(SNUM(conn))) - yield_connection(conn,"STATUS.",MAXSTATUS); + yield_connection(conn,"",MAXSTATUS); } conn_free(conn); *ecode = ERRinvnetname; @@ -582,7 +582,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) lp_max_connections(SNUM(conn))); if (lp_status(SNUM(conn))) - yield_connection(conn,"STATUS.",MAXSTATUS); + yield_connection(conn,"",MAXSTATUS); file_close_conn(conn); dptr_closecnum(conn); -- cgit From 16bb009dbbe6302febf3848cee61e9927eeb0fb5 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 3 Feb 2000 05:17:25 +0000 Subject: Mega-VFS merge. Yeah baby! Synopsis: change every disk access function to work through a vfs_ops structure contained in the connection_struct. (This used to be commit 3aad500c0fb61232ed3431ff4b743b5d18ec852f) --- source3/smbd/service.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 91 insertions(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ec723e13b9..3abd55de0c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -142,6 +142,11 @@ int find_service(char *service) } } + /* Check for default vfs service? Unsure whether to implement this */ + if (iService < 0) + { + } + /* just possibly it's a default service? */ if (iService < 0) { @@ -351,6 +356,60 @@ connection_struct *make_connection(char *service,char *user,char *password, int string_set(&conn->dirpath,""); string_set(&conn->user,user); + conn->vfs_conn = (struct vfs_connection_struct *) + malloc(sizeof(struct vfs_connection_struct)); + + if (conn->vfs_conn == NULL) { + DEBUG(0, ("No memory to create vfs_connection_struct")); + return NULL; + } + + ZERO_STRUCTP(conn->vfs_conn); + + /* Copy across relevant data from connection struct */ + + conn->vfs_conn->printer = conn->printer; + conn->vfs_conn->ipc = conn->ipc; + conn->vfs_conn->read_only = conn->read_only; + conn->vfs_conn->admin_user = conn->admin_user; + + pstrcpy(conn->vfs_conn->dirpath, conn->dirpath); + pstrcpy(conn->vfs_conn->connectpath, conn->connectpath); + pstrcpy(conn->vfs_conn->origpath, conn->origpath); + + pstrcpy(conn->vfs_conn->service, service); + pstrcpy(conn->vfs_conn->user, conn->user); + + conn->vfs_conn->uid = conn->uid; + conn->vfs_conn->gid = conn->gid; + conn->vfs_conn->ngroups = conn->ngroups; + conn->vfs_conn->groups = (gid_t *)memdup(conn->groups, + conn->ngroups * sizeof(gid_t)); + + /* Initialise VFS function pointers */ + + if (*lp_vfsobj(SNUM(conn))) { + +#ifdef HAVE_LIBDL + + /* Loadable object file */ + + if (!vfs_init_custom(conn)) { + return NULL; + } +#else + DEBUG(0, ("No libdl present - cannot use VFS objects\n")); + conn_free(conn); + return NULL; +#endif + + } else { + + /* Normal share - initialise with disk access functions */ + + vfs_init_default(conn); + } + /* * If force user is true, then store the * given userid and also the primary groupid @@ -560,7 +619,15 @@ connection_struct *make_connection(char *service,char *user,char *password, int set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(SNUM(conn))); } - return(conn); + /* Invoke VFS make connection hook */ + + if (conn->vfs_ops.connect) { + if (conn->vfs_ops.connect(conn->vfs_conn, service, user) < 0) { + return NULL; + } + } + + return(conn); } @@ -577,6 +644,29 @@ void close_cnum(connection_struct *conn, uint16 vuid) remote_machine,conn->client_address, lp_servicename(SNUM(conn)))); + if (conn->vfs_ops.disconnect != NULL) { + + /* Call VFS disconnect hook */ + + conn->vfs_ops.disconnect(); + + } + + /* Close dlopen() handle */ + + if (conn->vfs_conn->dl_handle != NULL) { + dlclose(conn->vfs_conn->dl_handle); /* should we check return val? */ + } + + /* Free vfs_connection_struct */ + + if (conn->vfs_conn != NULL) { + if (conn->vfs_conn->groups != NULL) { + free(conn->vfs_conn->groups); + } + free(conn->vfs_conn); + } + yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); -- cgit From 2fa922611bf7160e2c1ce80c11b50006448bf98d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 11 Apr 2000 13:55:53 +0000 Subject: finally got sick of the "extern int Client" code and the stupid assumption that we have one socket everywhere while doing so I discovered a few bugs! 1) the clientgen session retarget code if used from smbd or nmbd would cause a crash as it called close_sockets() which closed our main socket! fixed by removing close_sockets() completely - it is unnecessary 2) the caching in client_addr() and client_name() was bogus - it could easily get fooled and give the wrong result. fixed. 3) the retarget could could recurse, allowing an easy denial of service attack on nmbd. fixed. (This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3) --- source3/smbd/service.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 3abd55de0c..24ba79906b 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -195,7 +195,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int struct passwd *pass = NULL; BOOL guest = False; BOOL force = False; - extern int Client; connection_struct *conn; int ret; @@ -203,7 +202,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int snum = find_service(service); if (snum < 0) { - extern int Client; if (strequal(service,"IPC$")) { DEBUG(3,("refusing IPC connection\n")); *ecode = ERRnoipc; @@ -211,7 +209,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int } DEBUG(0,("%s (%s) couldn't find service %s\n", - remote_machine, client_addr(Client), service)); + remote_machine, client_addr(), service)); *ecode = ERRinvnetname; return NULL; } @@ -247,7 +245,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int } if (!lp_snum_ok(snum) || - !check_access(Client, + !check_access(smbd_server_fd(), lp_hostsallow(snum), lp_hostsdeny(snum))) { *ecode = ERRaccess; return NULL; @@ -342,7 +340,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->vuid = vuid; conn->uid = pass->pw_uid; conn->gid = pass->pw_gid; - safe_strcpy(conn->client_address, client_addr(Client), sizeof(conn->client_address)-1); + safe_strcpy(conn->client_address, client_addr(), sizeof(conn->client_address)-1); conn->num_files_open = 0; conn->lastused = time(NULL); conn->service = snum; -- cgit From 612682354fa978d7b883028b3aace52a2882adca Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 19 Apr 2000 04:01:16 +0000 Subject: - got rid of the "passive" option - cleaned up the standard_sub_*() calls a lot (This used to be commit 2c2d95d77d3667eaa9252506a82b9054b0d0e01c) --- source3/smbd/service.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 24ba79906b..b7942906df 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -488,7 +488,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int { pstring s; pstrcpy(s,lp_pathname(snum)); - standard_sub(conn,s); + standard_sub_conn(conn,s); string_set(&conn->connectpath,s); DEBUG(3,("Connect path is %s\n",s)); } @@ -523,7 +523,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (*lp_rootpreexec(SNUM(conn))) { pstring cmd; pstrcpy(cmd,lp_rootpreexec(SNUM(conn))); - standard_sub(conn,cmd); + standard_sub_conn(conn,cmd); DEBUG(5,("cmd=%s\n",cmd)); ret = smbrun(cmd,NULL,False); if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { @@ -584,7 +584,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (*lp_preexec(SNUM(conn))) { pstring cmd; pstrcpy(cmd,lp_preexec(SNUM(conn))); - standard_sub(conn,cmd); + standard_sub_conn(conn,cmd); ret = smbrun(cmd,NULL,False); if (ret != 0 && lp_preexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); @@ -680,7 +680,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) become_user(conn, vuid)) { pstring cmd; pstrcpy(cmd,lp_postexec(SNUM(conn))); - standard_sub(conn,cmd); + standard_sub_conn(conn,cmd); smbrun(cmd,NULL,False); unbecome_user(); } @@ -690,7 +690,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) if (*lp_rootpostexec(SNUM(conn))) { pstring cmd; pstrcpy(cmd,lp_rootpostexec(SNUM(conn))); - standard_sub(conn,cmd); + standard_sub_conn(conn,cmd); smbrun(cmd,NULL,False); } -- cgit From 67239541cdd0d1098be05f44d9f7a18e7604cef5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 22 Apr 2000 08:28:49 +0000 Subject: don't copy a null groups list (This used to be commit d0fc1675df35e65488a19d7f5929792fba347b07) --- source3/smbd/service.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b7942906df..8d04ce36e1 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -381,8 +381,12 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->vfs_conn->uid = conn->uid; conn->vfs_conn->gid = conn->gid; conn->vfs_conn->ngroups = conn->ngroups; - conn->vfs_conn->groups = (gid_t *)memdup(conn->groups, - conn->ngroups * sizeof(gid_t)); + if (conn->vfs_conn->ngroups != 0) { + conn->vfs_conn->groups = (gid_t *)memdup(conn->groups, + conn->ngroups * sizeof(gid_t)); + } else { + conn->vfs_conn->groups = NULL; + } /* Initialise VFS function pointers */ -- cgit From 46d66938e7e683586746b18583ce1670f0ad3544 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 28 Apr 2000 21:09:26 +0000 Subject: Moved deletion of vfs handle into smbd/conn.c as it was being done too soon in smbd/service.c (file operations were being done after the handle was closed). It looks cleaner in smbd/conn.c as it is part of the closing of a conn struct anyway. Jeremy. (This used to be commit 858eb53dc510d1b27c4f91045fa932a3ef546754) --- source3/smbd/service.c | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 8d04ce36e1..8e04f7e989 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -654,21 +654,6 @@ void close_cnum(connection_struct *conn, uint16 vuid) } - /* Close dlopen() handle */ - - if (conn->vfs_conn->dl_handle != NULL) { - dlclose(conn->vfs_conn->dl_handle); /* should we check return val? */ - } - - /* Free vfs_connection_struct */ - - if (conn->vfs_conn != NULL) { - if (conn->vfs_conn->groups != NULL) { - free(conn->vfs_conn->groups); - } - free(conn->vfs_conn); - } - yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); @@ -697,6 +682,5 @@ void close_cnum(connection_struct *conn, uint16 vuid) standard_sub_conn(conn,cmd); smbrun(cmd,NULL,False); } - conn_free(conn); } -- cgit From 693ffb8466ada58ecc59fde754ba79fc6f51528d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 2 May 2000 02:23:41 +0000 Subject: Added sys_fork() and sys_getpid() functions to stop the overhead of doing a system call every time we want to just get our pid. Jeremy. (This used to be commit 148628b616b5c29ba6340d65fc3ddbcabba6e67a) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 8e04f7e989..ebc4c9a790 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -608,7 +608,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) ); dbgtext( "as user %s ", user ); dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() ); - dbgtext( "(pid %d)\n", (int)getpid() ); + dbgtext( "(pid %d)\n", (int)sys_getpid() ); } /* we've finished with the sensitive stuff */ -- cgit From f6844e0b7eb4412bc44c5533b09f856dc9272e75 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 4 May 2000 16:01:47 +0000 Subject: a minimal change to get appliance mode to work with winbindd we needed to accept usernames of the form DOMAIN/user, which means we needed to pass the domain to a getpwnam() like routine in certain critical spots. What I'd rather do is get rid of "char *user" everywhere and use the new userdom_struct, but that will have to wait a few days. (This used to be commit 8b7a10febead8be182e7d5b1d68259e31530b69c) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ebc4c9a790..0701b854b7 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -293,7 +293,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int } /* find out some info about the user */ - pass = Get_Pwnam(user,True); + pass = smb_getpwnam(user,validated_domain(vuid),True); if (pass == NULL) { DEBUG(0,( "Couldn't find account %s\n",user)); @@ -504,7 +504,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!IS_IPC(conn)) { /* Find all the groups this uid is in and store them. Used by become_user() */ - setup_groups(conn->user,conn->uid,conn->gid, + setup_groups(conn->user,validated_domain(vuid),conn->uid,conn->gid, &conn->ngroups,&conn->groups); /* check number of connections */ -- cgit From 49a0e6d5989656c1b3c9c063a20308ca4ee5d73b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 10 May 2000 10:41:59 +0000 Subject: more merging voodoo this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic - this isn't permanent, it should go after another few merge steps have been done (This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610) --- source3/smbd/service.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0701b854b7..71d718154d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1,3 +1,5 @@ +#define OLD_NTDOMAIN 1 + /* Unix SMB/Netbios implementation. Version 1.9. @@ -684,3 +686,5 @@ void close_cnum(connection_struct *conn, uint16 vuid) } conn_free(conn); } + +#undef OLD_NTDOMAIN -- cgit From 43a3faab0831a866559ca56e70c81be582047d0b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 10 May 2000 14:48:33 +0000 Subject: - changed smb_getpwnam() to use winbind style usernames - finished ntdom -> winbind rename in head (This used to be commit ada483cb56453afc6df4ec4be18bfe5e943c7150) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 71d718154d..f713b18562 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -295,7 +295,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int } /* find out some info about the user */ - pass = smb_getpwnam(user,validated_domain(vuid),True); + pass = smb_getpwnam(user,True); if (pass == NULL) { DEBUG(0,( "Couldn't find account %s\n",user)); -- cgit From 0806cf75ff96dee6715610bd61e21cde08fa1c61 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 12 May 2000 14:28:46 +0000 Subject: added spool_io_printer_driver_info_level_6() thsi function and the associated header structure were autogenerated using a little awk based code geerator I wroe ths evening. I'll commit that next ... (This used to be commit 974813f0d4afb6c14ed27c48ab24b19932557f9f) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index f713b18562..fa3bc3cb10 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -281,7 +281,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int /* shall we let them in? */ if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) { - DEBUG( 2, ( "Invalid username/password for %s\n", service ) ); + DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) ); *ecode = ERRbadpw; return NULL; } -- cgit From 3cbaf59726fc9fb7fc5a3124b3e1b8c5480a568e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 23 May 2000 01:27:19 +0000 Subject: Fixed bug where file access was allowed on IPC$ share. Return correct error codes on invalid share name. Jeremy. (This used to be commit 420d6bc4809cef9d74354175d0fa956ab4e8ac3c) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index fa3bc3cb10..e6c8b2a6d8 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -212,7 +212,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int DEBUG(0,("%s (%s) couldn't find service %s\n", remote_machine, client_addr(), service)); - *ecode = ERRinvnetname; + *ecode = ERRnosuchshare; return NULL; } @@ -567,7 +567,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int yield_connection(conn,"",MAXSTATUS); } conn_free(conn); - *ecode = ERRinvnetname; + *ecode = ERRnosuchshare; return NULL; } -- cgit From b40175936ae3d7acd6eb3f386c467ba3f9868631 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 25 Jul 2000 06:10:59 +0000 Subject: Fix for mounting a printer as a share. Not that there's anything specifically wrong with this, but Samba is fooled by the client into thinking the printer is a file share. Files copied to the share gather dust in the spool directory and aren't printed. This patch has the effect of not allowing printers to be mounted as file shares. Not sure whether this is the correct solution or not. {Jeremy,JF,Tridge} please check! (This used to be commit dcf3249bb9fef2a05b376e9c8c1a0a7d602d8a2e) --- source3/smbd/service.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index e6c8b2a6d8..2eab50c482 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -273,6 +273,11 @@ connection_struct *make_connection(char *service,char *user,char *password, int return NULL; } + /* Behave as a printer if we are supposed to */ + if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) { + pstrcpy(dev, "LPT1:"); + } + /* lowercase the user name */ strlower(user); -- cgit From 17dcd9a834fc915fb1ff2d8042a23000eeb7acfa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 2 Aug 2000 02:11:55 +0000 Subject: Started to canonicalize our handling of uid -> sid code in order to get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2eab50c482..d4760ca92d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -511,8 +511,8 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!IS_IPC(conn)) { /* Find all the groups this uid is in and store them. Used by become_user() */ - setup_groups(conn->user,validated_domain(vuid),conn->uid,conn->gid, - &conn->ngroups,&conn->groups); + initialize_groups(conn->user, conn->uid, conn->gid); + get_current_groups(&conn->ngroups,&conn->groups); /* check number of connections */ if (!claim_connection(conn, -- cgit From f87399915b009f88c41cb75a583c2972fe3daf30 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 3 Aug 2000 22:38:43 +0000 Subject: Added an NT_USER_TOKEN structure that is copied/passed around associated with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8) --- source3/smbd/service.c | 138 ++++++++++++++++++++++++++----------------------- 1 file changed, 73 insertions(+), 65 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index d4760ca92d..8b63fe6662 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -360,65 +360,8 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->veto_oplock_list = NULL; string_set(&conn->dirpath,""); string_set(&conn->user,user); + conn->nt_user_token = NULL; - conn->vfs_conn = (struct vfs_connection_struct *) - malloc(sizeof(struct vfs_connection_struct)); - - if (conn->vfs_conn == NULL) { - DEBUG(0, ("No memory to create vfs_connection_struct")); - return NULL; - } - - ZERO_STRUCTP(conn->vfs_conn); - - /* Copy across relevant data from connection struct */ - - conn->vfs_conn->printer = conn->printer; - conn->vfs_conn->ipc = conn->ipc; - conn->vfs_conn->read_only = conn->read_only; - conn->vfs_conn->admin_user = conn->admin_user; - - pstrcpy(conn->vfs_conn->dirpath, conn->dirpath); - pstrcpy(conn->vfs_conn->connectpath, conn->connectpath); - pstrcpy(conn->vfs_conn->origpath, conn->origpath); - - pstrcpy(conn->vfs_conn->service, service); - pstrcpy(conn->vfs_conn->user, conn->user); - - conn->vfs_conn->uid = conn->uid; - conn->vfs_conn->gid = conn->gid; - conn->vfs_conn->ngroups = conn->ngroups; - if (conn->vfs_conn->ngroups != 0) { - conn->vfs_conn->groups = (gid_t *)memdup(conn->groups, - conn->ngroups * sizeof(gid_t)); - } else { - conn->vfs_conn->groups = NULL; - } - - /* Initialise VFS function pointers */ - - if (*lp_vfsobj(SNUM(conn))) { - -#ifdef HAVE_LIBDL - - /* Loadable object file */ - - if (!vfs_init_custom(conn)) { - return NULL; - } -#else - DEBUG(0, ("No libdl present - cannot use VFS objects\n")); - conn_free(conn); - return NULL; -#endif - - } else { - - /* Normal share - initialise with disk access functions */ - - vfs_init_default(conn); - } - /* * If force user is true, then store the * given userid and also the primary groupid @@ -529,7 +472,73 @@ connection_struct *make_connection(char *service,char *user,char *password, int claim_connection(conn,"", MAXSTATUS,False); } /* IS_IPC */ - + + conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups); + + /* + * Now initialize the vfs layer. + */ + + conn->vfs_conn = (struct vfs_connection_struct *) + malloc(sizeof(struct vfs_connection_struct)); + + if (conn->vfs_conn == NULL) { + DEBUG(0, ("No memory to create vfs_connection_struct")); + return NULL; + } + + ZERO_STRUCTP(conn->vfs_conn); + + /* Copy across relevant data from connection struct */ + + conn->vfs_conn->printer = conn->printer; + conn->vfs_conn->ipc = conn->ipc; + conn->vfs_conn->read_only = conn->read_only; + conn->vfs_conn->admin_user = conn->admin_user; + + pstrcpy(conn->vfs_conn->dirpath, conn->dirpath); + pstrcpy(conn->vfs_conn->connectpath, conn->connectpath); + pstrcpy(conn->vfs_conn->origpath, conn->origpath); + + pstrcpy(conn->vfs_conn->service, service); + pstrcpy(conn->vfs_conn->user, conn->user); + + conn->vfs_conn->uid = conn->uid; + conn->vfs_conn->gid = conn->gid; + conn->vfs_conn->ngroups = conn->ngroups; + if (conn->vfs_conn->ngroups != 0) { + conn->vfs_conn->groups = (gid_t *)memdup(conn->groups, + conn->ngroups * sizeof(gid_t)); + } else { + conn->vfs_conn->groups = NULL; + } + + conn->vfs_conn->nt_user_token = dup_nt_token(conn->nt_user_token); + + /* Initialise VFS function pointers */ + + if (*lp_vfsobj(SNUM(conn))) { + +#ifdef HAVE_LIBDL + + /* Loadable object file */ + + if (!vfs_init_custom(conn)) { + return NULL; + } +#else + DEBUG(0, ("No libdl present - cannot use VFS objects\n")); + conn_free(conn); + return NULL; +#endif + + } else { + + /* Normal share - initialise with disk access functions */ + + vfs_init_default(conn); + } + /* execute any "root preexec = " line */ if (*lp_rootpreexec(SNUM(conn))) { pstring cmd; @@ -630,13 +639,12 @@ connection_struct *make_connection(char *service,char *user,char *password, int /* Invoke VFS make connection hook */ - if (conn->vfs_ops.connect) { - if (conn->vfs_ops.connect(conn->vfs_conn, service, user) < 0) { - return NULL; - } - } + if (conn->vfs_ops.connect) { + if (conn->vfs_ops.connect(conn->vfs_conn, service, user) < 0) + return NULL; + } - return(conn); + return(conn); } -- cgit From d12f3fea7529c03b6a3650e7aa8b4b47a445d548 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 28 Aug 2000 06:46:53 +0000 Subject: Merge from appliance branch. (This used to be commit 567b0095b1b8393b3b1e32533aa2860ab3dbfa47) --- source3/smbd/service.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 8b63fe6662..500ba6e626 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -454,6 +454,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!IS_IPC(conn)) { /* Find all the groups this uid is in and store them. Used by become_user() */ + initialise_groups(conn->user, conn->uid, conn->gid); initialize_groups(conn->user, conn->uid, conn->gid); get_current_groups(&conn->ngroups,&conn->groups); -- cgit From 22fbda6c5616c89e774ed2550476f47aa9f0506f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 31 Aug 2000 07:11:45 +0000 Subject: fixed "admin users" option with new security code (This used to be commit b69c5de6bad9fad3aed1280e7d12fbfed276a16f) --- source3/smbd/service.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 500ba6e626..272d54e3ba 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -389,6 +389,11 @@ connection_struct *make_connection(char *service,char *user,char *password, int } } + /* admin users always run as uid=0 */ + if (conn->admin_user) { + conn->uid = 0; + } + #ifdef HAVE_GETGRNAM /* * If force group is true, then override -- cgit From b43b2e4f8a4be30e3f7aca6f570f5376fd508e3d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 27 Sep 2000 19:09:59 +0000 Subject: Restructuring of the code to remove dos_ChDir/dos_GetWd and re-vector them through the VFS. All file access/directory access code in smbd should now go via the vfs. Added vfs_chown/vfs_chmod calls. Still looking at vfs_get_nt_acl() vfs_set_nt_acl() call API design. Jeremy. (This used to be commit f96625ec124adb6e110dc54632e006b3620a962b) --- source3/smbd/service.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 272d54e3ba..e82bbefa5a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -56,8 +56,8 @@ BOOL become_service(connection_struct *conn,BOOL do_chdir) snum = SNUM(conn); if (do_chdir && - dos_ChDir(conn->connectpath) != 0 && - dos_ChDir(conn->origpath) != 0) { + vfs_ChDir(conn,conn->connectpath) != 0 && + vfs_ChDir(conn,conn->origpath) != 0) { DEBUG(0,("chdir (%s) failed\n", conn->connectpath)); return(False); @@ -575,7 +575,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int return NULL; } - if (dos_ChDir(conn->connectpath) != 0) { + if (vfs_ChDir(conn,conn->connectpath) != 0) { DEBUG(0,("Can't change directory to %s (%s)\n", conn->connectpath,strerror(errno))); unbecome_user(); @@ -598,9 +598,9 @@ connection_struct *make_connection(char *service,char *user,char *password, int { pstring s; pstrcpy(s,conn->connectpath); - dos_GetWd(s); + vfs_GetWd(conn,s); string_set(&conn->connectpath,s); - dos_ChDir(conn->connectpath); + vfs_ChDir(conn,conn->connectpath); } #endif -- cgit From 636f146abf0a75cd3b21a57b50627ee149a635ab Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 6 Oct 2000 03:21:49 +0000 Subject: Restructuring of vfs layer to include a "this" pointer - can be an fsp or a conn struct depending on the call. We need this to have a clean NT ACL call interface. This will break any existing VFS libraries (that's why this is pre-release code). Andrew gets credit for this one :-) :-). In addition - added Herb's WITH_PROFILE changes - Herb - please examine the changes I've made to the smbd/reply.c code you added. The original code was very ugly and I have replaced it with a START_PROFILE(x)/END_PROFILE(x) pair using the preprocessor. Please check this compiles ok with the --with-profile switch. Jeremy. (This used to be commit b07611f8159b0b3f42e7e02611be9f4d56de96f5) --- source3/smbd/service.c | 44 ++------------------------------------------ 1 file changed, 2 insertions(+), 42 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index e82bbefa5a..e1e0fde32f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -481,46 +481,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups); - /* - * Now initialize the vfs layer. - */ - - conn->vfs_conn = (struct vfs_connection_struct *) - malloc(sizeof(struct vfs_connection_struct)); - - if (conn->vfs_conn == NULL) { - DEBUG(0, ("No memory to create vfs_connection_struct")); - return NULL; - } - - ZERO_STRUCTP(conn->vfs_conn); - - /* Copy across relevant data from connection struct */ - - conn->vfs_conn->printer = conn->printer; - conn->vfs_conn->ipc = conn->ipc; - conn->vfs_conn->read_only = conn->read_only; - conn->vfs_conn->admin_user = conn->admin_user; - - pstrcpy(conn->vfs_conn->dirpath, conn->dirpath); - pstrcpy(conn->vfs_conn->connectpath, conn->connectpath); - pstrcpy(conn->vfs_conn->origpath, conn->origpath); - - pstrcpy(conn->vfs_conn->service, service); - pstrcpy(conn->vfs_conn->user, conn->user); - - conn->vfs_conn->uid = conn->uid; - conn->vfs_conn->gid = conn->gid; - conn->vfs_conn->ngroups = conn->ngroups; - if (conn->vfs_conn->ngroups != 0) { - conn->vfs_conn->groups = (gid_t *)memdup(conn->groups, - conn->ngroups * sizeof(gid_t)); - } else { - conn->vfs_conn->groups = NULL; - } - - conn->vfs_conn->nt_user_token = dup_nt_token(conn->nt_user_token); - /* Initialise VFS function pointers */ if (*lp_vfsobj(SNUM(conn))) { @@ -646,7 +606,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int /* Invoke VFS make connection hook */ if (conn->vfs_ops.connect) { - if (conn->vfs_ops.connect(conn->vfs_conn, service, user) < 0) + if (conn->vfs_ops.connect(conn, service, user) < 0) return NULL; } @@ -671,7 +631,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) /* Call VFS disconnect hook */ - conn->vfs_ops.disconnect(); + conn->vfs_ops.disconnect(conn); } -- cgit From cbee552bdb1a4692a19667175fbbf090a9597d71 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 11 Oct 2000 04:54:37 +0000 Subject: Don't initialise groups twice. (This used to be commit 15d7f16bdc2ff4f2ae82871eb9f318ba45cf4d1c) --- source3/smbd/service.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index e1e0fde32f..6d07562743 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -460,7 +460,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int /* Find all the groups this uid is in and store them. Used by become_user() */ initialise_groups(conn->user, conn->uid, conn->gid); - initialize_groups(conn->user, conn->uid, conn->gid); get_current_groups(&conn->ngroups,&conn->groups); /* check number of connections */ -- cgit From 330d678fbad70fabd9712c56ad15bd215f950255 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Oct 2000 01:59:14 +0000 Subject: Fix to allow smbd to call winbindd if it is running for all group enumeration, falling back to the UNIX calls on error. This should fix all problems with smbd enumerating all users in all groups in all trusted domains via winbindd. Also changed GETDC to query 1C name rather than 1b name as only the PDC registers 1b. Jeremy. (This used to be commit 5b0038a2afd8abbd6fd4a58f5477a40d1926d498) --- source3/smbd/service.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 6d07562743..b86f3beadd 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -401,7 +401,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int */ if (*lp_force_group(snum)) { - struct group *gptr; + gid_t gid; pstring gname; pstring tmp_gname; BOOL user_must_be_member = False; @@ -416,9 +416,9 @@ connection_struct *make_connection(char *service,char *user,char *password, int } /* default service may be a group name */ pstring_sub(gname,"%S",service); - gptr = (struct group *)getgrnam(gname); + gid = nametogid(gname); - if (gptr) { + if (gid != (gid_t)-1) { /* * If the user has been forced and the forced group starts * with a '+', then we only set the group to be the forced @@ -426,16 +426,12 @@ connection_struct *make_connection(char *service,char *user,char *password, int * Otherwise, the meaning of the '+' would be ignored. */ if (conn->force_user && user_must_be_member) { - int i; - for (i = 0; gptr->gr_mem[i] != NULL; i++) { - if (strcmp(user,gptr->gr_mem[i]) == 0) { - conn->gid = gptr->gr_gid; + if (user_in_group_list( user, gname )) { + conn->gid = gid; DEBUG(3,("Forced group %s for member %s\n",gname,user)); - break; - } } } else { - conn->gid = gptr->gr_gid; + conn->gid = gid; DEBUG(3,("Forced group %s\n",gname)); } } else { -- cgit From 6d36edaf437a9d109fe3bfff26c9f6a3b584aaf6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 6 Nov 2000 21:44:33 +0000 Subject: Added a VFS version return to init call. Allows smbd to fail an init if versions don't match. Jeremy. (This used to be commit d0fbb4f5d999abade8930cc6fff231a2af6cccfb) --- source3/smbd/service.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b86f3beadd..fcdd9a376b 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -485,6 +485,8 @@ connection_struct *make_connection(char *service,char *user,char *password, int /* Loadable object file */ if (!vfs_init_custom(conn)) { + DEBUG(0, ("vfs_init failed\n")); + conn_free(conn); return NULL; } #else -- cgit From 0de5569304ec1d1650865983dba32f13c313104c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 17 Nov 2000 03:15:18 +0000 Subject: fixed the problem with messages not getting through the problem had nothing to do with being your own pid, it was instead a problem with IPC$ connections not being registered in the connections database and an incorrect test for -1 in the messaging code. These changes also mean that IPC$ shares now show up in smbstatus. That is probably a good thing. (This used to be commit 3575ad10985a18f897e38179ca69fa9a49a7ea02) --- source3/smbd/service.c | 60 +++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 33 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index fcdd9a376b..ba381a40e8 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -452,27 +452,25 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->ngroups = 0; conn->groups = NULL; - if (!IS_IPC(conn)) { - /* Find all the groups this uid is in and - store them. Used by become_user() */ - initialise_groups(conn->user, conn->uid, conn->gid); - get_current_groups(&conn->ngroups,&conn->groups); + /* Find all the groups this uid is in and + store them. Used by become_user() */ + initialise_groups(conn->user, conn->uid, conn->gid); + get_current_groups(&conn->ngroups,&conn->groups); - /* check number of connections */ - if (!claim_connection(conn, - lp_servicename(SNUM(conn)), - lp_max_connections(SNUM(conn)), - False)) { - DEBUG(1,("too many connections - rejected\n")); - *ecode = ERRnoresource; - conn_free(conn); - return NULL; - } + /* check number of connections */ + if (!claim_connection(conn, + lp_servicename(SNUM(conn)), + lp_max_connections(SNUM(conn)), + False)) { + DEBUG(1,("too many connections - rejected\n")); + *ecode = ERRnoresource; + conn_free(conn); + return NULL; + } - if (lp_status(SNUM(conn))) - claim_connection(conn,"", - MAXSTATUS,False); - } /* IS_IPC */ + if (lp_status(SNUM(conn))) + claim_connection(conn,"", + MAXSTATUS,False); conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups); @@ -519,13 +517,11 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!become_user(conn, conn->vuid)) { DEBUG(0,("Can't become connected user!\n")); - if (!IS_IPC(conn)) { - yield_connection(conn, - lp_servicename(SNUM(conn)), - lp_max_connections(SNUM(conn))); - if (lp_status(SNUM(conn))) { - yield_connection(conn,"",MAXSTATUS); - } + yield_connection(conn, + lp_servicename(SNUM(conn)), + lp_max_connections(SNUM(conn))); + if (lp_status(SNUM(conn))) { + yield_connection(conn,"",MAXSTATUS); } conn_free(conn); *ecode = ERRbadpw; @@ -536,13 +532,11 @@ connection_struct *make_connection(char *service,char *user,char *password, int DEBUG(0,("Can't change directory to %s (%s)\n", conn->connectpath,strerror(errno))); unbecome_user(); - if (!IS_IPC(conn)) { - yield_connection(conn, - lp_servicename(SNUM(conn)), - lp_max_connections(SNUM(conn))); - if (lp_status(SNUM(conn))) - yield_connection(conn,"",MAXSTATUS); - } + yield_connection(conn, + lp_servicename(SNUM(conn)), + lp_max_connections(SNUM(conn))); + if (lp_status(SNUM(conn))) + yield_connection(conn,"",MAXSTATUS); conn_free(conn); *ecode = ERRnosuchshare; return NULL; -- cgit From 5f8ff6056ad2d7432dfe64977cb15364f199b962 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 17 Nov 2000 03:31:03 +0000 Subject: we don't need the separate lp_status() connection records any more (This used to be commit 209e20365e562371aafafea301b4ffecc3d4c3ed) --- source3/smbd/service.c | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ba381a40e8..2dbb2c0d17 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -468,10 +468,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int return NULL; } - if (lp_status(SNUM(conn))) - claim_connection(conn,"", - MAXSTATUS,False); - conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups); /* Initialise VFS function pointers */ @@ -520,9 +516,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); - if (lp_status(SNUM(conn))) { - yield_connection(conn,"",MAXSTATUS); - } conn_free(conn); *ecode = ERRbadpw; return NULL; @@ -535,8 +528,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); - if (lp_status(SNUM(conn))) - yield_connection(conn,"",MAXSTATUS); conn_free(conn); *ecode = ERRnosuchshare; return NULL; @@ -630,9 +621,6 @@ void close_cnum(connection_struct *conn, uint16 vuid) lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); - if (lp_status(SNUM(conn))) - yield_connection(conn,"",MAXSTATUS); - file_close_conn(conn); dptr_closecnum(conn); -- cgit From 90a7d7d3d7e77ed1f33e2bb9969beef7aa464712 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 12 Dec 2000 05:29:47 +0000 Subject: Compile fix for new arg to create_nt_token() (This used to be commit 806185ca8cc8d28f16745a1db9427f52eb8d22e4) --- source3/smbd/service.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2dbb2c0d17..0713c0e49d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -468,7 +468,9 @@ connection_struct *make_connection(char *service,char *user,char *password, int return NULL; } - conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups); + conn->nt_user_token = create_nt_token(conn->uid, conn->gid, + conn->ngroups, conn->groups, + guest); /* Initialise VFS function pointers */ -- cgit From 23807f2b308e80a1e325c8fd2bddeec3e2e15bc5 Mon Sep 17 00:00:00 2001 From: David O'Neill Date: Thu, 4 Jan 2001 19:27:08 +0000 Subject: Changes from APPLIANCE_HEAD: source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff. (This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0713c0e49d..4670d601d7 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -468,7 +468,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int return NULL; } - conn->nt_user_token = create_nt_token(conn->uid, conn->gid, + conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups, guest); -- cgit From 792ca5d98938c3c52ff4e598bcb55056565dc202 Mon Sep 17 00:00:00 2001 From: David O'Neill Date: Wed, 17 Jan 2001 18:47:46 +0000 Subject: Changes from APPLIANCE_HEAD: source/rpc_server/srv_spoolss_nt.c - Unrolled construct_notify_jobs_info() loop to only fetch printer info_2 structure once rather than num_print_jobs times. - convert command to unix codepage. - remove lp_remove_service() call as it prevents lp_killservice() from working. - Modified some DEBUG and DEBUGADD statements. source/param/loadparm.c source/param/params.c - change printer, preload, auto services to FLAG_DOS_STRING, reverted earlier changes to szPrintername et al, add comments. source/printing/load.c - fix bug with lp_auto_services() and strtok() source/printing/nt_printing.c source/printing/printing.c - remove redundant test that used SERVICE(snum) source/printing/pcap.c - add unix_to_dos() calls, add notes wrt FIXMEs for xxx_printer_fn() functions. source/web/swat.c - added FIXME comment. source/smbd/service.c - added comment re: dos codepage (This used to be commit 7b774b72c2857af9519012106714a9e2cb099da3) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 4670d601d7..1db5dc4a5f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -80,7 +80,7 @@ BOOL become_service(connection_struct *conn,BOOL do_chdir) /**************************************************************************** - find a service entry + find a service entry. service is always in dos codepage ****************************************************************************/ int find_service(char *service) { -- cgit From 2f7c1db093504a9798cdfd9c5d08a259cb4abc46 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 23 Jan 2001 01:52:30 +0000 Subject: include/vfs.h: smbd/vfs-wrap.c: smbd/vfs.c: Added fchmod_acl and chmod_acl. lib/substitute.c: smbd/lanman.c: smbd/open.c: smbd/process.c: smbd/reply.c: smbd/service.c: Removed sessetup_user variable. Added current_user_info struct which conatins domain info etc. Added '%D' for client domain parameter. Jeremy. (This used to be commit 2844ec3d511680609d6794b8718001a1bda9e89f) --- source3/smbd/service.c | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 1db5dc4a5f..a6e66965c3 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -33,7 +33,7 @@ extern BOOL case_mangle; extern BOOL case_sensitive; extern BOOL use_mangled_map; extern fstring remote_machine; -extern pstring sesssetup_user; +extern userdom_struct current_user_info; extern fstring remote_machine; @@ -113,8 +113,28 @@ int find_service(char *service) int iHomeService; if ((iHomeService = lp_servicenumber(HOMES_NAME)) >= 0) { - lp_add_home(service,iHomeService,phome_dir); - iService = lp_servicenumber(service); + /* + * If this is a winbindd provided username, remove + * the domain component before adding the service. + * Log a warning if the "path=" parameter does not + * include any macros. + */ + + fstring new_service; + char *usr_p = NULL; + + fstrcpy(new_service, service); + + if ((usr_p = strchr(service,*lp_winbind_separator())) != NULL) + fstrcpy(new_service, usr_p+1); + + lp_add_home(new_service,iHomeService,phome_dir); + iService = lp_servicenumber(new_service); + + if (usr_p && (strchr(lp_pathname(iService),'%') == NULL)) + DEBUG(0,("find_service: Service %s added for user %s - contains non-local (Domain) user \ +with non parameterised path (%s). This may be cause the wrong directory to be seen.\n", + new_service, service, lp_pathname(iService) )); } } } @@ -234,11 +254,11 @@ connection_struct *make_connection(char *service,char *user,char *password, int return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode)); } } else { - /* Security = share. Try with sesssetup_user + /* Security = share. Try with current_user_info.smb_name * as the username. */ - if(*sesssetup_user) { + if(*current_user_info.smb_name) { fstring dos_username; - fstrcpy(user,sesssetup_user); + fstrcpy(user,current_user_info.smb_name); fstrcpy(dos_username, user); unix_to_dos(dos_username, True); return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode)); -- cgit From 42571a656f458d9a60850d08202b8daebdcb0bc1 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 23 Jan 2001 22:13:41 +0000 Subject: only add the service name and client machine name to list of users names for a session when in share mode security --jerry (This used to be commit 22d6c2c163dd578365bff85ef95abfa59fe356ea) --- source3/smbd/service.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a6e66965c3..96f00eef12 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -301,8 +301,11 @@ connection_struct *make_connection(char *service,char *user,char *password, int /* lowercase the user name */ strlower(user); - /* add it as a possible user name */ - add_session_user(service); + /* add it as a possible user name if we + are in share mode security */ + if (lp_security() == SEC_SHARE) { + add_session_user(service); + } /* shall we let them in? */ if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) { -- cgit From 24f8e973b210bbf5b79ac27f0a0e519c7dfe9354 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 24 Jan 2001 19:34:53 +0000 Subject: smbd/process.c: & type with 0xff for paranioa sake... smbd/reply.c smbd/service.c: cause all "add home service" calls to go through a winbindd aware function. Jeremy. (This used to be commit a72d12e992e2755e925032aef1aa99be74bf6652) --- source3/smbd/service.c | 72 +++++++++++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 30 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 96f00eef12..f0ab2ba771 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -78,10 +78,50 @@ BOOL become_service(connection_struct *conn,BOOL do_chdir) return(True); } +/**************************************************************************** + Add a home service. Returns the new service number or -1 if fail. +****************************************************************************/ + +int add_home_service(char *service, char *homedir) +{ + int iHomeService; + int iService; + fstring new_service; + char *usr_p = NULL; + + if (!service || !homedir) + return -1; + + if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) + return -1; + + /* + * If this is a winbindd provided username, remove + * the domain component before adding the service. + * Log a warning if the "path=" parameter does not + * include any macros. + */ + + fstrcpy(new_service, service); + + if ((usr_p = strchr(service,*lp_winbind_separator())) != NULL) + fstrcpy(new_service, usr_p+1); + + lp_add_home(new_service,iHomeService,homedir); + iService = lp_servicenumber(new_service); + + if ((iService != -1) && usr_p && (strstr(lp_pathname(iService),"%D") == NULL)) + DEBUG(0,("find_service: Service %s added for user %s - contains non-local (Domain) user \ +with non-domain parameterised path (%s). This may be cause the wrong directory to be seen.\n", + new_service, service, lp_pathname(iService) )); + + return iService; +} /**************************************************************************** - find a service entry. service is always in dos codepage + Find a service entry. service is always in dos codepage. ****************************************************************************/ + int find_service(char *service) { int iService; @@ -108,35 +148,7 @@ int find_service(char *service) DEBUG(3,("checking for home directory %s gave %s\n",service, phome_dir?phome_dir:"(NULL)")); - if (phome_dir) - { - int iHomeService; - if ((iHomeService = lp_servicenumber(HOMES_NAME)) >= 0) - { - /* - * If this is a winbindd provided username, remove - * the domain component before adding the service. - * Log a warning if the "path=" parameter does not - * include any macros. - */ - - fstring new_service; - char *usr_p = NULL; - - fstrcpy(new_service, service); - - if ((usr_p = strchr(service,*lp_winbind_separator())) != NULL) - fstrcpy(new_service, usr_p+1); - - lp_add_home(new_service,iHomeService,phome_dir); - iService = lp_servicenumber(new_service); - - if (usr_p && (strchr(lp_pathname(iService),'%') == NULL)) - DEBUG(0,("find_service: Service %s added for user %s - contains non-local (Domain) user \ -with non parameterised path (%s). This may be cause the wrong directory to be seen.\n", - new_service, service, lp_pathname(iService) )); - } - } + iService = add_home_service(service,phome_dir); } /* If we still don't have a service, attempt to add it as a printer. */ -- cgit From da3053048c3d224a20d6383ac6682d31059cd46c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 11 Mar 2001 00:32:10 +0000 Subject: Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMR RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549) --- source3/smbd/service.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index f0ab2ba771..02405e8dda 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1,5 +1,3 @@ -#define OLD_NTDOMAIN 1 - /* Unix SMB/Netbios implementation. Version 1.9. @@ -681,5 +679,3 @@ void close_cnum(connection_struct *conn, uint16 vuid) } conn_free(conn); } - -#undef OLD_NTDOMAIN -- cgit From d3ec09326b27dd00b1f67a7ce48bc9817a313735 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 13 Mar 2001 00:31:07 +0000 Subject: Added ADMIN$ share as alias for IPC$ except no guest connect. AS/U wants to do RPC calls down this treeid. Jeremy. (This used to be commit 83133bab0ed59e303a183fd91812165f08e88484) --- source3/smbd/service.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 02405e8dda..2c03d4e514 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -234,7 +234,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int snum = find_service(service); if (snum < 0) { - if (strequal(service,"IPC$")) { + if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) { DEBUG(3,("refusing IPC connection\n")); *ecode = ERRnoipc; return NULL; @@ -284,7 +284,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int } /* you can only connect to the IPC$ service as an ipc device */ - if (strequal(service,"IPC$")) + if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) pstrcpy(dev,"IPC"); if (*dev == '?' || !*dev) { @@ -386,7 +386,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->service = snum; conn->used = True; conn->printer = (strncmp(dev,"LPT",3) == 0); - conn->ipc = (strncmp(dev,"IPC",3) == 0); + conn->ipc = ((strncmp(dev,"IPC",3) == 0) || strequal(dev,"ADMIN$")); conn->dirptr = NULL; conn->veto_list = NULL; conn->hide_list = NULL; -- cgit From 7bdf197e6237704af2ecf2718ce482d0dd840365 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 26 Mar 2001 23:21:29 +0000 Subject: Patch from Massimo Sivilotti to log remote machine/ip on connection fail. Jeremy. (This used to be commit 07cee46d1de1caaf6f9f1b6139dd21bcc5d67e8e) --- source3/smbd/service.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2c03d4e514..849ccba5fb 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -557,7 +557,8 @@ connection_struct *make_connection(char *service,char *user,char *password, int } if (vfs_ChDir(conn,conn->connectpath) != 0) { - DEBUG(0,("Can't change directory to %s (%s)\n", + DEBUG(0,("%s (%s) Can't change directory to %s (%s)\n", + remote_machine, conn->client_address, conn->connectpath,strerror(errno))); unbecome_user(); yield_connection(conn, -- cgit From d4e8c87005869fce7ec993c91cd972d9a2f1a53b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 6 Apr 2001 20:32:36 +0000 Subject: Fix from Ed Boraas for not core dumping when out of connection structs. Jeremy. (This used to be commit f50ea32dd0deb07c626c211caedd86dc1ccd5427) --- source3/smbd/service.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 849ccba5fb..e20786595c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -328,7 +328,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!conn) { DEBUG(0,("Couldn't find free connection.\n")); *ecode = ERRnoresource; - conn_free(conn); return NULL; } -- cgit From 9d6dd97624f50dec3edd3bb9a3c0f7f47f9ae071 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Apr 2001 06:36:38 +0000 Subject: Added set/get SD's on shares. Check before tcon. Jeremy. (This used to be commit 036b1a8b09fe6a7cca83d631624145574acad7f2) --- source3/smbd/service.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index e20786595c..11ae11054a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -343,6 +343,29 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->read_only = lp_readonly(snum); + /* + * New code to check if there's a share security descripter + * added from NT server manager. This is an additional check + * before the smb.conf checks are done. JRA. + */ + + { + BOOL can_write = share_access_check(snum, vuid, FILE_WRITE_DATA); + + if (!can_write) { + if (!share_access_check(snum, vuid, FILE_READ_DATA)) { + /* No access, read or write. */ + *ecode = ERRaccess; + DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n", + service )); + conn_free(conn); + return NULL; + } else { + conn->read_only = True; + } + } + } + { pstring list; StrnCpy(list,lp_readlist(snum),sizeof(pstring)-1); -- cgit From 0ca9f5c023df2ee498dcd1bdb2f29abc632a5d60 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Apr 2001 21:19:25 +0000 Subject: Fix for core dump in security = share code with new share security db. Jeremy. (This used to be commit 20b13bafdff2fd7be9219ed164e7fe91b597298d) --- source3/smbd/service.c | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 11ae11054a..507d07cc42 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -343,28 +343,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->read_only = lp_readonly(snum); - /* - * New code to check if there's a share security descripter - * added from NT server manager. This is an additional check - * before the smb.conf checks are done. JRA. - */ - - { - BOOL can_write = share_access_check(snum, vuid, FILE_WRITE_DATA); - - if (!can_write) { - if (!share_access_check(snum, vuid, FILE_READ_DATA)) { - /* No access, read or write. */ - *ecode = ERRaccess; - DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n", - service )); - conn_free(conn); - return NULL; - } else { - conn->read_only = True; - } - } - } { pstring list; @@ -527,6 +505,28 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->ngroups, conn->groups, guest); + /* + * New code to check if there's a share security descripter + * added from NT server manager. This is done after the + * smb.conf checks are done as we need a uid and token. JRA. + */ + + { + BOOL can_write = share_access_check(conn, snum, vuid, FILE_WRITE_DATA); + + if (!can_write) { + if (!share_access_check(conn, snum, vuid, FILE_READ_DATA)) { + /* No access, read or write. */ + *ecode = ERRaccess; + DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n", + service )); + conn_free(conn); + return NULL; + } else { + conn->read_only = True; + } + } + } /* Initialise VFS function pointers */ if (*lp_vfsobj(SNUM(conn))) { -- cgit From 50e78a9ac8cf0949c2471fafde844c674f97d73d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Apr 2001 00:37:00 +0000 Subject: As Andrew suggested, make smbrun return a fd for a deleted file which can then be read. Jeremy. (This used to be commit e7d59d6de89a5fdd201e4b5c6072dab08b1519db) --- source3/smbd/service.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 507d07cc42..375587b539 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -559,7 +559,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int pstrcpy(cmd,lp_rootpreexec(SNUM(conn))); standard_sub_conn(conn,cmd); DEBUG(5,("cmd=%s\n",cmd)); - ret = smbrun(cmd,NULL,False); + ret = smbrun(cmd,NULL,NULL); if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); conn_free(conn); @@ -611,7 +611,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int pstring cmd; pstrcpy(cmd,lp_preexec(SNUM(conn))); standard_sub_conn(conn,cmd); - ret = smbrun(cmd,NULL,False); + ret = smbrun(cmd,NULL,NULL); if (ret != 0 && lp_preexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); conn_free(conn); @@ -688,7 +688,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) pstring cmd; pstrcpy(cmd,lp_postexec(SNUM(conn))); standard_sub_conn(conn,cmd); - smbrun(cmd,NULL,False); + smbrun(cmd,NULL,NULL); unbecome_user(); } @@ -698,7 +698,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) pstring cmd; pstrcpy(cmd,lp_rootpostexec(SNUM(conn))); standard_sub_conn(conn,cmd); - smbrun(cmd,NULL,False); + smbrun(cmd,NULL,NULL); } conn_free(conn); } -- cgit From 2ef68c7e92d4661664f0410509f7cb551e74a198 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Apr 2001 19:12:06 +0000 Subject: Merge of Andrew's changes in 2.2. Jeremy. (This used to be commit fc76681812b1469208ad6c8847afdfc68bc6db49) --- source3/smbd/service.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 375587b539..9fb2dd9eeb 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -559,7 +559,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int pstrcpy(cmd,lp_rootpreexec(SNUM(conn))); standard_sub_conn(conn,cmd); DEBUG(5,("cmd=%s\n",cmd)); - ret = smbrun(cmd,NULL,NULL); + ret = smbrun(cmd,NULL); if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); conn_free(conn); @@ -611,7 +611,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int pstring cmd; pstrcpy(cmd,lp_preexec(SNUM(conn))); standard_sub_conn(conn,cmd); - ret = smbrun(cmd,NULL,NULL); + ret = smbrun(cmd,NULL); if (ret != 0 && lp_preexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); conn_free(conn); @@ -688,7 +688,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) pstring cmd; pstrcpy(cmd,lp_postexec(SNUM(conn))); standard_sub_conn(conn,cmd); - smbrun(cmd,NULL,NULL); + smbrun(cmd,NULL); unbecome_user(); } @@ -698,7 +698,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) pstring cmd; pstrcpy(cmd,lp_rootpostexec(SNUM(conn))); standard_sub_conn(conn,cmd); - smbrun(cmd,NULL,NULL); + smbrun(cmd,NULL); } conn_free(conn); } -- cgit From 8efe9427516aad533e94bb917de17ecec18b098f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 12 May 2001 00:31:59 +0000 Subject: Now we're doing the substituion in the lp_string code remove the erroneous debug 0 warning. Jeremy. (This used to be commit be7e1d0f2c078bd07c7087e1e36636dcd6d0a5d8) --- source3/smbd/service.c | 5 ----- 1 file changed, 5 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 9fb2dd9eeb..c70ab42a61 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -108,11 +108,6 @@ int add_home_service(char *service, char *homedir) lp_add_home(new_service,iHomeService,homedir); iService = lp_servicenumber(new_service); - if ((iService != -1) && usr_p && (strstr(lp_pathname(iService),"%D") == NULL)) - DEBUG(0,("find_service: Service %s added for user %s - contains non-local (Domain) user \ -with non-domain parameterised path (%s). This may be cause the wrong directory to be seen.\n", - new_service, service, lp_pathname(iService) )); - return iService; } -- cgit From fcda2645f099e5d356361ec3de4f45d97285f0b5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 20 Jun 2001 03:05:09 +0000 Subject: added a close-share smbcontrol message that forcibly closes a share in smbd (to allow unmount) (This used to be commit 15b17a80db605a55f667c95fb7e316877a441887) --- source3/smbd/service.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c70ab42a61..61da72b2e9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -697,3 +697,5 @@ void close_cnum(connection_struct *conn, uint16 vuid) } conn_free(conn); } + + -- cgit From e2ced932dbd34384f1e3752cc073b2fb66467b46 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 29 Jun 2001 22:32:24 +0000 Subject: Ensured all the system calls in msdfs.c go through the vfs layer. Added vfs calls to symlink() and readlink() with appropriate configure checks. Jeremy. (This used to be commit c24e6b41ea60ab4bac2fcd19da947851d6df3c7c) --- source3/smbd/service.c | 26 ++++---------------------- 1 file changed, 4 insertions(+), 22 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 61da72b2e9..0e2c0ff7a1 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -524,28 +524,10 @@ connection_struct *make_connection(char *service,char *user,char *password, int } /* Initialise VFS function pointers */ - if (*lp_vfsobj(SNUM(conn))) { - -#ifdef HAVE_LIBDL - - /* Loadable object file */ - - if (!vfs_init_custom(conn)) { - DEBUG(0, ("vfs_init failed\n")); - conn_free(conn); - return NULL; - } -#else - DEBUG(0, ("No libdl present - cannot use VFS objects\n")); - conn_free(conn); - return NULL; -#endif - - } else { - - /* Normal share - initialise with disk access functions */ - - vfs_init_default(conn); + if (!vfs_init(conn)) { + DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn)))); + conn_free(conn); + return NULL; } /* execute any "root preexec = " line */ -- cgit From 87fbb7092b8f8b2f0db0f361c3d625e19de57cd9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 4 Jul 2001 07:15:53 +0000 Subject: The big character set handling changeover! This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a) --- source3/smbd/service.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0e2c0ff7a1..836ef30f80 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -245,7 +245,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (*user && Get_Pwnam(user,True)) { fstring dos_username; fstrcpy(dos_username, user); - unix_to_dos(dos_username, True); return(make_connection(dos_username,user,password, pwlen,dev,vuid,ecode)); } @@ -255,7 +254,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int fstring dos_username; fstrcpy(user,validated_username(vuid)); fstrcpy(dos_username, user); - unix_to_dos(dos_username, True); return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode)); } } else { @@ -265,7 +263,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int fstring dos_username; fstrcpy(user,current_user_info.smb_name); fstrcpy(dos_username, user); - unix_to_dos(dos_username, True); return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode)); } } -- cgit From 527e824293ee934ca5da0ef5424efe5ab7757248 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 4 Jul 2001 07:36:09 +0000 Subject: strchr and strrchr are macros when compiling with optimisation in gcc, so we can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 836ef30f80..04139be917 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -102,7 +102,7 @@ int add_home_service(char *service, char *homedir) fstrcpy(new_service, service); - if ((usr_p = strchr(service,*lp_winbind_separator())) != NULL) + if ((usr_p = strchr_m(service,*lp_winbind_separator())) != NULL) fstrcpy(new_service, usr_p+1); lp_add_home(new_service,iHomeService,homedir); -- cgit From 54068ae8f390bc008116cbeb459bbd39cd098392 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 17 Jul 2001 22:04:46 +0000 Subject: Tidied up calling yield_connection on connection allocation fail. Restore debug message to level zero. Jeremy. (This used to be commit 0b13f495b31887d526b46a48a812fa3fd418ce8e) --- source3/smbd/service.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 04139be917..2152a3e4df 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -512,6 +512,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int *ecode = ERRaccess; DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n", service )); + yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); conn_free(conn); return NULL; } else { @@ -523,6 +524,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!vfs_init(conn)) { DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn)))); + yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); conn_free(conn); return NULL; } @@ -536,6 +538,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int ret = smbrun(cmd,NULL); if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); + yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); conn_free(conn); *ecode = ERRsrverror; return NULL; @@ -588,6 +591,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int ret = smbrun(cmd,NULL); if (ret != 0 && lp_preexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); + yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); conn_free(conn); *ecode = ERRsrverror; return NULL; -- cgit From 1cbae7315f99835ee294ce96858f73b5f8a18cfe Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 24 Jul 2001 20:02:48 +0000 Subject: Convert other parameters (read list, write list, valid users...) to the P_LIST format. changed functions to use list instead of strings addedd lp_list_substitute function (This used to be commit 7257d07563ba21bd88733d5d2b4ec4829fab2507) --- source3/smbd/service.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2152a3e4df..b65ac13e74 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -337,18 +337,23 @@ connection_struct *make_connection(char *service,char *user,char *password, int { - pstring list; - StrnCpy(list,lp_readlist(snum),sizeof(pstring)-1); - pstring_sub(list,"%S",service); + char **list; - if (user_in_list(user,list)) - conn->read_only = True; - - StrnCpy(list,lp_writelist(snum),sizeof(pstring)-1); - pstring_sub(list,"%S",service); - - if (user_in_list(user,list)) - conn->read_only = False; + lp_list_copy(&list, lp_readlist(snum)); + if(list && lp_list_substitute(list, "%S", service)) { + if (user_in_list(user, list)) + conn->read_only = True; + } + else DEBUG(0, ("read list substitution failed readlist: 0x%x list: 0x%x\n", lp_readlist(snum), list)); + if (list) lp_list_free(&list); + + lp_list_copy(&list, lp_writelist(snum)); + if(list && lp_list_substitute(list, "%S", service)) { + if (user_in_list(user, list)) + conn->read_only = False; + } + else DEBUG(0, ("write list substitution failed writelist: 0x%x list: 0x%x\n", lp_writelist(snum), list)); + if (list) lp_list_free(&list); } /* admin user check */ @@ -357,7 +362,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int marked read_only. Changed as I don't think this is needed, but old code left in case there is a problem here. */ - if (user_in_list(user,lp_admin_users(snum)) + if (user_in_list(user, lp_admin_users(snum)) #if 0 && !conn->read_only #endif -- cgit From 9de7c5e52155ee869605884526b9895ad58c0312 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 25 Jul 2001 06:29:26 +0000 Subject: - don't try to print pointers - removed some unused mangling code (This used to be commit 36af1c0dc41f72ec6a5c671fd6b4f6eb2590b8b4) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b65ac13e74..6f29088a97 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -344,7 +344,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (user_in_list(user, list)) conn->read_only = True; } - else DEBUG(0, ("read list substitution failed readlist: 0x%x list: 0x%x\n", lp_readlist(snum), list)); + else DEBUG(0, ("read list substitution failed\n")); if (list) lp_list_free(&list); lp_list_copy(&list, lp_writelist(snum)); @@ -352,7 +352,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (user_in_list(user, list)) conn->read_only = False; } - else DEBUG(0, ("write list substitution failed writelist: 0x%x list: 0x%x\n", lp_writelist(snum), list)); + else DEBUG(0, ("write list substitution failed writelist\n")); if (list) lp_list_free(&list); } -- cgit From b99e314cfbee90441c05669a824e7e5d4fec3f8e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 26 Jul 2001 22:05:51 +0000 Subject: better debug messages + fix typo in debug message (This used to be commit b377f06fd90f607fa9e0e2e61981e835527b568c) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 6f29088a97..13a6a387ae 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -344,7 +344,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (user_in_list(user, list)) conn->read_only = True; } - else DEBUG(0, ("read list substitution failed\n")); + else DEBUG(0, ("ERROR: read list substitution failed\n")); if (list) lp_list_free(&list); lp_list_copy(&list, lp_writelist(snum)); @@ -352,7 +352,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (user_in_list(user, list)) conn->read_only = False; } - else DEBUG(0, ("write list substitution failed writelist\n")); + else DEBUG(0, ("ERROR: write list substitution failed\n")); if (list) lp_list_free(&list); } -- cgit From 578a39d44f532a211169a7635043e2dfc18b3c65 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 Aug 2001 07:03:27 +0000 Subject: smbd/auth_server: Doco, we want to use cli_nt_error here soon smbd/password.c: We don't use globals here anymore smbd/reply.c: Tidyness, global_myworkgroup must die! smbd/service.c: Move some of the make_connection code into a helper function. (This used to be commit 15c87e404fcaff9e360a40b8b673938c6e611daf) --- source3/smbd/service.c | 73 +++++++++++++++++++++++++++++--------------------- 1 file changed, 43 insertions(+), 30 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 13a6a387ae..fe0f95ba6a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -213,6 +213,47 @@ int find_service(char *service) } +/**************************************************************************** + do some basic sainity checks on the share. + This function modifies dev, ecode. +****************************************************************************/ +static BOOL share_sanity_checks(int snum, char* service, char *dev, int *ecode) +{ + + if (!lp_snum_ok(snum) || + !check_access(smbd_server_fd(), + lp_hostsallow(snum), lp_hostsdeny(snum))) { + *ecode = ERRaccess; + return False; + } + + /* you can only connect to the IPC$ service as an ipc device */ + if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) + pstrcpy(dev,"IPC"); + + if (*dev == '?' || !*dev) { + if (lp_print_ok(snum)) { + pstrcpy(dev,"LPT1:"); + } else { + pstrcpy(dev,"A:"); + } + } + + /* if the request is as a printer and you can't print then refuse */ + strupper(dev); + if (!lp_print_ok(snum) && (strncmp(dev,"LPT",3) == 0)) { + DEBUG(1,("Attempt to connect to non-printer as a printer\n")); + *ecode = ERRinvdevice; + return False; + } + + /* Behave as a printer if we are supposed to */ + if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) { + pstrcpy(dev, "LPT1:"); + } + return True; +} + /**************************************************************************** make a connection to a service ****************************************************************************/ @@ -268,37 +309,9 @@ connection_struct *make_connection(char *service,char *user,char *password, int } } - if (!lp_snum_ok(snum) || - !check_access(smbd_server_fd(), - lp_hostsallow(snum), lp_hostsdeny(snum))) { - *ecode = ERRaccess; - return NULL; - } - - /* you can only connect to the IPC$ service as an ipc device */ - if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) - pstrcpy(dev,"IPC"); - - if (*dev == '?' || !*dev) { - if (lp_print_ok(snum)) { - pstrcpy(dev,"LPT1:"); - } else { - pstrcpy(dev,"A:"); - } - } - - /* if the request is as a printer and you can't print then refuse */ - strupper(dev); - if (!lp_print_ok(snum) && (strncmp(dev,"LPT",3) == 0)) { - DEBUG(1,("Attempt to connect to non-printer as a printer\n")); - *ecode = ERRinvdevice; + if (!share_sanity_checks(snum, service, dev, ecode)) { return NULL; - } - - /* Behave as a printer if we are supposed to */ - if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) { - pstrcpy(dev, "LPT1:"); - } + } /* lowercase the user name */ strlower(user); -- cgit From 67967749a2ed584de3b0d670094724021eafc50b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 Aug 2001 07:48:25 +0000 Subject: Move read only check into a helper funcion. Ensure conn->service is set before we use it to find a share's details. (This used to be commit 7dc716f174c38e73b8e6d07130a1bc39f4499ce3) --- source3/smbd/service.c | 90 ++++++++++++++++++++++++++++---------------------- 1 file changed, 50 insertions(+), 40 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index fe0f95ba6a..5bb535f884 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -254,6 +254,37 @@ static BOOL share_sanity_checks(int snum, char* service, char *dev, int *ecode) return True; } + +/**************************************************************************** + readonly share? +****************************************************************************/ +static void set_read_only(connection_struct *conn) +{ + char *service = lp_servicename(conn->service); + conn->read_only = lp_readonly(conn->service); + + { + char **list; + + lp_list_copy(&list, lp_readlist(conn->service)); + if(list && lp_list_substitute(list, "%S", service)) { + if (user_in_list(conn->user, list)) + conn->read_only = True; + } + else DEBUG(0, ("ERROR: read list substitution failed\n")); + if (list) lp_list_free(&list); + + lp_list_copy(&list, lp_writelist(conn->service)); + if(list && lp_list_substitute(list, "%S", service)) { + if (user_in_list(conn->user, list)) + conn->read_only = False; + } + else DEBUG(0, ("ERROR: write list substitution failed\n")); + if (list) lp_list_free(&list); + } +} + + /**************************************************************************** make a connection to a service ****************************************************************************/ @@ -346,46 +377,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int return NULL; } - conn->read_only = lp_readonly(snum); - - - { - char **list; - - lp_list_copy(&list, lp_readlist(snum)); - if(list && lp_list_substitute(list, "%S", service)) { - if (user_in_list(user, list)) - conn->read_only = True; - } - else DEBUG(0, ("ERROR: read list substitution failed\n")); - if (list) lp_list_free(&list); - - lp_list_copy(&list, lp_writelist(snum)); - if(list && lp_list_substitute(list, "%S", service)) { - if (user_in_list(user, list)) - conn->read_only = False; - } - else DEBUG(0, ("ERROR: write list substitution failed\n")); - if (list) lp_list_free(&list); - } - - /* admin user check */ - - /* JRA - original code denied admin user if the share was - marked read_only. Changed as I don't think this is needed, - but old code left in case there is a problem here. - */ - if (user_in_list(user, lp_admin_users(snum)) -#if 0 - && !conn->read_only -#endif - ) { - conn->admin_user = True; - DEBUG(0,("%s logged in as admin user (root privileges)\n",user)); - } else { - conn->admin_user = False; - } - conn->force_user = force; conn->vuid = vuid; conn->uid = pass->pw_uid; @@ -405,6 +396,25 @@ connection_struct *make_connection(char *service,char *user,char *password, int string_set(&conn->user,user); conn->nt_user_token = NULL; + set_read_only(conn); + + /* admin user check */ + + /* JRA - original code denied admin user if the share was + marked read_only. Changed as I don't think this is needed, + but old code left in case there is a problem here. + */ + if (user_in_list(user, lp_admin_users(snum)) +#if 0 + && !conn->read_only +#endif + ) { + conn->admin_user = True; + DEBUG(0,("%s logged in as admin user (root privileges)\n",user)); + } else { + conn->admin_user = False; + } + /* * If force user is true, then store the * given userid and also the primary groupid -- cgit From 327fda27eddfb1be7f0e344e86cca438c103c6ea Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 Aug 2001 08:12:33 +0000 Subject: Move admin user check into a helper function. Formatting fixes. (This used to be commit 6fd8eb08c12d0446ab639becf8825d26bce8eb8a) --- source3/smbd/service.c | 53 +++++++++++++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 18 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 5bb535f884..3e29c8cf58 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -285,6 +285,37 @@ static void set_read_only(connection_struct *conn) } +/**************************************************************************** + admin user check +****************************************************************************/ +static void set_admin_user(connection_struct *conn) +{ + /* admin user check */ + + /* JRA - original code denied admin user if the share was + marked read_only. Changed as I don't think this is needed, + but old code left in case there is a problem here. + */ + if (user_in_list(conn->user,lp_admin_users(conn->service)) +#if 0 + && !conn->read_only +#endif + ) { + conn->admin_user = True; + DEBUG(0,("%s logged in as admin user (root privileges)\n",conn->user)); + } else { + conn->admin_user = False; + } + +#if 0 /* This done later, for now */ + /* admin users always run as uid=0 */ + if (conn->admin_user) { + conn->uid = 0; + } +#endif +} + + /**************************************************************************** make a connection to a service ****************************************************************************/ @@ -381,7 +412,8 @@ connection_struct *make_connection(char *service,char *user,char *password, int conn->vuid = vuid; conn->uid = pass->pw_uid; conn->gid = pass->pw_gid; - safe_strcpy(conn->client_address, client_addr(), sizeof(conn->client_address)-1); + safe_strcpy(conn->client_address, client_addr(), + sizeof(conn->client_address)-1); conn->num_files_open = 0; conn->lastused = time(NULL); conn->service = snum; @@ -398,23 +430,8 @@ connection_struct *make_connection(char *service,char *user,char *password, int set_read_only(conn); - /* admin user check */ - - /* JRA - original code denied admin user if the share was - marked read_only. Changed as I don't think this is needed, - but old code left in case there is a problem here. - */ - if (user_in_list(user, lp_admin_users(snum)) -#if 0 - && !conn->read_only -#endif - ) { - conn->admin_user = True; - DEBUG(0,("%s logged in as admin user (root privileges)\n",user)); - } else { - conn->admin_user = False; - } - + set_admin_user(conn); + /* * If force user is true, then store the * given userid and also the primary groupid -- cgit From 9ed5f60a5b385d01e441c53318295fd32fefe0d6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 Aug 2001 08:44:04 +0000 Subject: Move the claim_connection stuff till a little later in the process. (You don't have to clean up somthing you haven't done yet...) (This used to be commit ba76564c2a06bf7feefdaf9ef06cbf77c776b6e6) --- source3/smbd/service.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 3e29c8cf58..524b647b5e 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -527,17 +527,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int initialise_groups(conn->user, conn->uid, conn->gid); get_current_groups(&conn->ngroups,&conn->groups); - /* check number of connections */ - if (!claim_connection(conn, - lp_servicename(SNUM(conn)), - lp_max_connections(SNUM(conn)), - False)) { - DEBUG(1,("too many connections - rejected\n")); - *ecode = ERRnoresource; - conn_free(conn); - return NULL; - } - conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups, guest); @@ -557,8 +546,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int *ecode = ERRaccess; DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n", service )); - yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); - conn_free(conn); return NULL; } else { conn->read_only = True; @@ -569,11 +556,20 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!vfs_init(conn)) { DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn)))); - yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); - conn_free(conn); return NULL; } + /* check number of connections */ + if (!claim_connection(conn, + lp_servicename(SNUM(conn)), + lp_max_connections(SNUM(conn)), + False)) { + DEBUG(1,("too many connections - rejected\n")); + *ecode = ERRnoresource; + conn_free(conn); + return NULL; + } + /* execute any "root preexec = " line */ if (*lp_rootpreexec(SNUM(conn))) { pstring cmd; @@ -583,7 +579,9 @@ connection_struct *make_connection(char *service,char *user,char *password, int ret = smbrun(cmd,NULL); if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); - yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); + yield_connection(conn, + lp_servicename(SNUM(conn)), + lp_max_connections(SNUM(conn))); conn_free(conn); *ecode = ERRsrverror; return NULL; -- cgit From 8db28234c548cc4a381f93981df607ffe816c664 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 Aug 2001 08:57:58 +0000 Subject: OK, so not freeing these was a mistake. I'll try to be less exuberent next time :-) (This used to be commit 8c3cf2db95a0fcf48b21274cac93f13abb42d4bf) --- source3/smbd/service.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 524b647b5e..edac97194e 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -546,6 +546,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int *ecode = ERRaccess; DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n", service )); + conn_free(conn); return NULL; } else { conn->read_only = True; @@ -556,6 +557,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!vfs_init(conn)) { DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn)))); + conn_free(conn); return NULL; } -- cgit From b031af348c7dcc8c74bf49945211c466b8eca079 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 27 Aug 2001 19:46:22 +0000 Subject: converted another bunch of stuff to NTSTATUS (This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e) --- source3/smbd/service.c | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index edac97194e..df0f6f2095 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -217,14 +217,13 @@ int find_service(char *service) do some basic sainity checks on the share. This function modifies dev, ecode. ****************************************************************************/ -static BOOL share_sanity_checks(int snum, char* service, char *dev, int *ecode) +static NTSTATUS share_sanity_checks(int snum, char* service, char *dev) { if (!lp_snum_ok(snum) || !check_access(smbd_server_fd(), lp_hostsallow(snum), lp_hostsdeny(snum))) { - *ecode = ERRaccess; - return False; + return NT_STATUS_ACCESS_DENIED; } /* you can only connect to the IPC$ service as an ipc device */ @@ -243,15 +242,15 @@ static BOOL share_sanity_checks(int snum, char* service, char *dev, int *ecode) strupper(dev); if (!lp_print_ok(snum) && (strncmp(dev,"LPT",3) == 0)) { DEBUG(1,("Attempt to connect to non-printer as a printer\n")); - *ecode = ERRinvdevice; - return False; + return NT_STATUS_BAD_DEVICE_TYPE; } /* Behave as a printer if we are supposed to */ if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) { pstrcpy(dev, "LPT1:"); } - return True; + + return NT_STATUS_OK; } @@ -319,7 +318,8 @@ static void set_admin_user(connection_struct *conn) /**************************************************************************** make a connection to a service ****************************************************************************/ -connection_struct *make_connection(char *service,char *user,char *password, int pwlen, char *dev,uint16 vuid, int *ecode) +connection_struct *make_connection(char *service,char *user,char *password, + int pwlen, char *dev,uint16 vuid, NTSTATUS *status) { int snum; struct passwd *pass = NULL; @@ -334,13 +334,13 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (snum < 0) { if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) { DEBUG(3,("refusing IPC connection\n")); - *ecode = ERRnoipc; + *status = NT_STATUS_ACCESS_DENIED; return NULL; } DEBUG(0,("%s (%s) couldn't find service %s\n", remote_machine, client_addr(), service)); - *ecode = ERRnosuchshare; + *status = NT_STATUS_BAD_NETWORK_PATH; return NULL; } @@ -349,7 +349,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int fstring dos_username; fstrcpy(dos_username, user); return(make_connection(dos_username,user,password, - pwlen,dev,vuid,ecode)); + pwlen,dev,vuid,status)); } if(lp_security() != SEC_SHARE) { @@ -357,7 +357,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int fstring dos_username; fstrcpy(user,validated_username(vuid)); fstrcpy(dos_username, user); - return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode)); + return(make_connection(dos_username,user,password,pwlen,dev,vuid,status)); } } else { /* Security = share. Try with current_user_info.smb_name @@ -366,12 +366,12 @@ connection_struct *make_connection(char *service,char *user,char *password, int fstring dos_username; fstrcpy(user,current_user_info.smb_name); fstrcpy(dos_username, user); - return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode)); + return(make_connection(dos_username,user,password,pwlen,dev,vuid,status)); } } } - if (!share_sanity_checks(snum, service, dev, ecode)) { + if (NT_STATUS_IS_ERR(share_sanity_checks(snum, service, dev))) { return NULL; } @@ -387,14 +387,14 @@ connection_struct *make_connection(char *service,char *user,char *password, int /* shall we let them in? */ if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) { DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) ); - *ecode = ERRbadpw; + *status = NT_STATUS_WRONG_PASSWORD; return NULL; } conn = conn_new(); if (!conn) { DEBUG(0,("Couldn't find free connection.\n")); - *ecode = ERRnoresource; + *status = NT_STATUS_INSUFFICIENT_RESOURCES; return NULL; } @@ -403,7 +403,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (pass == NULL) { DEBUG(0,( "Couldn't find account %s\n",user)); - *ecode = ERRbaduid; + *status = NT_STATUS_NO_SUCH_USER; conn_free(conn); return NULL; } @@ -543,7 +543,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!can_write) { if (!share_access_check(conn, snum, vuid, FILE_READ_DATA)) { /* No access, read or write. */ - *ecode = ERRaccess; + *status = NT_STATUS_ACCESS_DENIED; DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n", service )); conn_free(conn); @@ -567,7 +567,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int lp_max_connections(SNUM(conn)), False)) { DEBUG(1,("too many connections - rejected\n")); - *ecode = ERRnoresource; + *status = NT_STATUS_INSUFFICIENT_RESOURCES; conn_free(conn); return NULL; } @@ -585,7 +585,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); conn_free(conn); - *ecode = ERRsrverror; + *status = NT_STATUS_UNSUCCESSFUL; return NULL; } } @@ -596,7 +596,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); conn_free(conn); - *ecode = ERRbadpw; + *status = NT_STATUS_WRONG_PASSWORD; return NULL; } @@ -609,7 +609,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); conn_free(conn); - *ecode = ERRnosuchshare; + *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } @@ -638,7 +638,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int DEBUG(1,("preexec gave %d - failing connection\n", ret)); yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); conn_free(conn); - *ecode = ERRsrverror; + *status = NT_STATUS_UNSUCCESSFUL; return NULL; } } -- cgit From 1c8c7c558b563e9a3bd0a11e9bc11947f99d700a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 15 Sep 2001 01:59:44 +0000 Subject: Actually fill in the status for sainity checks Andrew Bartlett (This used to be commit d47016de52e9e5c468edf4c87dc60535a9796b99) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index df0f6f2095..62e51f797f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -371,7 +371,7 @@ connection_struct *make_connection(char *service,char *user,char *password, } } - if (NT_STATUS_IS_ERR(share_sanity_checks(snum, service, dev))) { + if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, service, dev))) { return NULL; } -- cgit From 7892c494e7321c64b20bf7e1d794a6b6508fe84a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 15 Sep 2001 12:55:59 +0000 Subject: Kill off the //server/share%user hack in share level security. This should help make much of this code simpiler. Andrew Bartlett (This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0) --- source3/smbd/service.c | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 62e51f797f..4765844460 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -318,7 +318,7 @@ static void set_admin_user(connection_struct *conn) /**************************************************************************** make a connection to a service ****************************************************************************/ -connection_struct *make_connection(char *service,char *user,char *password, +connection_struct *make_connection(char *service,char *password, int pwlen, char *dev,uint16 vuid, NTSTATUS *status) { int snum; @@ -326,7 +326,8 @@ connection_struct *make_connection(char *service,char *user,char *password, BOOL guest = False; BOOL force = False; connection_struct *conn; - int ret; + + fstring user; strlower(service); @@ -345,28 +346,20 @@ connection_struct *make_connection(char *service,char *user,char *password, } if (strequal(service,HOMES_NAME)) { - if (*user && Get_Pwnam(user,True)) { - fstring dos_username; - fstrcpy(dos_username, user); - return(make_connection(dos_username,user,password, - pwlen,dev,vuid,status)); - } - if(lp_security() != SEC_SHARE) { if (validated_username(vuid)) { - fstring dos_username; - fstrcpy(user,validated_username(vuid)); - fstrcpy(dos_username, user); - return(make_connection(dos_username,user,password,pwlen,dev,vuid,status)); + fstring unix_username; + fstrcpy(unix_username,validated_username(vuid)); + return(make_connection(unix_username,password,pwlen,dev,vuid,status)); } } else { /* Security = share. Try with current_user_info.smb_name * as the username. */ if(*current_user_info.smb_name) { - fstring dos_username; - fstrcpy(user,current_user_info.smb_name); - fstrcpy(dos_username, user); - return(make_connection(dos_username,user,password,pwlen,dev,vuid,status)); + fstring unix_username; + fstrcpy(unix_username,current_user_info.smb_name); + map_username(unix_username); + return(make_connection(unix_username,password,pwlen,dev,vuid,status)); } } } @@ -375,15 +368,13 @@ connection_struct *make_connection(char *service,char *user,char *password, return NULL; } - /* lowercase the user name */ - strlower(user); - /* add it as a possible user name if we are in share mode security */ if (lp_security() == SEC_SHARE) { add_session_user(service); } + /* shall we let them in? */ if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) { DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) ); @@ -574,6 +565,7 @@ connection_struct *make_connection(char *service,char *user,char *password, /* execute any "root preexec = " line */ if (*lp_rootpreexec(SNUM(conn))) { + int ret; pstring cmd; pstrcpy(cmd,lp_rootpreexec(SNUM(conn))); standard_sub_conn(conn,cmd); @@ -630,6 +622,7 @@ connection_struct *make_connection(char *service,char *user,char *password, /* execute any "preexec = " line */ if (*lp_preexec(SNUM(conn))) { + int ret; pstring cmd; pstrcpy(cmd,lp_preexec(SNUM(conn))); standard_sub_conn(conn,cmd); -- cgit From 56aa0a274d7bbe7b3a3b28a6043ec69cc97d85f3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 19 Sep 2001 04:11:23 +0000 Subject: got rid of bogus write list substitution error messages (This used to be commit 0deae6c407faa86ea871a219ad52fdd285166274) --- source3/smbd/service.c | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 4765844460..beb2d76b44 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -259,27 +259,30 @@ static NTSTATUS share_sanity_checks(int snum, char* service, char *dev) ****************************************************************************/ static void set_read_only(connection_struct *conn) { + char **list; char *service = lp_servicename(conn->service); conn->read_only = lp_readonly(conn->service); - { - char **list; + if (!service) return; - lp_list_copy(&list, lp_readlist(conn->service)); - if(list && lp_list_substitute(list, "%S", service)) { - if (user_in_list(conn->user, list)) - conn->read_only = True; + lp_list_copy(&list, lp_readlist(conn->service)); + if (list) { + if (!lp_list_substitute(list, "%S", service)) { + DEBUG(0, ("ERROR: read list substitution failed\n")); } - else DEBUG(0, ("ERROR: read list substitution failed\n")); - if (list) lp_list_free(&list); - - lp_list_copy(&list, lp_writelist(conn->service)); - if(list && lp_list_substitute(list, "%S", service)) { - if (user_in_list(conn->user, list)) - conn->read_only = False; + if (user_in_list(conn->user, list)) + conn->read_only = True; + lp_list_free(&list); + } + + lp_list_copy(&list, lp_writelist(conn->service)); + if (list) { + if (!lp_list_substitute(list, "%S", service)) { + DEBUG(0, ("ERROR: write list substitution failed\n")); } - else DEBUG(0, ("ERROR: write list substitution failed\n")); - if (list) lp_list_free(&list); + if (user_in_list(conn->user, list)) + conn->read_only = False; + lp_list_free(&list); } } -- cgit From 8bb1479500d4c6085ef94e8ae032e1728def065f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 20 Sep 2001 07:09:28 +0000 Subject: Rearrange the ordering of the checks in make_connection(). The new order has some sainity, avoiding things like 'root preexec' when the connection would otherwise already be denied (max connections). This does change behaviour, but I think its for the best. Andrew Bartlett (This used to be commit 99e8a263ada41de2662a0290fda3dd9df3ac0cd4) --- source3/smbd/service.c | 93 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 56 insertions(+), 37 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index beb2d76b44..7119aa258e 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -331,10 +331,12 @@ connection_struct *make_connection(char *service,char *password, connection_struct *conn; fstring user; + ZERO_STRUCT(user); strlower(service); snum = find_service(service); + if (snum < 0) { if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) { DEBUG(3,("refusing IPC connection\n")); @@ -384,6 +386,8 @@ connection_struct *make_connection(char *service,char *password, *status = NT_STATUS_WRONG_PASSWORD; return NULL; } + + add_session_user(user); conn = conn_new(); if (!conn) { @@ -423,7 +427,7 @@ connection_struct *make_connection(char *service,char *password, conn->nt_user_token = NULL; set_read_only(conn); - + set_admin_user(conn); /* @@ -555,6 +559,16 @@ connection_struct *make_connection(char *service,char *password, return NULL; } + if (!become_user(conn, conn->vuid)) { + /* No point continuing if they fail the basic checks */ + DEBUG(0,("Can't become connected user!\n")); + conn_free(conn); + *status = NT_STATUS_LOGON_FAILURE; + return NULL; + } + +/* ROOT Activities: */ + become_root(); /* check number of connections */ if (!claim_connection(conn, lp_servicename(SNUM(conn)), @@ -563,9 +577,12 @@ connection_struct *make_connection(char *service,char *password, DEBUG(1,("too many connections - rejected\n")); *status = NT_STATUS_INSUFFICIENT_RESOURCES; conn_free(conn); + unbecome_root(); + unbecome_user(); return NULL; } - + + /* Preexecs are done here as they might make the dir we are to ChDir to below */ /* execute any "root preexec = " line */ if (*lp_rootpreexec(SNUM(conn))) { int ret; @@ -575,26 +592,40 @@ connection_struct *make_connection(char *service,char *password, DEBUG(5,("cmd=%s\n",cmd)); ret = smbrun(cmd,NULL); if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { - DEBUG(1,("preexec gave %d - failing connection\n", ret)); + DEBUG(1,("root preexec gave %d - failing connection\n", ret)); yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); conn_free(conn); *status = NT_STATUS_UNSUCCESSFUL; + unbecome_root(); + unbecome_user(); return NULL; } } - - if (!become_user(conn, conn->vuid)) { - DEBUG(0,("Can't become connected user!\n")); - yield_connection(conn, - lp_servicename(SNUM(conn)), - lp_max_connections(SNUM(conn))); - conn_free(conn); - *status = NT_STATUS_WRONG_PASSWORD; - return NULL; + unbecome_root(); + +/* USER Activites: */ + /* Remember that a different vuid can connect later without these checks... */ + + /* Preexecs are done here as they might make the dir we are to ChDir to below */ + /* execute any "preexec = " line */ + if (*lp_preexec(SNUM(conn))) { + int ret; + pstring cmd; + pstrcpy(cmd,lp_preexec(SNUM(conn))); + standard_sub_conn(conn,cmd); + ret = smbrun(cmd,NULL); + if (ret != 0 && lp_preexec_close(SNUM(conn))) { + DEBUG(1,("preexec gave %d - failing connection\n", ret)); + unbecome_user(); + yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); + conn_free(conn); + *status = NT_STATUS_UNSUCCESSFUL; + return NULL; + } } - + if (vfs_ChDir(conn,conn->connectpath) != 0) { DEBUG(0,("%s (%s) Can't change directory to %s (%s)\n", remote_machine, conn->client_address, @@ -621,40 +652,20 @@ connection_struct *make_connection(char *service,char *password, } #endif - add_session_user(user); - - /* execute any "preexec = " line */ - if (*lp_preexec(SNUM(conn))) { - int ret; - pstring cmd; - pstrcpy(cmd,lp_preexec(SNUM(conn))); - standard_sub_conn(conn,cmd); - ret = smbrun(cmd,NULL); - if (ret != 0 && lp_preexec_close(SNUM(conn))) { - DEBUG(1,("preexec gave %d - failing connection\n", ret)); - yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); - conn_free(conn); - *status = NT_STATUS_UNSUCCESSFUL; - return NULL; - } - } - /* * Print out the 'connected as' stuff here as we need - * to know the effective uid and gid we will be using. + * to know the effective uid and gid we will be using + * (at least initially). */ if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) { dbgtext( "%s (%s) ", remote_machine, conn->client_address ); dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) ); - dbgtext( "as user %s ", user ); + dbgtext( "initially as user %s ", user ); dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() ); dbgtext( "(pid %d)\n", (int)sys_getpid() ); } - /* we've finished with the sensitive stuff */ - unbecome_user(); - /* Add veto/hide lists */ if (!IS_IPC(conn) && !IS_PRINT(conn)) { set_namearray( &conn->veto_list, lp_veto_files(SNUM(conn))); @@ -665,9 +676,17 @@ connection_struct *make_connection(char *service,char *password, /* Invoke VFS make connection hook */ if (conn->vfs_ops.connect) { - if (conn->vfs_ops.connect(conn, service, user) < 0) + if (conn->vfs_ops.connect(conn, service, user) < 0) { + DEBUG(0,("make_connection: VFS make connection failed!\n")); + *status = NT_STATUS_UNSUCCESSFUL; + unbecome_user(); + conn_free(conn); return NULL; + } } + + /* we've finished with the sensitive stuff */ + unbecome_user(); return(conn); } -- cgit From dc1fc3ee8ec2199bc73bb5d7ec711c6800f61d65 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 2 Oct 2001 04:29:50 +0000 Subject: Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header. (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e) --- source3/smbd/service.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 7119aa258e..69283d3bf5 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -21,8 +21,6 @@ #include "includes.h" -extern int DEBUGLEVEL; - extern struct timeval smb_last_time; extern int case_default; extern BOOL case_preserve; @@ -740,5 +738,3 @@ void close_cnum(connection_struct *conn, uint16 vuid) } conn_free(conn); } - - -- cgit From f0e0dd6507c355103c51058642f1e4245c573413 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 18 Oct 2001 00:27:20 +0000 Subject: Renamed vfs_init() to smbd_vfs_init() to allow vfs modules to compile. (This used to be commit 7c3542ba8764be48b88255dd7f73ea6d87be10ac) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 69283d3bf5..6f2c28d19c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -551,7 +551,7 @@ connection_struct *make_connection(char *service,char *password, } /* Initialise VFS function pointers */ - if (!vfs_init(conn)) { + if (!smbd_vfs_init(conn)) { DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn)))); conn_free(conn); return NULL; -- cgit From c416ff851b4ecc7a44aee9d00d07dd481d8ae2a7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2001 20:15:12 +0000 Subject: Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD. Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba) --- source3/smbd/service.c | 58 ++++++++++++++++++++++++++------------------------ 1 file changed, 30 insertions(+), 28 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 6f2c28d19c..9e3f3c9f11 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -34,9 +34,10 @@ extern fstring remote_machine; /**************************************************************************** -load parameters specific to a connection/service + Load parameters specific to a connection/service. ****************************************************************************/ -BOOL become_service(connection_struct *conn,BOOL do_chdir) + +BOOL set_current_service(connection_struct *conn,BOOL do_chdir) { extern char magic_char; static connection_struct *last_conn; @@ -315,10 +316,10 @@ static void set_admin_user(connection_struct *conn) #endif } - /**************************************************************************** - make a connection to a service + Make a connection to a service. ****************************************************************************/ + connection_struct *make_connection(char *service,char *password, int pwlen, char *dev,uint16 vuid, NTSTATUS *status) { @@ -327,10 +328,17 @@ connection_struct *make_connection(char *service,char *password, BOOL guest = False; BOOL force = False; connection_struct *conn; + uid_t euid; fstring user; ZERO_STRUCT(user); + /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */ + if ((euid = geteuid()) != 0) { + DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot (%u)\n", (unsigned int)euid )); + smb_panic("make_connection: PANIC ERROR. Called as nonroot\n"); + } + strlower(service); snum = find_service(service); @@ -519,7 +527,7 @@ connection_struct *make_connection(char *service,char *password, conn->groups = NULL; /* Find all the groups this uid is in and - store them. Used by become_user() */ + store them. Used by change_to_user() */ initialise_groups(conn->user, conn->uid, conn->gid); get_current_groups(&conn->ngroups,&conn->groups); @@ -557,16 +565,7 @@ connection_struct *make_connection(char *service,char *password, return NULL; } - if (!become_user(conn, conn->vuid)) { - /* No point continuing if they fail the basic checks */ - DEBUG(0,("Can't become connected user!\n")); - conn_free(conn); - *status = NT_STATUS_LOGON_FAILURE; - return NULL; - } - /* ROOT Activities: */ - become_root(); /* check number of connections */ if (!claim_connection(conn, lp_servicename(SNUM(conn)), @@ -575,8 +574,6 @@ connection_struct *make_connection(char *service,char *password, DEBUG(1,("too many connections - rejected\n")); *status = NT_STATUS_INSUFFICIENT_RESOURCES; conn_free(conn); - unbecome_root(); - unbecome_user(); return NULL; } @@ -596,14 +593,19 @@ connection_struct *make_connection(char *service,char *password, lp_max_connections(SNUM(conn))); conn_free(conn); *status = NT_STATUS_UNSUCCESSFUL; - unbecome_root(); - unbecome_user(); return NULL; } } - unbecome_root(); /* USER Activites: */ + if (!change_to_user(conn, conn->vuid)) { + /* No point continuing if they fail the basic checks */ + DEBUG(0,("Can't become connected user!\n")); + conn_free(conn); + *status = NT_STATUS_LOGON_FAILURE; + return NULL; + } + /* Remember that a different vuid can connect later without these checks... */ /* Preexecs are done here as they might make the dir we are to ChDir to below */ @@ -616,7 +618,7 @@ connection_struct *make_connection(char *service,char *password, ret = smbrun(cmd,NULL); if (ret != 0 && lp_preexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); - unbecome_user(); + change_to_root_user(); yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); conn_free(conn); *status = NT_STATUS_UNSUCCESSFUL; @@ -628,7 +630,7 @@ connection_struct *make_connection(char *service,char *password, DEBUG(0,("%s (%s) Can't change directory to %s (%s)\n", remote_machine, conn->client_address, conn->connectpath,strerror(errno))); - unbecome_user(); + change_to_root_user(); yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); @@ -677,14 +679,14 @@ connection_struct *make_connection(char *service,char *password, if (conn->vfs_ops.connect(conn, service, user) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); *status = NT_STATUS_UNSUCCESSFUL; - unbecome_user(); + change_to_root_user(); conn_free(conn); return NULL; } } - /* we've finished with the sensitive stuff */ - unbecome_user(); + /* we've finished with the user stuff - go back to root */ + change_to_root_user(); return(conn); } @@ -697,7 +699,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) { DirCacheFlush(SNUM(conn)); - unbecome_user(); + change_to_root_user(); DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n", remote_machine,conn->client_address, @@ -720,15 +722,15 @@ void close_cnum(connection_struct *conn, uint16 vuid) /* execute any "postexec = " line */ if (*lp_postexec(SNUM(conn)) && - become_user(conn, vuid)) { + change_to_user(conn, vuid)) { pstring cmd; pstrcpy(cmd,lp_postexec(SNUM(conn))); standard_sub_conn(conn,cmd); smbrun(cmd,NULL); - unbecome_user(); + change_to_root_user(); } - unbecome_user(); + change_to_root_user(); /* execute any "root postexec = " line */ if (*lp_rootpostexec(SNUM(conn))) { pstring cmd; -- cgit From e82c34aab5f5e5e1bf7375d10ea9fa5ec578506d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 20 Oct 2001 06:29:52 +0000 Subject: add non_root_mode() check (This used to be commit 96f910bae510fb45e2f1181c1e3ad607a50a64d7) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 9e3f3c9f11..a871192ad5 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -334,7 +334,7 @@ connection_struct *make_connection(char *service,char *password, ZERO_STRUCT(user); /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */ - if ((euid = geteuid()) != 0) { + if (!non_root_mode() && (euid = geteuid()) != 0) { DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot (%u)\n", (unsigned int)euid )); smb_panic("make_connection: PANIC ERROR. Called as nonroot\n"); } -- cgit From 2038649e51f48a489aeec49947e1b791f0b3df43 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Oct 2001 07:28:32 +0000 Subject: This commit is number 3 of 4. In particular this commit focuses on: Changing the Get_Pwnam code so that it can work in a const-enforced environment. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes allow for 'const' in the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username (This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a871192ad5..37f4610b9d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -450,7 +450,7 @@ connection_struct *make_connection(char *service,char *password, /* Allow %S to be used by force user. */ pstring_sub(fuser,"%S",service); - pass2 = (struct passwd *)Get_Pwnam(fuser,True); + pass2 = (struct passwd *)Get_Pwnam_Modify(fuser); if (pass2) { conn->uid = pass2->pw_uid; conn->gid = pass2->pw_gid; -- cgit From 60f0627afb167faad57385d44f0b587186a7ac2b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 31 Oct 2001 10:46:25 +0000 Subject: This is a farily large patch (3300 lines) and reworks most of the AuthRewrite code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c) --- source3/smbd/service.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 37f4610b9d..f6296201ae 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -79,7 +79,7 @@ BOOL set_current_service(connection_struct *conn,BOOL do_chdir) Add a home service. Returns the new service number or -1 if fail. ****************************************************************************/ -int add_home_service(char *service, char *homedir) +int add_home_service(const char *service, const char *homedir) { int iHomeService; int iService; @@ -320,8 +320,8 @@ static void set_admin_user(connection_struct *conn) Make a connection to a service. ****************************************************************************/ -connection_struct *make_connection(char *service,char *password, - int pwlen, char *dev,uint16 vuid, NTSTATUS *status) +connection_struct *make_connection(char *service, DATA_BLOB password, + char *dev,uint16 vuid, NTSTATUS *status) { int snum; struct passwd *pass = NULL; @@ -361,7 +361,7 @@ connection_struct *make_connection(char *service,char *password, if (validated_username(vuid)) { fstring unix_username; fstrcpy(unix_username,validated_username(vuid)); - return(make_connection(unix_username,password,pwlen,dev,vuid,status)); + return(make_connection(unix_username,password,dev,vuid,status)); } } else { /* Security = share. Try with current_user_info.smb_name @@ -370,7 +370,7 @@ connection_struct *make_connection(char *service,char *password, fstring unix_username; fstrcpy(unix_username,current_user_info.smb_name); map_username(unix_username); - return(make_connection(unix_username,password,pwlen,dev,vuid,status)); + return(make_connection(unix_username,password,dev,vuid,status)); } } } @@ -387,7 +387,7 @@ connection_struct *make_connection(char *service,char *password, /* shall we let them in? */ - if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) { + if (!authorise_login(snum,user,password,&guest,&force,vuid)) { DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) ); *status = NT_STATUS_WRONG_PASSWORD; return NULL; -- cgit From f8e2baf39eb864481dd48f61404136b325cd73c2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 3 Nov 2001 23:34:24 +0000 Subject: Added NT_USER_TOKEN into server_info to fix extra groups problem. Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index f6296201ae..49fbee2607 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -533,7 +533,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups, - guest); + guest, NULL); /* * New code to check if there's a share security descripter -- cgit From b322fc3b269de783e2f6bb4b08109ceda89ac932 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Jan 2002 07:48:55 +0000 Subject: Make this error match Win2k. (This used to be commit 490d3aaf20f04d04c91c4748896d7a021581a229) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 49fbee2607..8218ca2dc5 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -352,7 +352,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, DEBUG(0,("%s (%s) couldn't find service %s\n", remote_machine, client_addr(), service)); - *status = NT_STATUS_BAD_NETWORK_PATH; + *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } -- cgit From 9e007457e4aa0ed8656782be1b8af42fc217614b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 14 Jan 2002 19:34:28 +0000 Subject: Removed MAXSTATUS which was set incorrectly - thus causing tdb traversal of the connections db on smbd startup. This should fix the Solaris large load bug.... (fingers crossed). Jeremy. (This used to be commit 5b2b9c25af28543e67762805d1387524cbb6c39d) --- source3/smbd/service.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 8218ca2dc5..120868f24a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -588,9 +588,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, ret = smbrun(cmd,NULL); if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { DEBUG(1,("root preexec gave %d - failing connection\n", ret)); - yield_connection(conn, - lp_servicename(SNUM(conn)), - lp_max_connections(SNUM(conn))); + yield_connection(conn, lp_servicename(SNUM(conn))); conn_free(conn); *status = NT_STATUS_UNSUCCESSFUL; return NULL; @@ -619,7 +617,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, if (ret != 0 && lp_preexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); change_to_root_user(); - yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); + yield_connection(conn, lp_servicename(SNUM(conn))); conn_free(conn); *status = NT_STATUS_UNSUCCESSFUL; return NULL; @@ -631,9 +629,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, remote_machine, conn->client_address, conn->connectpath,strerror(errno))); change_to_root_user(); - yield_connection(conn, - lp_servicename(SNUM(conn)), - lp_max_connections(SNUM(conn))); + yield_connection(conn, lp_servicename(SNUM(conn))); conn_free(conn); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; @@ -713,9 +709,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) } - yield_connection(conn, - lp_servicename(SNUM(conn)), - lp_max_connections(SNUM(conn))); + yield_connection(conn, lp_servicename(SNUM(conn))); file_close_conn(conn); dptr_closecnum(conn); -- cgit From fed604bfa368a2bb1fed414e368d491e4c7d7005 Mon Sep 17 00:00:00 2001 From: Martin Pool Date: Wed, 16 Jan 2002 02:42:07 +0000 Subject: Roll back PSTRING_SANCTIFY patch; just leave non-controversial type and constness changes. (This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424) --- source3/smbd/service.c | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 120868f24a..9b6f38f2ec 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -104,17 +104,19 @@ int add_home_service(const char *service, const char *homedir) if ((usr_p = strchr_m(service,*lp_winbind_separator())) != NULL) fstrcpy(new_service, usr_p+1); - lp_add_home(new_service,iHomeService,homedir); + lp_add_home(new_service, iHomeService, homedir); iService = lp_servicenumber(new_service); return iService; } -/**************************************************************************** - Find a service entry. service is always in dos codepage. -****************************************************************************/ -int find_service(char *service) +/** + * Find a service entry. service is always in dos codepage. + * + * @param service is modified (to canonical form??) + **/ +int find_service(fstring service) { int iService; @@ -158,7 +160,7 @@ int find_service(char *service) { DEBUG(3,("%s is a valid printer name\n", service)); DEBUG(3,("adding %s as a printer service\n", service)); - lp_add_printer(service,iPrinterService); + lp_add_printer(service, iPrinterService); iService = lp_servicenumber(service); if (iService < 0) DEBUG(0,("failed to add %s as a printer service!\n", service)); @@ -192,8 +194,8 @@ int find_service(char *service) iService = find_service(defservice); if (iService >= 0) { - all_string_sub(service,"_","/",0); - iService = lp_add_service(service,iService); + all_string_sub(service, "_","/",0); + iService = lp_add_service(service, iService); } } } @@ -201,7 +203,7 @@ int find_service(char *service) if (iService >= 0) if (!VALID_SNUM(iService)) { - DEBUG(0,("Invalid snum %d for %s\n",iService,service)); + DEBUG(0,("Invalid snum %d for %s\n",iService, service)); iService = -1; } @@ -216,7 +218,7 @@ int find_service(char *service) do some basic sainity checks on the share. This function modifies dev, ecode. ****************************************************************************/ -static NTSTATUS share_sanity_checks(int snum, char* service, char *dev) +static NTSTATUS share_sanity_checks(int snum, char* service, pstring dev) { if (!lp_snum_ok(snum) || @@ -229,7 +231,7 @@ static NTSTATUS share_sanity_checks(int snum, char* service, char *dev) if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) pstrcpy(dev,"IPC"); - if (*dev == '?' || !*dev) { + if (dev[0] == '?' || !dev[0]) { if (lp_print_ok(snum)) { pstrcpy(dev,"LPT1:"); } else { @@ -318,10 +320,12 @@ static void set_admin_user(connection_struct *conn) /**************************************************************************** Make a connection to a service. + * + * @param service (May be modified to canonical form???) ****************************************************************************/ connection_struct *make_connection(char *service, DATA_BLOB password, - char *dev,uint16 vuid, NTSTATUS *status) + const char *dev, uint16 vuid, NTSTATUS *status) { int snum; struct passwd *pass = NULL; @@ -361,16 +365,19 @@ connection_struct *make_connection(char *service, DATA_BLOB password, if (validated_username(vuid)) { fstring unix_username; fstrcpy(unix_username,validated_username(vuid)); - return(make_connection(unix_username,password,dev,vuid,status)); + return make_connection(unix_username, + password,dev,vuid,status); } } else { /* Security = share. Try with current_user_info.smb_name * as the username. */ - if(*current_user_info.smb_name) { + if (* current_user_info.smb_name) { fstring unix_username; - fstrcpy(unix_username,current_user_info.smb_name); + fstrcpy(unix_username, + current_user_info.smb_name); map_username(unix_username); - return(make_connection(unix_username,password,dev,vuid,status)); + return make_connection(unix_username, + password,dev,vuid,status); } } } -- cgit From 08019e8a337c5e378ec9dfc70698adb73b9b7676 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 16 Jan 2002 23:53:10 +0000 Subject: Separate out get_user_home_dir() from get_user_home_service_dir(). Jeremy. (This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 9b6f38f2ec..b25e696c8d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -127,7 +127,7 @@ int find_service(fstring service) /* now handle the special case of a home directory */ if (iService < 0) { - char *phome_dir = get_user_home_dir(service); + char *phome_dir = get_user_service_home_dir(service); if(!phome_dir) { @@ -136,7 +136,7 @@ int find_service(fstring service) * be a Windows to unix mapped user name. */ if(map_username(service)) - phome_dir = get_user_home_dir(service); + phome_dir = get_user_service_home_dir(service); } DEBUG(3,("checking for home directory %s gave %s\n",service, -- cgit From 184cc84adab4ead8fde1b79c449ef47f23567165 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 27 Jan 2002 12:06:27 +0000 Subject: Yes, dev is an 'input/output' paramater... Andrew Bartlett (This used to be commit 8cac618174365825e8b1824f70cb42afbce5e500) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b25e696c8d..ac2e2ee548 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -218,7 +218,7 @@ int find_service(fstring service) do some basic sainity checks on the share. This function modifies dev, ecode. ****************************************************************************/ -static NTSTATUS share_sanity_checks(int snum, char* service, pstring dev) +static NTSTATUS share_sanity_checks(int snum, const char* service, pstring dev) { if (!lp_snum_ok(snum) || @@ -325,7 +325,7 @@ static void set_admin_user(connection_struct *conn) ****************************************************************************/ connection_struct *make_connection(char *service, DATA_BLOB password, - const char *dev, uint16 vuid, NTSTATUS *status) + char *dev, uint16 vuid, NTSTATUS *status) { int snum; struct passwd *pass = NULL; -- cgit From 7b671e34f599b9d27c615c1be35db4ae10ce6481 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 27 Jan 2002 12:12:22 +0000 Subject: Some more 'winbind default domain' support patches from Alexander Bokovoy . This patch is designed to remove the 'special cases' required for this support. In particular this now kills off winbind_initgroups, as it appears no longer to be required. Andrew Bartlett (This used to be commit f1d8d509766e9169d39332559162cfec249bfc70) --- source3/smbd/service.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ac2e2ee548..a9b9a9d4d9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -84,7 +84,7 @@ int add_home_service(const char *service, const char *homedir) int iHomeService; int iService; fstring new_service; - char *usr_p = NULL; + fstring domain; if (!service || !homedir) return -1; @@ -99,11 +99,7 @@ int add_home_service(const char *service, const char *homedir) * include any macros. */ - fstrcpy(new_service, service); - - if ((usr_p = strchr_m(service,*lp_winbind_separator())) != NULL) - fstrcpy(new_service, usr_p+1); - + split_domain_and_name(service, domain, new_service); lp_add_home(new_service, iHomeService, homedir); iService = lp_servicenumber(new_service); -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/smbd/service.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a9b9a9d4d9..0ae49b7adf 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1,6 +1,5 @@ /* - Unix SMB/Netbios implementation. - Version 1.9. + Unix SMB/CIFS implementation. service (connection) opening and closing Copyright (C) Andrew Tridgell 1992-1998 -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/smbd/service.c | 393 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 269 insertions(+), 124 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0ae49b7adf..9ac610ab5a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -78,12 +78,9 @@ BOOL set_current_service(connection_struct *conn,BOOL do_chdir) Add a home service. Returns the new service number or -1 if fail. ****************************************************************************/ -int add_home_service(const char *service, const char *homedir) +int add_home_service(const char *service, const char *username, const char *homedir) { int iHomeService; - int iService; - fstring new_service; - fstring domain; if (!service || !homedir) return -1; @@ -98,11 +95,19 @@ int add_home_service(const char *service, const char *homedir) * include any macros. */ - split_domain_and_name(service, domain, new_service); - lp_add_home(new_service, iHomeService, homedir); - iService = lp_servicenumber(new_service); + { + const char *p = strchr(service,*lp_winbind_separator()); + + /* We only want the 'user' part of the string */ + if (p) { + service = p + 1; + } + } + + lp_add_home(service, iHomeService, username, homedir); + + return lp_servicenumber(service); - return iService; } @@ -122,7 +127,7 @@ int find_service(fstring service) /* now handle the special case of a home directory */ if (iService < 0) { - char *phome_dir = get_user_service_home_dir(service); + char *phome_dir = get_user_home_dir(service); if(!phome_dir) { @@ -131,13 +136,13 @@ int find_service(fstring service) * be a Windows to unix mapped user name. */ if(map_username(service)) - phome_dir = get_user_service_home_dir(service); + phome_dir = get_user_home_dir(service); } DEBUG(3,("checking for home directory %s gave %s\n",service, phome_dir?phome_dir:"(NULL)")); - iService = add_home_service(service,phome_dir); + iService = add_home_service(service,service /* 'username' */, phome_dir); } /* If we still don't have a service, attempt to add it as a printer. */ @@ -213,7 +218,7 @@ int find_service(fstring service) do some basic sainity checks on the share. This function modifies dev, ecode. ****************************************************************************/ -static NTSTATUS share_sanity_checks(int snum, const char* service, pstring dev) +static NTSTATUS share_sanity_checks(int snum, pstring dev) { if (!lp_snum_ok(snum) || @@ -223,7 +228,7 @@ static NTSTATUS share_sanity_checks(int snum, const char* service, pstring dev) } /* you can only connect to the IPC$ service as an ipc device */ - if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) + if (strequal(lp_fstype(snum), "IPC")) pstrcpy(dev,"IPC"); if (dev[0] == '?' || !dev[0]) { @@ -261,24 +266,24 @@ static void set_read_only(connection_struct *conn) if (!service) return; - lp_list_copy(&list, lp_readlist(conn->service)); + str_list_copy(&list, lp_readlist(conn->service)); if (list) { - if (!lp_list_substitute(list, "%S", service)) { + if (!str_list_substitute(list, "%S", service)) { DEBUG(0, ("ERROR: read list substitution failed\n")); } if (user_in_list(conn->user, list)) conn->read_only = True; - lp_list_free(&list); + str_list_free(&list); } - lp_list_copy(&list, lp_writelist(conn->service)); + str_list_copy(&list, lp_writelist(conn->service)); if (list) { - if (!lp_list_substitute(list, "%S", service)) { + if (!str_list_substitute(list, "%S", service)) { DEBUG(0, ("ERROR: write list substitution failed\n")); } if (user_in_list(conn->user, list)) conn->read_only = False; - lp_list_free(&list); + str_list_free(&list); } } @@ -314,89 +319,26 @@ static void set_admin_user(connection_struct *conn) } /**************************************************************************** - Make a connection to a service. - * - * @param service (May be modified to canonical form???) + Make a connection, given the snum to connect to, and the vuser of the + connecting user if appropriate. ****************************************************************************/ -connection_struct *make_connection(char *service, DATA_BLOB password, - char *dev, uint16 vuid, NTSTATUS *status) +static connection_struct *make_connection_snum(int snum, user_struct *vuser, + DATA_BLOB password, + char *dev, NTSTATUS *status) { - int snum; struct passwd *pass = NULL; BOOL guest = False; BOOL force = False; connection_struct *conn; - uid_t euid; - + struct stat st; fstring user; - ZERO_STRUCT(user); - - /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */ - if (!non_root_mode() && (euid = geteuid()) != 0) { - DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot (%u)\n", (unsigned int)euid )); - smb_panic("make_connection: PANIC ERROR. Called as nonroot\n"); - } - - strlower(service); - - snum = find_service(service); - - if (snum < 0) { - if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) { - DEBUG(3,("refusing IPC connection\n")); - *status = NT_STATUS_ACCESS_DENIED; - return NULL; - } - - DEBUG(0,("%s (%s) couldn't find service %s\n", - remote_machine, client_addr(), service)); - *status = NT_STATUS_BAD_NETWORK_NAME; - return NULL; - } - - if (strequal(service,HOMES_NAME)) { - if(lp_security() != SEC_SHARE) { - if (validated_username(vuid)) { - fstring unix_username; - fstrcpy(unix_username,validated_username(vuid)); - return make_connection(unix_username, - password,dev,vuid,status); - } - } else { - /* Security = share. Try with current_user_info.smb_name - * as the username. */ - if (* current_user_info.smb_name) { - fstring unix_username; - fstrcpy(unix_username, - current_user_info.smb_name); - map_username(unix_username); - return make_connection(unix_username, - password,dev,vuid,status); - } - } - } + *user = 0; - if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, service, dev))) { + if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, dev))) { return NULL; } - /* add it as a possible user name if we - are in share mode security */ - if (lp_security() == SEC_SHARE) { - add_session_user(service); - } - - - /* shall we let them in? */ - if (!authorise_login(snum,user,password,&guest,&force,vuid)) { - DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) ); - *status = NT_STATUS_WRONG_PASSWORD; - return NULL; - } - - add_session_user(user); - conn = conn_new(); if (!conn) { DEBUG(0,("Couldn't find free connection.\n")); @@ -404,20 +346,72 @@ connection_struct *make_connection(char *service, DATA_BLOB password, return NULL; } - /* find out some info about the user */ - pass = smb_getpwnam(user,True); + if (lp_guest_only(snum)) { + char *guestname = lp_guestaccount(); + guest = True; + force = True; + pass = getpwnam_alloc(guestname); + if (!pass) { + DEBUG(0,("authorise_login: Invalid guest account %s??\n",guestname)); + conn_free(conn); + *status = NT_STATUS_NO_SUCH_USER; + return NULL; + } + fstrcpy(user,pass->pw_name); + conn->force_user = True; + string_set(&conn->user,pass->pw_name); + passwd_free(&pass); + DEBUG(3,("Guest only user %s\n",user)); + } else if (vuser) { + if (vuser->guest) { + if (!lp_guest_ok(snum)) { + DEBUG(2, ("guest user (from session setup) not permitted to access this share (%s)", lp_servicename(snum))); + conn_free(conn); + *status = NT_STATUS_ACCESS_DENIED; + return NULL; + } + } else { + if (!user_ok(vuser->user.unix_name, snum)) { + DEBUG(2, ("user '%s' (from session setup) not permitted to access this share (%s)", vuser->user.unix_name, lp_servicename(snum))); + conn_free(conn); + *status = NT_STATUS_ACCESS_DENIED; + return NULL; + } + } + conn->vuid = vuser->vuid; + conn->uid = vuser->uid; + conn->gid = vuser->gid; + string_set(&conn->user,vuser->user.unix_name); + fstrcpy(user,vuser->user.unix_name); + guest = vuser->guest; + } else if (lp_security() == SEC_SHARE) { + /* add it as a possible user name if we + are in share mode security */ + add_session_user(lp_servicename(snum)); + /* shall we let them in? */ + if (!authorise_login(snum,user,password,&guest)) { + DEBUG( 2, ( "Invalid username/password for [%s]\n", + lp_servicename(snum)) ); + conn_free(conn); + *status = NT_STATUS_WRONG_PASSWORD; + return NULL; + } + pass = Get_Pwnam(user); + conn->force_user = force; + conn->uid = pass->pw_uid; + conn->gid = pass->pw_gid; + string_set(&conn->user, pass->pw_name); + fstrcpy(user, pass->pw_name); - if (pass == NULL) { - DEBUG(0,( "Couldn't find account %s\n",user)); - *status = NT_STATUS_NO_SUCH_USER; + } else { + DEBUG(0, ("invalid VUID (vuser) but not in security=share\n")); conn_free(conn); + *status = NT_STATUS_ACCESS_DENIED; return NULL; } - conn->force_user = force; - conn->vuid = vuid; - conn->uid = pass->pw_uid; - conn->gid = pass->pw_gid; + add_session_user(user); + safe_strcpy(conn->client_address, client_addr(), sizeof(conn->client_address)-1); conn->num_files_open = 0; @@ -450,18 +444,21 @@ connection_struct *make_connection(char *service, DATA_BLOB password, pstrcpy(fuser,lp_force_user(snum)); /* Allow %S to be used by force user. */ - pstring_sub(fuser,"%S",service); + pstring_sub(fuser,"%S",lp_servicename(snum)); - pass2 = (struct passwd *)Get_Pwnam_Modify(fuser); + pass2 = (struct passwd *)Get_Pwnam(fuser); if (pass2) { conn->uid = pass2->pw_uid; conn->gid = pass2->pw_gid; - string_set(&conn->user,fuser); - fstrcpy(user,fuser); + string_set(&conn->user,pass2->pw_name); + fstrcpy(user,pass2->pw_name); conn->force_user = True; - DEBUG(3,("Forced user %s\n",fuser)); + DEBUG(3,("Forced user %s\n",user)); } else { DEBUG(1,("Couldn't find user %s\n",fuser)); + conn_free(conn); + *status = NT_STATUS_NO_SUCH_USER; + return NULL; } } @@ -483,7 +480,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, BOOL user_must_be_member = False; StrnCpy(tmp_gname,lp_force_group(snum),sizeof(pstring)-1); - + if (tmp_gname[0] == '+') { user_must_be_member = True; StrnCpy(gname,&tmp_gname[1],sizeof(pstring)-2); @@ -491,7 +488,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, StrnCpy(gname,tmp_gname,sizeof(pstring)-1); } /* default service may be a group name */ - pstring_sub(gname,"%S",service); + pstring_sub(gname,"%S",lp_servicename(snum)); gid = nametogid(gname); if (gid != (gid_t)-1) { @@ -512,6 +509,9 @@ connection_struct *make_connection(char *service, DATA_BLOB password, } } else { DEBUG(1,("Couldn't find group %s\n",gname)); + conn_free(conn); + *status = NT_STATUS_NO_SUCH_GROUP; + return NULL; } } #endif /* HAVE_GETGRNAM */ @@ -519,7 +519,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, { pstring s; pstrcpy(s,lp_pathname(snum)); - standard_sub_conn(conn,s); + standard_sub_conn(conn,s,sizeof(s)); string_set(&conn->connectpath,s); DEBUG(3,("Connect path is %s\n",s)); } @@ -531,7 +531,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, /* Find all the groups this uid is in and store them. Used by change_to_user() */ initialise_groups(conn->user, conn->uid, conn->gid); - get_current_groups(&conn->ngroups,&conn->groups); + get_current_groups(conn->gid, &conn->ngroups,&conn->groups); conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups, @@ -544,15 +544,15 @@ connection_struct *make_connection(char *service, DATA_BLOB password, */ { - BOOL can_write = share_access_check(conn, snum, vuid, FILE_WRITE_DATA); + BOOL can_write = share_access_check(conn, snum, vuser, FILE_WRITE_DATA); if (!can_write) { - if (!share_access_check(conn, snum, vuid, FILE_READ_DATA)) { + if (!share_access_check(conn, snum, vuser, FILE_READ_DATA)) { /* No access, read or write. */ - *status = NT_STATUS_ACCESS_DENIED; DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n", - service )); + lp_servicename(snum))); conn_free(conn); + *status = NT_STATUS_ACCESS_DENIED; return NULL; } else { conn->read_only = True; @@ -564,6 +564,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, if (!smbd_vfs_init(conn)) { DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn)))); conn_free(conn); + *status = NT_STATUS_UNSUCCESSFUL; return NULL; } @@ -574,8 +575,8 @@ connection_struct *make_connection(char *service, DATA_BLOB password, lp_max_connections(SNUM(conn)), False)) { DEBUG(1,("too many connections - rejected\n")); - *status = NT_STATUS_INSUFFICIENT_RESOURCES; conn_free(conn); + *status = NT_STATUS_INSUFFICIENT_RESOURCES; return NULL; } @@ -585,7 +586,7 @@ connection_struct *make_connection(char *service, DATA_BLOB password, int ret; pstring cmd; pstrcpy(cmd,lp_rootpreexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); DEBUG(5,("cmd=%s\n",cmd)); ret = smbrun(cmd,NULL); if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { @@ -605,16 +606,16 @@ connection_struct *make_connection(char *service, DATA_BLOB password, *status = NT_STATUS_LOGON_FAILURE; return NULL; } - + /* Remember that a different vuid can connect later without these checks... */ - + /* Preexecs are done here as they might make the dir we are to ChDir to below */ /* execute any "preexec = " line */ if (*lp_preexec(SNUM(conn))) { int ret; pstring cmd; pstrcpy(cmd,lp_preexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); ret = smbrun(cmd,NULL); if (ret != 0 && lp_preexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); @@ -625,7 +626,12 @@ connection_struct *make_connection(char *service, DATA_BLOB password, return NULL; } } - + +#if CHECK_PATH_ON_TCONX + /* win2000 does not check the permissions on the directory + during the tree connect, instead relying on permission + check during individual operations. To match this behaviour + I have disabled this chdir check (tridge) */ if (vfs_ChDir(conn,conn->connectpath) != 0) { DEBUG(0,("%s (%s) Can't change directory to %s (%s)\n", remote_machine, conn->client_address, @@ -636,12 +642,23 @@ connection_struct *make_connection(char *service, DATA_BLOB password, *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } +#else + /* the alternative is just to check the directory exists */ + if (stat(conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) { + DEBUG(0,("%s is not a directory\n", conn->connectpath)); + change_to_root_user(); + yield_connection(conn, lp_servicename(SNUM(conn))); + conn_free(conn); + *status = NT_STATUS_BAD_NETWORK_NAME; + return NULL; + } +#endif string_set(&conn->origpath,conn->connectpath); #if SOFTLINK_OPTIMISATION - /* resolve any soft links early */ - { + /* resolve any soft links early if possible */ + if (vfs_ChDir(conn,conn->connectpath) == 0) { pstring s; pstrcpy(s,conn->connectpath); vfs_GetWd(conn,s); @@ -674,11 +691,11 @@ connection_struct *make_connection(char *service, DATA_BLOB password, /* Invoke VFS make connection hook */ if (conn->vfs_ops.connect) { - if (conn->vfs_ops.connect(conn, service, user) < 0) { + if (conn->vfs_ops.connect(conn, lp_servicename(snum), user) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); - *status = NT_STATUS_UNSUCCESSFUL; change_to_root_user(); conn_free(conn); + *status = NT_STATUS_UNSUCCESSFUL; return NULL; } } @@ -689,6 +706,130 @@ connection_struct *make_connection(char *service, DATA_BLOB password, return(conn); } +/*************************************************************************************** + Simple wrapper function for make_connection() to include a call to + vfs_chdir() + **************************************************************************************/ + +connection_struct *make_connection_with_chdir(const char *service_in, DATA_BLOB password, + char *dev, uint16 vuid, NTSTATUS *status) +{ + connection_struct *conn = NULL; + + conn = make_connection(service_in, password, dev, vuid, status); + + /* + * make_connection() does not change the directory for us any more + * so we have to do it as a separate step --jerry + */ + + if ( conn && vfs_ChDir(conn,conn->connectpath) != 0 ) { + DEBUG(0,("move_driver_to_download_area: Can't change directory to %s for [print$] (%s)\n", + conn->connectpath,strerror(errno))); + yield_connection(conn, lp_servicename(SNUM(conn))); + conn_free(conn); + *status = NT_STATUS_UNSUCCESSFUL; + return NULL; + } + + return conn; +} + +/**************************************************************************** + Make a connection to a service. + * + * @param service +****************************************************************************/ + +connection_struct *make_connection(const char *service_in, DATA_BLOB password, + char *dev, uint16 vuid, NTSTATUS *status) +{ + uid_t euid; + user_struct *vuser = NULL; + pstring service; + int snum = -1; + + /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */ + if (!non_root_mode() && (euid = geteuid()) != 0) { + DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot (%u)\n", (unsigned int)euid )); + smb_panic("make_connection: PANIC ERROR. Called as nonroot\n"); + } + + if(lp_security() != SEC_SHARE) { + vuser = get_valid_user_struct(vuid); + if (!vuser) { + DEBUG(1,("make_connection: refusing to connect with no session setup\n")); + return NULL; + } + } + + /* Logic to try and connect to the correct [homes] share, preferably without too many + getpwnam() lookups. This is particulary nasty for winbind usernames, where the + share name isn't the same as unix username. + + The snum of the homes share is stored on the vuser at session setup time. + */ + + if (strequal(service_in,HOMES_NAME)) { + if(lp_security() != SEC_SHARE) { + DATA_BLOB no_pw = data_blob(NULL, 0); + if (vuser->homes_snum != -1) { + DEBUG(5, ("making a connection to [homes] service created at session setup time\n")); + return make_connection_snum(vuser->homes_snum, + vuser, no_pw, + dev, status); + } + } else { + /* Security = share. Try with current_user_info.smb_name + * as the username. */ + if (*current_user_info.smb_name) { + fstring unix_username; + fstrcpy(unix_username, + current_user_info.smb_name); + map_username(unix_username); + snum = find_service(unix_username); + } + if (snum != -1) { + DEBUG(5, ("making a connection to 'homes' service %s based on security=share\n", service_in)); + return make_connection_snum(snum, NULL, + password, + dev, status); + } + } + } else if ((lp_security() != SEC_SHARE) && (vuser->homes_snum != -1) + && strequal(service, lp_servicename(vuser->homes_snum))) { + DATA_BLOB no_pw = data_blob(NULL, 0); + DEBUG(5, ("making a connection to 'homes' service [%s] created at session setup time\n", service)); + return make_connection_snum(vuser->homes_snum, + vuser, no_pw, + dev, status); + } + + pstrcpy(service, service_in); + + strlower(service); + + snum = find_service(service); + + if (snum < 0) { + if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) { + DEBUG(3,("refusing IPC connection to %s\n", service)); + *status = NT_STATUS_ACCESS_DENIED; + return NULL; + } + + DEBUG(0,("%s (%s) couldn't find service %s\n", + remote_machine, client_addr(), service)); + *status = NT_STATUS_BAD_NETWORK_NAME; + return NULL; + } + + DEBUG(5, ("making a connection to 'normal' service %s\n", service)); + + return make_connection_snum(snum, vuser, + password, + dev, status); +} /**************************************************************************** close a cnum @@ -721,7 +862,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) change_to_user(conn, vuid)) { pstring cmd; pstrcpy(cmd,lp_postexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); smbrun(cmd,NULL); change_to_root_user(); } @@ -731,8 +872,12 @@ void close_cnum(connection_struct *conn, uint16 vuid) if (*lp_rootpostexec(SNUM(conn))) { pstring cmd; pstrcpy(cmd,lp_rootpostexec(SNUM(conn))); - standard_sub_conn(conn,cmd); + standard_sub_conn(conn,cmd,sizeof(cmd)); smbrun(cmd,NULL); } + + /* make sure we leave the directory available for unmount */ + vfs_ChDir(conn, "/"); + conn_free(conn); } -- cgit From 127e77e6e334fdc33086bffcbe00d340c0ba0097 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 17 Aug 2002 15:27:10 +0000 Subject: Sync 3.0 branch with head (This used to be commit 42615b945e2e48e53a21ea47f2e45407913a6a1e) --- source3/smbd/service.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 9ac610ab5a..6f83a2d3b7 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -27,9 +27,7 @@ extern BOOL short_case_preserve; extern BOOL case_mangle; extern BOOL case_sensitive; extern BOOL use_mangled_map; -extern fstring remote_machine; extern userdom_struct current_user_info; -extern fstring remote_machine; /**************************************************************************** @@ -104,7 +102,9 @@ int add_home_service(const char *service, const char *username, const char *home } } - lp_add_home(service, iHomeService, username, homedir); + if (!lp_add_home(service, iHomeService, username, homedir)) { + return -1; + } return lp_servicenumber(service); @@ -347,7 +347,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } if (lp_guest_only(snum)) { - char *guestname = lp_guestaccount(); + const char *guestname = lp_guestaccount(); guest = True; force = True; pass = getpwnam_alloc(guestname); @@ -521,7 +521,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, pstrcpy(s,lp_pathname(snum)); standard_sub_conn(conn,s,sizeof(s)); string_set(&conn->connectpath,s); - DEBUG(3,("Connect path is %s\n",s)); + DEBUG(3,("Connect path is '%s' for service [%s]\n",s, lp_servicename(snum))); } /* groups stuff added by ih */ @@ -634,7 +634,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, I have disabled this chdir check (tridge) */ if (vfs_ChDir(conn,conn->connectpath) != 0) { DEBUG(0,("%s (%s) Can't change directory to %s (%s)\n", - remote_machine, conn->client_address, + get_remote_machine_name(), conn->client_address, conn->connectpath,strerror(errno))); change_to_root_user(); yield_connection(conn, lp_servicename(SNUM(conn))); @@ -645,7 +645,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, #else /* the alternative is just to check the directory exists */ if (stat(conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) { - DEBUG(0,("%s is not a directory\n", conn->connectpath)); + DEBUG(0,("'%s' is not a directory, when connecting to [%s]\n", conn->connectpath, lp_servicename(SNUM(conn)))); change_to_root_user(); yield_connection(conn, lp_servicename(SNUM(conn))); conn_free(conn); @@ -674,7 +674,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) { - dbgtext( "%s (%s) ", remote_machine, conn->client_address ); + dbgtext( "%s (%s) ", get_remote_machine_name(), conn->client_address ); dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) ); dbgtext( "initially as user %s ", user ); dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() ); @@ -759,6 +759,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, vuser = get_valid_user_struct(vuid); if (!vuser) { DEBUG(1,("make_connection: refusing to connect with no session setup\n")); + *status = NT_STATUS_ACCESS_DENIED; return NULL; } } @@ -773,12 +774,15 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, if (strequal(service_in,HOMES_NAME)) { if(lp_security() != SEC_SHARE) { DATA_BLOB no_pw = data_blob(NULL, 0); - if (vuser->homes_snum != -1) { - DEBUG(5, ("making a connection to [homes] service created at session setup time\n")); - return make_connection_snum(vuser->homes_snum, - vuser, no_pw, - dev, status); + if (vuser->homes_snum == -1) { + DEBUG(2, ("[homes] share not available for this user becouse it was not found or created at session setup time\n")); + *status = NT_STATUS_BAD_NETWORK_NAME; + return NULL; } + DEBUG(5, ("making a connection to [homes] service created at session setup time\n")); + return make_connection_snum(vuser->homes_snum, + vuser, no_pw, + dev, status); } else { /* Security = share. Try with current_user_info.smb_name * as the username. */ @@ -797,7 +801,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, } } } else if ((lp_security() != SEC_SHARE) && (vuser->homes_snum != -1) - && strequal(service, lp_servicename(vuser->homes_snum))) { + && strequal(service_in, lp_servicename(vuser->homes_snum))) { DATA_BLOB no_pw = data_blob(NULL, 0); DEBUG(5, ("making a connection to 'homes' service [%s] created at session setup time\n", service)); return make_connection_snum(vuser->homes_snum, @@ -819,7 +823,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, } DEBUG(0,("%s (%s) couldn't find service %s\n", - remote_machine, client_addr(), service)); + get_remote_machine_name(), client_addr(), service)); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } @@ -841,7 +845,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) change_to_root_user(); DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n", - remote_machine,conn->client_address, + get_remote_machine_name(),conn->client_address, lp_servicename(SNUM(conn)))); if (conn->vfs_ops.disconnect != NULL) { -- cgit From a834a73e341059be154426390304a42e4a011f72 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 25 Sep 2002 15:19:00 +0000 Subject: sync'ing up for 3.0alpha20 release (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139) --- source3/smbd/service.c | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 6f83a2d3b7..a8a590da80 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -305,6 +305,7 @@ static void set_admin_user(connection_struct *conn) #endif ) { conn->admin_user = True; + conn->force_user = True; /* Admin users are effectivly 'forced' */ DEBUG(0,("%s logged in as admin user (root privileges)\n",conn->user)); } else { conn->admin_user = False; @@ -329,7 +330,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, { struct passwd *pass = NULL; BOOL guest = False; - BOOL force = False; connection_struct *conn; struct stat st; fstring user; @@ -349,7 +349,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (lp_guest_only(snum)) { const char *guestname = lp_guestaccount(); guest = True; - force = True; pass = getpwnam_alloc(guestname); if (!pass) { DEBUG(0,("authorise_login: Invalid guest account %s??\n",guestname)); @@ -397,7 +396,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } pass = Get_Pwnam(user); - conn->force_user = force; + conn->force_user = True; conn->uid = pass->pw_uid; conn->gid = pass->pw_gid; string_set(&conn->user, pass->pw_name); @@ -434,7 +433,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* * If force user is true, then store the - * given userid and also the primary groupid + * given userid and also the groups * of the user we're forcing. */ @@ -492,6 +491,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, gid = nametogid(gname); if (gid != (gid_t)-1) { + /* * If the user has been forced and the forced group starts * with a '+', then we only set the group to be the forced @@ -507,6 +507,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->gid = gid; DEBUG(3,("Forced group %s\n",gname)); } + conn->force_group = True; } else { DEBUG(1,("Couldn't find group %s\n",gname)); conn_free(conn); @@ -524,23 +525,27 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, DEBUG(3,("Connect path is '%s' for service [%s]\n",s, lp_servicename(snum))); } - /* groups stuff added by ih */ - conn->ngroups = 0; - conn->groups = NULL; - - /* Find all the groups this uid is in and - store them. Used by change_to_user() */ - initialise_groups(conn->user, conn->uid, conn->gid); - get_current_groups(conn->gid, &conn->ngroups,&conn->groups); + if (conn->force_user || conn->force_group) { + + /* groups stuff added by ih */ + conn->ngroups = 0; + conn->groups = NULL; + + /* Find all the groups this uid is in and + store them. Used by change_to_user() */ + initialise_groups(conn->user, conn->uid, conn->gid); + get_current_groups(conn->gid, &conn->ngroups,&conn->groups); - conn->nt_user_token = create_nt_token(conn->uid, conn->gid, - conn->ngroups, conn->groups, - guest, NULL); + conn->nt_user_token = create_nt_token(conn->uid, conn->gid, + conn->ngroups, conn->groups, + guest); + } /* * New code to check if there's a share security descripter * added from NT server manager. This is done after the * smb.conf checks are done as we need a uid and token. JRA. + * */ { @@ -573,7 +578,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (!claim_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn)), - False)) { + False,0)) { DEBUG(1,("too many connections - rejected\n")); conn_free(conn); *status = NT_STATUS_INSUFFICIENT_RESOURCES; @@ -803,7 +808,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, } else if ((lp_security() != SEC_SHARE) && (vuser->homes_snum != -1) && strequal(service_in, lp_servicename(vuser->homes_snum))) { DATA_BLOB no_pw = data_blob(NULL, 0); - DEBUG(5, ("making a connection to 'homes' service [%s] created at session setup time\n", service)); + DEBUG(5, ("making a connection to 'homes' service [%s] created at session setup time\n", service_in)); return make_connection_snum(vuser->homes_snum, vuser, no_pw, dev, status); -- cgit From 2f194322d419350f35a48dff750066894d68eccf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 12 Nov 2002 23:20:50 +0000 Subject: Removed global_myworkgroup, global_myname, global_myscope. Added liberal dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a8a590da80..16e0ad4160 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -271,7 +271,7 @@ static void set_read_only(connection_struct *conn) if (!str_list_substitute(list, "%S", service)) { DEBUG(0, ("ERROR: read list substitution failed\n")); } - if (user_in_list(conn->user, list)) + if (user_in_list(conn->user, (const char **)list)) conn->read_only = True; str_list_free(&list); } @@ -281,7 +281,7 @@ static void set_read_only(connection_struct *conn) if (!str_list_substitute(list, "%S", service)) { DEBUG(0, ("ERROR: write list substitution failed\n")); } - if (user_in_list(conn->user, list)) + if (user_in_list(conn->user, (const char **)list)) conn->read_only = False; str_list_free(&list); } -- cgit From ae94f2eaa5bf01e0f4b40883b0782ae3fa1086d9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 18 Nov 2002 06:12:47 +0000 Subject: Samba janitor... Merging tridge's change to 3.0. Original commit message : the change in the way %U is handled to use current_user has broken some basic usages like 'include = smb.conf.%U' This changes fixes things again, by checking for reload after we setup current_user in tconx. (This used to be commit 64b2243ccd984e0d69d8bb7421d43f1f1f84b017) --- source3/smbd/service.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 16e0ad4160..fe55345938 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -611,6 +611,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *status = NT_STATUS_LOGON_FAILURE; return NULL; } + + /* the %U substitution may have changed */ + reload_services(True); /* Remember that a different vuid can connect later without these checks... */ -- cgit From 91b7ac9fb955124263d0e86801db972590dabfb9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 20 Nov 2002 00:53:24 +0000 Subject: merged the %U changes to 3.0 (This used to be commit 58fa6bfee8ba35cc182c18c980e0a4040ddd7d09) --- source3/smbd/service.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index fe55345938..1f168dd3ff 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -612,9 +612,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } - /* the %U substitution may have changed */ - reload_services(True); - /* Remember that a different vuid can connect later without these checks... */ /* Preexecs are done here as they might make the dir we are to ChDir to below */ -- cgit From 6b7f50594b56a1357b1c95a974e4750d7390cc17 Mon Sep 17 00:00:00 2001 From: Shirish Kalele Date: Fri, 27 Dec 2002 23:03:22 +0000 Subject: Add check to prevent non-Dfs clients from connecting to an msdfs proxy. (This used to be commit 2a665ab60a07fd64665cb791e6616479f3239cbb) --- source3/smbd/service.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 1f168dd3ff..d00c908a1a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -833,6 +833,13 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, return NULL; } + /* Handle non-Dfs clients attempting connections to msdfs proxy */ + if (lp_host_msdfs() && (*lp_msdfs_proxy(snum) != '\0')) { + DEBUG(3, ("refusing connection to dfs proxy '%s'\n", service)); + *status = NT_STATUS_BAD_NETWORK_NAME; + return NULL; + } + DEBUG(5, ("making a connection to 'normal' service %s\n", service)); return make_connection_snum(snum, vuser, -- cgit From 0ba7c143b32da62ee83e5757f6933ab8be000ffd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 6 Jan 2003 07:40:39 +0000 Subject: Merge from HEAD - handle VFS module load failures, change some error returns to avoid sending NT_STATUS_UNSUCCESSFUL. Andrew Bartlett (This used to be commit 7b95151ddcb1e4abd592e72d509ec24c5d160511) --- source3/smbd/service.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index d00c908a1a..dd427c2ae8 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -569,7 +569,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (!smbd_vfs_init(conn)) { DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn)))); conn_free(conn); - *status = NT_STATUS_UNSUCCESSFUL; + *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } @@ -598,7 +598,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, DEBUG(1,("root preexec gave %d - failing connection\n", ret)); yield_connection(conn, lp_servicename(SNUM(conn))); conn_free(conn); - *status = NT_STATUS_UNSUCCESSFUL; + *status = NT_STATUS_ACCESS_DENIED; return NULL; } } @@ -627,7 +627,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, change_to_root_user(); yield_connection(conn, lp_servicename(SNUM(conn))); conn_free(conn); - *status = NT_STATUS_UNSUCCESSFUL; + *status = NT_STATUS_ACCESS_DENIED; return NULL; } } -- cgit From 99cdb462083381c88689a4e698ca48b6ed4cf5ac Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 15 Jan 2003 18:57:41 +0000 Subject: *lots of small merges form HEAD *sync up configure.in *don't build torture tools in make all *make sure to remove torture tools as part of make clean (This used to be commit 0fb724b3216eeeb97e61ff12755ca3a31bcad6ef) --- source3/smbd/service.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index dd427c2ae8..2a41a6db1c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -155,7 +155,7 @@ int find_service(fstring service) char *pszTemp; DEBUG(3,("checking whether %s is a valid printer name...\n", service)); - pszTemp = PRINTCAP; + pszTemp = lp_printcapname(); if ((pszTemp != NULL) && pcap_printername_ok(service, pszTemp)) { DEBUG(3,("%s is a valid printer name\n", service)); @@ -751,7 +751,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, { uid_t euid; user_struct *vuser = NULL; - pstring service; + fstring service; int snum = -1; /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */ @@ -814,7 +814,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, dev, status); } - pstrcpy(service, service_in); + fstrcpy(service, service_in); strlower(service); -- cgit From e72ecdc862804339912325fe848401e8ec57cde7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 24 Feb 2003 02:35:54 +0000 Subject: Merge of server-side authentication changes to 3.0: - user_ok() and user_in_group() now take a list of groups, instead of looking for the user in the members of all groups. - The 'server_info' returned from the authentication is now kept around - in future we won't copy the sesion key, username etc, we will just referece them directly. - rhosts upgraded to use the SAM if possible, otherwise fake up based on getpwnam(). - auth_util code to deal with groups upgraded to deal with non-winbind domain members again. Andrew Bartlett (This used to be commit 74b5436c75114170ce7c780c19226103d0df9060) --- source3/smbd/service.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2a41a6db1c..1c7e4017b0 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -258,7 +258,7 @@ static NTSTATUS share_sanity_checks(int snum, pstring dev) /**************************************************************************** readonly share? ****************************************************************************/ -static void set_read_only(connection_struct *conn) +static void set_read_only(connection_struct *conn, gid_t *groups, size_t n_groups) { char **list; char *service = lp_servicename(conn->service); @@ -271,7 +271,7 @@ static void set_read_only(connection_struct *conn) if (!str_list_substitute(list, "%S", service)) { DEBUG(0, ("ERROR: read list substitution failed\n")); } - if (user_in_list(conn->user, (const char **)list)) + if (user_in_list(conn->user, (const char **)list, groups, n_groups)) conn->read_only = True; str_list_free(&list); } @@ -281,7 +281,7 @@ static void set_read_only(connection_struct *conn) if (!str_list_substitute(list, "%S", service)) { DEBUG(0, ("ERROR: write list substitution failed\n")); } - if (user_in_list(conn->user, (const char **)list)) + if (user_in_list(conn->user, (const char **)list, groups, n_groups)) conn->read_only = False; str_list_free(&list); } @@ -291,7 +291,7 @@ static void set_read_only(connection_struct *conn) /**************************************************************************** admin user check ****************************************************************************/ -static void set_admin_user(connection_struct *conn) +static void set_admin_user(connection_struct *conn, gid_t *groups, size_t n_groups) { /* admin user check */ @@ -299,7 +299,7 @@ static void set_admin_user(connection_struct *conn) marked read_only. Changed as I don't think this is needed, but old code left in case there is a problem here. */ - if (user_in_list(conn->user,lp_admin_users(conn->service)) + if (user_in_list(conn->user,lp_admin_users(conn->service), groups, n_groups) #if 0 && !conn->read_only #endif @@ -364,14 +364,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } else if (vuser) { if (vuser->guest) { if (!lp_guest_ok(snum)) { - DEBUG(2, ("guest user (from session setup) not permitted to access this share (%s)", lp_servicename(snum))); + DEBUG(2, ("guest user (from session setup) not permitted to access this share (%s)\n", lp_servicename(snum))); conn_free(conn); *status = NT_STATUS_ACCESS_DENIED; return NULL; } } else { - if (!user_ok(vuser->user.unix_name, snum)) { - DEBUG(2, ("user '%s' (from session setup) not permitted to access this share (%s)", vuser->user.unix_name, lp_servicename(snum))); + if (!user_ok(vuser->user.unix_name, snum, vuser->groups, vuser->n_groups)) { + DEBUG(2, ("user '%s' (from session setup) not permitted to access this share (%s)\n", vuser->user.unix_name, lp_servicename(snum))); conn_free(conn); *status = NT_STATUS_ACCESS_DENIED; return NULL; @@ -427,9 +427,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, string_set(&conn->user,user); conn->nt_user_token = NULL; - set_read_only(conn); + set_read_only(conn, vuser ? vuser->groups : NULL, vuser ? vuser->n_groups : 0); - set_admin_user(conn); + set_admin_user(conn, vuser ? vuser->groups : NULL, vuser ? vuser->n_groups : 0); /* * If force user is true, then store the @@ -499,7 +499,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, * Otherwise, the meaning of the '+' would be ignored. */ if (conn->force_user && user_must_be_member) { - if (user_in_group_list( user, gname )) { + if (user_in_group_list( user, gname, NULL, 0)) { conn->gid = gid; DEBUG(3,("Forced group %s for member %s\n",gname,user)); } -- cgit From 4e8d7b3e8ed045f6a110889c5e31f2c5170b68a7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 18 Mar 2003 23:49:03 +0000 Subject: Ensure dev in make_connection is const. Jeremy. (This used to be commit 1c6ea31b8f48b93606f4c5b6a0472571dc8a471e) --- source3/smbd/service.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 1c7e4017b0..0f178b8ffc 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -218,7 +218,7 @@ int find_service(fstring service) do some basic sainity checks on the share. This function modifies dev, ecode. ****************************************************************************/ -static NTSTATUS share_sanity_checks(int snum, pstring dev) +static NTSTATUS share_sanity_checks(int snum, fstring dev) { if (!lp_snum_ok(snum) || @@ -326,14 +326,17 @@ static void set_admin_user(connection_struct *conn, gid_t *groups, size_t n_grou static connection_struct *make_connection_snum(int snum, user_struct *vuser, DATA_BLOB password, - char *dev, NTSTATUS *status) + const char *pdev, NTSTATUS *status) { struct passwd *pass = NULL; BOOL guest = False; connection_struct *conn; struct stat st; fstring user; + fstring dev; + *user = 0; + fstrcpy(dev, pdev); if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, dev))) { return NULL; @@ -717,7 +720,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, **************************************************************************************/ connection_struct *make_connection_with_chdir(const char *service_in, DATA_BLOB password, - char *dev, uint16 vuid, NTSTATUS *status) + const char *dev, uint16 vuid, NTSTATUS *status) { connection_struct *conn = NULL; @@ -747,12 +750,15 @@ connection_struct *make_connection_with_chdir(const char *service_in, DATA_BLOB ****************************************************************************/ connection_struct *make_connection(const char *service_in, DATA_BLOB password, - char *dev, uint16 vuid, NTSTATUS *status) + const char *pdev, uint16 vuid, NTSTATUS *status) { uid_t euid; user_struct *vuser = NULL; fstring service; + fstring dev; int snum = -1; + + fstrcpy(dev, pdev); /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */ if (!non_root_mode() && (euid = geteuid()) != 0) { -- cgit From 7e958f092a146190e7899482f26e13b480f83986 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 19 Mar 2003 02:01:11 +0000 Subject: Doin't pstrcpy into fstring. Jeremy. (This used to be commit e619c50834a06b3026dc6b8603d1f88268bbdbc1) --- source3/smbd/service.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0f178b8ffc..a5e1ec4e93 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -229,13 +229,13 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) /* you can only connect to the IPC$ service as an ipc device */ if (strequal(lp_fstype(snum), "IPC")) - pstrcpy(dev,"IPC"); + fstrcpy(dev,"IPC"); if (dev[0] == '?' || !dev[0]) { if (lp_print_ok(snum)) { - pstrcpy(dev,"LPT1:"); + fstrcpy(dev,"LPT1:"); } else { - pstrcpy(dev,"A:"); + fstrcpy(dev,"A:"); } } @@ -248,7 +248,7 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) /* Behave as a printer if we are supposed to */ if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) { - pstrcpy(dev, "LPT1:"); + fstrcpy(dev, "LPT1:"); } return NT_STATUS_OK; -- cgit From 5fd03bffd3754c1f7ac2a63bcd14afd850a2e45c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 30 Mar 2003 16:37:10 +0000 Subject: This changes our handling of invalid service types that the client requested on tconx. We now return the same error code like NT4SP6 and W2kSP3 return. TCONDEV is a little test for this. Volker (This used to be commit 6f94ab8ed50ad171f25e9538417c5074feba164d) --- source3/smbd/service.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a5e1ec4e93..080e2f76df 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -227,22 +227,27 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) return NT_STATUS_ACCESS_DENIED; } - /* you can only connect to the IPC$ service as an ipc device */ - if (strequal(lp_fstype(snum), "IPC")) - fstrcpy(dev,"IPC"); - if (dev[0] == '?' || !dev[0]) { if (lp_print_ok(snum)) { fstrcpy(dev,"LPT1:"); + } else if (strequal(lp_fstype(snum), "IPC")) { + fstrcpy(dev, "IPC"); } else { fstrcpy(dev,"A:"); } } - /* if the request is as a printer and you can't print then refuse */ strupper(dev); - if (!lp_print_ok(snum) && (strncmp(dev,"LPT",3) == 0)) { - DEBUG(1,("Attempt to connect to non-printer as a printer\n")); + + if (lp_print_ok(snum)) { + if (!strequal(dev, "LPT:")) { + return NT_STATUS_BAD_DEVICE_TYPE; + } + } else if (strequal(lp_fstype(snum), "IPC")) { + if (!strequal(dev, "IPC")) { + return NT_STATUS_BAD_DEVICE_TYPE; + } + } else if (!strequal(dev, "A:")) { return NT_STATUS_BAD_DEVICE_TYPE; } -- cgit From 9bf3d3cb039d5304a70d1844b262c23489aa3227 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 9 Apr 2003 22:34:30 +0000 Subject: Fix from Steve Langasek for non-RPC printing. Jeremy. (This used to be commit cfbd02b170ab7d9c5c9cc9dbab0a094faa15c518) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 080e2f76df..eee17eda8c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -229,7 +229,7 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) if (dev[0] == '?' || !dev[0]) { if (lp_print_ok(snum)) { - fstrcpy(dev,"LPT1:"); + fstrcpy(dev,"LPT:"); } else if (strequal(lp_fstype(snum), "IPC")) { fstrcpy(dev, "IPC"); } else { @@ -253,7 +253,7 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) /* Behave as a printer if we are supposed to */ if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) { - fstrcpy(dev, "LPT1:"); + fstrcpy(dev, "LPT:"); } return NT_STATUS_OK; -- cgit From 14e03aed2970d75cba216741d74363fc353955d2 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 11 Apr 2003 23:28:15 +0000 Subject: cleanup lanman printing= for win98; device type is LPT1:; patch by Steve L. (This used to be commit 36d62e5667f3b9e39362fb3907bf69697fca3ea6) --- source3/smbd/service.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index eee17eda8c..67eea806c4 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -229,7 +229,7 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) if (dev[0] == '?' || !dev[0]) { if (lp_print_ok(snum)) { - fstrcpy(dev,"LPT:"); + fstrcpy(dev,"LPT1:"); } else if (strequal(lp_fstype(snum), "IPC")) { fstrcpy(dev, "IPC"); } else { @@ -240,7 +240,7 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) strupper(dev); if (lp_print_ok(snum)) { - if (!strequal(dev, "LPT:")) { + if (!strequal(dev, "LPT1:")) { return NT_STATUS_BAD_DEVICE_TYPE; } } else if (strequal(lp_fstype(snum), "IPC")) { @@ -253,7 +253,7 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) /* Behave as a printer if we are supposed to */ if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) { - fstrcpy(dev, "LPT:"); + fstrcpy(dev, "LPT1:"); } return NT_STATUS_OK; -- cgit From bdb7a74419356f4b6064d928636c8f295e8b7230 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 14 Apr 2003 03:48:26 +0000 Subject: Whitespace syncup. (This used to be commit 8fe5bab565cdcf498e4d0f5cca31f799d249e3b3) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 67eea806c4..18a92bc82f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -762,7 +762,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, fstring service; fstring dev; int snum = -1; - + fstrcpy(dev, pdev); /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */ -- cgit From 2a3a9f0bf43c3bf99a71f7296bb5ff6199893fea Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 23 Apr 2003 13:27:35 +0000 Subject: Merge the 'safe' parts of my StrnCpy patch - many of the users really wanted a pstrcpy/fstrcpy or at most a safe_strcpy(). These have the advantage of being compiler-verifiable. Get these out of the way, along with a rewrite of 'get_short_archi' in the spoolss client and server. (This pushes around const string pointers, rather than copied strings). Andrew Bartlett (This used to be commit 32fb801ddc035e8971e9911ed4b6e51892e9d1cc) --- source3/smbd/service.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 18a92bc82f..cfb5e0e414 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -486,13 +486,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, pstring tmp_gname; BOOL user_must_be_member = False; - StrnCpy(tmp_gname,lp_force_group(snum),sizeof(pstring)-1); + pstrcpy(tmp_gname,lp_force_group(snum)); if (tmp_gname[0] == '+') { user_must_be_member = True; - StrnCpy(gname,&tmp_gname[1],sizeof(pstring)-2); + /* even now, tmp_gname is null terminated */ + pstrcpy(gname,&tmp_gname[1]); } else { - StrnCpy(gname,tmp_gname,sizeof(pstring)-1); + pstrcpy(gname,tmp_gname); } /* default service may be a group name */ pstring_sub(gname,"%S",lp_servicename(snum)); -- cgit From e7c8c15888454043c73967635deb4d3419a489e9 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Sun, 11 May 2003 23:34:18 +0000 Subject: Fix VFS layer: 1. Finally work with cascaded modules with private data storage per module 2. Convert VFS API to macro calls to simplify cascading 3. Add quota support to VFS layer (prepare to NT quota support) Patch by Stefan (metze) Metzemacher, with review of Jelmer and me Tested in past few weeks. Documentation to new VFS API for third-party developers to follow (This used to be commit 91984ef5caa2d13c5d52e1f535bd3bbbae1ec978) --- source3/smbd/service.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index cfb5e0e414..0e4c87c7fb 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -704,14 +704,12 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* Invoke VFS make connection hook */ - if (conn->vfs_ops.connect) { - if (conn->vfs_ops.connect(conn, lp_servicename(snum), user) < 0) { - DEBUG(0,("make_connection: VFS make connection failed!\n")); - change_to_root_user(); - conn_free(conn); - *status = NT_STATUS_UNSUCCESSFUL; - return NULL; - } + if (VFS_CONNECT(conn, lp_servicename(snum), user) < 0) { + DEBUG(0,("make_connection: VFS make connection failed!\n")); + change_to_root_user(); + conn_free(conn); + *status = NT_STATUS_UNSUCCESSFUL; + return NULL; } /* we've finished with the user stuff - go back to root */ @@ -872,13 +870,8 @@ void close_cnum(connection_struct *conn, uint16 vuid) get_remote_machine_name(),conn->client_address, lp_servicename(SNUM(conn)))); - if (conn->vfs_ops.disconnect != NULL) { - - /* Call VFS disconnect hook */ - - conn->vfs_ops.disconnect(conn); - - } + /* Call VFS disconnect hook */ + VFS_DISCONNECT(conn); yield_connection(conn, lp_servicename(SNUM(conn))); -- cgit From 402fbc518a5489b33f1c5eafb8e6acb9ee5addbd Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 14 May 2003 00:46:43 +0000 Subject: spelling (This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0e4c87c7fb..4d515e90f5 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -790,7 +790,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, if(lp_security() != SEC_SHARE) { DATA_BLOB no_pw = data_blob(NULL, 0); if (vuser->homes_snum == -1) { - DEBUG(2, ("[homes] share not available for this user becouse it was not found or created at session setup time\n")); + DEBUG(2, ("[homes] share not available for this user because it was not found or created at session setup time\n")); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } -- cgit From bc2a3748e9caa8f60f7c2387e7eecd7fb3fae899 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 14 May 2003 10:59:01 +0000 Subject: Prefix VFS API macros with SMB_ for consistency and to avoid problems with VFS_ macros at system side. We currently have one clash with AIX and its VFS_LOCK. Compiled and tested -- no new functionality or code, just plain rename of macros for yet-unreleased VFS API version. Needs to be done before a24 is out (This used to be commit c2689ed118b490e49497a76ed6a2251262018769) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 4d515e90f5..31bb343474 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -704,7 +704,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* Invoke VFS make connection hook */ - if (VFS_CONNECT(conn, lp_servicename(snum), user) < 0) { + if (SMB_VFS_CONNECT(conn, lp_servicename(snum), user) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); change_to_root_user(); conn_free(conn); @@ -871,7 +871,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) lp_servicename(SNUM(conn)))); /* Call VFS disconnect hook */ - VFS_DISCONNECT(conn); + SMB_VFS_DISCONNECT(conn); yield_connection(conn, lp_servicename(SNUM(conn))); -- cgit From 3f5dc144578cfaa58e227177c780d4261c9242d2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 21 Jun 2003 07:54:03 +0000 Subject: Always initialize. (This used to be commit 75081860af5ace873f53c361ec34d029b7864ff7) --- source3/smbd/service.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 31bb343474..11659f2870 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -366,6 +366,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } fstrcpy(user,pass->pw_name); conn->force_user = True; + conn->uid = pass->pw_uid; + conn->gid = pass->pw_gid; string_set(&conn->user,pass->pw_name); passwd_free(&pass); DEBUG(3,("Guest only user %s\n",user)); -- cgit From ce72beb2b558d86fb49063c6b1fa00e07952ce56 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 3 Jul 2003 19:11:31 +0000 Subject: Removed strupper/strlower macros that automatically map to strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 11659f2870..6a23e38bbd 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -237,7 +237,7 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) } } - strupper(dev); + strupper_m(dev); if (lp_print_ok(snum)) { if (!strequal(dev, "LPT1:")) { @@ -828,7 +828,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, fstrcpy(service, service_in); - strlower(service); + strlower_m(service); snum = find_service(service); -- cgit From b475d0b88924a0af4a8519a2e7bc183945de0f9c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 6 Jul 2003 05:51:20 +0000 Subject: This changes our Unix primary GID behaviour back to what most people expect: Samba will now use the user's UNIX primary group, as the primary group when dealing with the filesystem. The NT primary group is ignored in unix. For the NT_TOKEN, the primary group is the NT priamry group, and the unix primary group is added to the NT_TOKEN as a supplementary group. This should fix bug #109, but will need to be revisited when we get a full NT group database. Also in this commit: - Fix debug statements in service.c - Make idmap_ldap show if it's adding, or modifying an existing DN - Make idmap_ldap show both the error message and error string (This used to be commit 32e455a714b2090fcfd1f6d73daccf600c15d51b) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 6a23e38bbd..63991904ff 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -359,7 +359,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, guest = True; pass = getpwnam_alloc(guestname); if (!pass) { - DEBUG(0,("authorise_login: Invalid guest account %s??\n",guestname)); + DEBUG(0,("make_conncection_snum: Invalid guest account %s??\n",guestname)); conn_free(conn); *status = NT_STATUS_NO_SUCH_USER; return NULL; -- cgit From a7ef6aac3a78e7d98956d64ea6f858b1f20d0a19 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Wed, 9 Jul 2003 23:01:08 +0000 Subject: Fix a small spelling mistake and push out the new version of aclocal.m4 to properly handle iconv on FreeBSD ... It works on Linux and FreeBSD ... (This used to be commit 9302401f543bd3684657b38f046dc52a5a732035) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 63991904ff..18e0887071 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -359,7 +359,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, guest = True; pass = getpwnam_alloc(guestname); if (!pass) { - DEBUG(0,("make_conncection_snum: Invalid guest account %s??\n",guestname)); + DEBUG(0,("make_connection_snum: Invalid guest account %s??\n",guestname)); conn_free(conn); *status = NT_STATUS_NO_SUCH_USER; return NULL; -- cgit From f746a68030609aa6239a25664360913805abd78d Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Mon, 21 Jul 2003 20:20:09 +0000 Subject: Clarify a debug log a little. The path might not exist, so say so. (This used to be commit 8409cf3e470df79f219f9a21c0cb780e9257186c) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 18e0887071..c2855487a5 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -661,7 +661,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, #else /* the alternative is just to check the directory exists */ if (stat(conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) { - DEBUG(0,("'%s' is not a directory, when connecting to [%s]\n", conn->connectpath, lp_servicename(SNUM(conn)))); + DEBUG(0,("'%s' does not exist or is not a directory, when connecting to [%s]\n", conn->connectpath, lp_servicename(SNUM(conn)))); change_to_root_user(); yield_connection(conn, lp_servicename(SNUM(conn))); conn_free(conn); -- cgit From 8d992a710285e208b6ba31dc018fb4744e708aaa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 3 Aug 2003 07:20:05 +0000 Subject: Output message saying "signed connect" instead of just connect when signing is active. Jeremy. (This used to be commit c6674fa62865b64aa788a1903db118e4d773bcae) --- source3/smbd/service.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c2855487a5..f75c920069 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -691,6 +691,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) { dbgtext( "%s (%s) ", get_remote_machine_name(), conn->client_address ); + dbgtext( "%s", srv_is_signing_active() ? "signed " : ""); dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) ); dbgtext( "initially as user %s ", user ); dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() ); -- cgit From 1c38391c704756c31c1d8d7f84f9ac6ffcaeda34 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 7 Sep 2003 16:36:13 +0000 Subject: Nobody complained on the team-list, so commit it ... This implements some kind of improved AFS support for Samba on Linux with OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile into secrets.tdb with 'net afskey'. If this is done, on each tree connect smbd creates a Kerberos V4 ticket suitable for use by the AFS client and gives it to the kernel via the AFS syscall. This is meant to be very light-weight, so I did not link in a whole lot of libraries to be more platform-independent using the ka_SetToken function call. Volker (This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213) --- source3/smbd/service.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index f75c920069..f9f264c270 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -642,6 +642,10 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } } + +#ifdef WITH_FAKE_KASERVER + afs_login(user); +#endif #if CHECK_PATH_ON_TCONX /* win2000 does not check the permissions on the directory -- cgit From e56192d0cff52a6976d75e5c2b8c25f89f5879c6 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 8 Sep 2003 15:24:01 +0000 Subject: make sure we substitute basic variables in read/write list (This used to be commit 52bea54d35e7fb32c7ed7b067c13afe53761affb) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index f9f264c270..70126b9e7f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -273,7 +273,7 @@ static void set_read_only(connection_struct *conn, gid_t *groups, size_t n_group str_list_copy(&list, lp_readlist(conn->service)); if (list) { - if (!str_list_substitute(list, "%S", service)) { + if ( !str_list_sub_basic(list, current_user_info.smb_name) ) { DEBUG(0, ("ERROR: read list substitution failed\n")); } if (user_in_list(conn->user, (const char **)list, groups, n_groups)) @@ -283,7 +283,7 @@ static void set_read_only(connection_struct *conn, gid_t *groups, size_t n_group str_list_copy(&list, lp_writelist(conn->service)); if (list) { - if (!str_list_substitute(list, "%S", service)) { + if ( !str_list_sub_basic(list, current_user_info.smb_name) ) { DEBUG(0, ("ERROR: write list substitution failed\n")); } if (user_in_list(conn->user, (const char **)list, groups, n_groups)) -- cgit From c716385220f5ce63fafffd4cff1e9480c5991d02 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 23 Sep 2003 14:52:21 +0000 Subject: This only touches the fake kaserver support. It adds two parameters: afs share -- this is an AFS share, do AFS magic things afs username map -- We need a way to specify the cell and possibly weird username codings for several windows domains in the afs cell Volker (This used to be commit 4a3f7a9356cd5068d9ed4fd6e2336d9bf7923fbd) --- source3/smbd/service.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 70126b9e7f..44d73b2ab2 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -644,7 +644,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } #ifdef WITH_FAKE_KASERVER - afs_login(user); + if (lp_afs_share(SNUM(conn))) { + afs_login(conn); + } #endif #if CHECK_PATH_ON_TCONX -- cgit From 05b178ab82748872bf9dc49887239ddf66ab49b2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 26 Sep 2003 21:03:32 +0000 Subject: Ensure %S gets expanded in read/write lists. Jeremy. (This used to be commit 7d7096fc3a899349b46691dcc30b86b04964fe52) --- source3/smbd/service.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 44d73b2ab2..e4c3890f86 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -259,23 +259,27 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) return NT_STATUS_OK; } - /**************************************************************************** readonly share? ****************************************************************************/ + static void set_read_only(connection_struct *conn, gid_t *groups, size_t n_groups) { char **list; - char *service = lp_servicename(conn->service); + const char *service = lp_servicename(conn->service); conn->read_only = lp_readonly(conn->service); - if (!service) return; + if (!service) + return; str_list_copy(&list, lp_readlist(conn->service)); if (list) { - if ( !str_list_sub_basic(list, current_user_info.smb_name) ) { + if (!str_list_sub_basic(list, current_user_info.smb_name) ) { DEBUG(0, ("ERROR: read list substitution failed\n")); } + if (!str_list_substitute(list, "%S", service)) { + DEBUG(0, ("ERROR: read list service substitution failed\n")); + } if (user_in_list(conn->user, (const char **)list, groups, n_groups)) conn->read_only = True; str_list_free(&list); @@ -283,19 +287,22 @@ static void set_read_only(connection_struct *conn, gid_t *groups, size_t n_group str_list_copy(&list, lp_writelist(conn->service)); if (list) { - if ( !str_list_sub_basic(list, current_user_info.smb_name) ) { + if (!str_list_sub_basic(list, current_user_info.smb_name) ) { DEBUG(0, ("ERROR: write list substitution failed\n")); } + if (!str_list_substitute(list, "%S", service)) { + DEBUG(0, ("ERROR: write list service substitution failed\n")); + } if (user_in_list(conn->user, (const char **)list, groups, n_groups)) conn->read_only = False; str_list_free(&list); } } - /**************************************************************************** admin user check ****************************************************************************/ + static void set_admin_user(connection_struct *conn, gid_t *groups, size_t n_groups) { /* admin user check */ -- cgit From cd141e33fa51058a66a56a2cbd021f5e08e216d5 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Oct 2003 15:11:24 +0000 Subject: cleaning out patch list; patch from Steve L. to change the cwd before the postexec script (This used to be commit 497e14ba19f4f637e1203d73981ea1c401a19542) --- source3/smbd/service.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index e4c3890f86..e5655bd9f4 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -894,6 +894,9 @@ void close_cnum(connection_struct *conn, uint16 vuid) file_close_conn(conn); dptr_closecnum(conn); + /* make sure we leave the directory available for unmount */ + vfs_ChDir(conn, "/"); + /* execute any "postexec = " line */ if (*lp_postexec(SNUM(conn)) && change_to_user(conn, vuid)) { @@ -913,8 +916,5 @@ void close_cnum(connection_struct *conn, uint16 vuid) smbrun(cmd,NULL); } - /* make sure we leave the directory available for unmount */ - vfs_ChDir(conn, "/"); - conn_free(conn); } -- cgit From b545a8de0a605edda11cab322dab0ad26b6cebd1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Feb 2004 19:05:25 +0000 Subject: Fixup the 'multiple-vuids' bugs. Jeremy. (This used to be commit f0f7a48327ba1808088bc8c4e5d48b5cbeaeb4e3) --- source3/smbd/service.c | 84 ++------------------------------------------------ 1 file changed, 3 insertions(+), 81 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index e5655bd9f4..78b610ae37 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -259,78 +259,6 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) return NT_STATUS_OK; } -/**************************************************************************** - readonly share? -****************************************************************************/ - -static void set_read_only(connection_struct *conn, gid_t *groups, size_t n_groups) -{ - char **list; - const char *service = lp_servicename(conn->service); - conn->read_only = lp_readonly(conn->service); - - if (!service) - return; - - str_list_copy(&list, lp_readlist(conn->service)); - if (list) { - if (!str_list_sub_basic(list, current_user_info.smb_name) ) { - DEBUG(0, ("ERROR: read list substitution failed\n")); - } - if (!str_list_substitute(list, "%S", service)) { - DEBUG(0, ("ERROR: read list service substitution failed\n")); - } - if (user_in_list(conn->user, (const char **)list, groups, n_groups)) - conn->read_only = True; - str_list_free(&list); - } - - str_list_copy(&list, lp_writelist(conn->service)); - if (list) { - if (!str_list_sub_basic(list, current_user_info.smb_name) ) { - DEBUG(0, ("ERROR: write list substitution failed\n")); - } - if (!str_list_substitute(list, "%S", service)) { - DEBUG(0, ("ERROR: write list service substitution failed\n")); - } - if (user_in_list(conn->user, (const char **)list, groups, n_groups)) - conn->read_only = False; - str_list_free(&list); - } -} - -/**************************************************************************** - admin user check -****************************************************************************/ - -static void set_admin_user(connection_struct *conn, gid_t *groups, size_t n_groups) -{ - /* admin user check */ - - /* JRA - original code denied admin user if the share was - marked read_only. Changed as I don't think this is needed, - but old code left in case there is a problem here. - */ - if (user_in_list(conn->user,lp_admin_users(conn->service), groups, n_groups) -#if 0 - && !conn->read_only -#endif - ) { - conn->admin_user = True; - conn->force_user = True; /* Admin users are effectivly 'forced' */ - DEBUG(0,("%s logged in as admin user (root privileges)\n",conn->user)); - } else { - conn->admin_user = False; - } - -#if 0 /* This done later, for now */ - /* admin users always run as uid=0 */ - if (conn->admin_user) { - conn->uid = 0; - } -#endif -} - /**************************************************************************** Make a connection, given the snum to connect to, and the vuser of the connecting user if appropriate. @@ -443,10 +371,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, string_set(&conn->dirpath,""); string_set(&conn->user,user); conn->nt_user_token = NULL; - - set_read_only(conn, vuser ? vuser->groups : NULL, vuser ? vuser->n_groups : 0); - - set_admin_user(conn, vuser ? vuser->groups : NULL, vuser ? vuser->n_groups : 0); + + conn->read_only = lp_readonly(conn->service); + conn->admin_user = False; /* * If force user is true, then store the @@ -478,11 +405,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } } - /* admin users always run as uid=0 */ - if (conn->admin_user) { - conn->uid = 0; - } - #ifdef HAVE_GETGRNAM /* * If force group is true, then override -- cgit From 48eb635f31a09fa0822d95d3e895255ef8a6d5e2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 5 Mar 2004 22:32:45 +0000 Subject: Several mb tidyups - getting ready to address the XXX_sub function. Jeremy. (This used to be commit 92c3ae3458177ec7f721598311a8ad04b2db5138) --- source3/smbd/service.c | 180 +++++++++++++++++++++++-------------------------- 1 file changed, 86 insertions(+), 94 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 78b610ae37..a53b9267b7 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -112,105 +112,96 @@ int add_home_service(const char *service, const char *username, const char *home /** - * Find a service entry. service is always in dos codepage. + * Find a service entry. * * @param service is modified (to canonical form??) **/ + int find_service(fstring service) { - int iService; - - all_string_sub(service,"\\","/",0); - - iService = lp_servicenumber(service); - - /* now handle the special case of a home directory */ - if (iService < 0) - { - char *phome_dir = get_user_home_dir(service); - - if(!phome_dir) - { - /* - * Try mapping the servicename, it may - * be a Windows to unix mapped user name. - */ - if(map_username(service)) - phome_dir = get_user_home_dir(service); - } - - DEBUG(3,("checking for home directory %s gave %s\n",service, - phome_dir?phome_dir:"(NULL)")); - - iService = add_home_service(service,service /* 'username' */, phome_dir); - } - - /* If we still don't have a service, attempt to add it as a printer. */ - if (iService < 0) - { - int iPrinterService; - - if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0) - { - char *pszTemp; - - DEBUG(3,("checking whether %s is a valid printer name...\n", service)); - pszTemp = lp_printcapname(); - if ((pszTemp != NULL) && pcap_printername_ok(service, pszTemp)) - { - DEBUG(3,("%s is a valid printer name\n", service)); - DEBUG(3,("adding %s as a printer service\n", service)); - lp_add_printer(service, iPrinterService); - iService = lp_servicenumber(service); - if (iService < 0) - DEBUG(0,("failed to add %s as a printer service!\n", service)); - } - else - DEBUG(3,("%s is not a valid printer name\n", service)); - } - } - - /* Check for default vfs service? Unsure whether to implement this */ - if (iService < 0) - { - } - - /* just possibly it's a default service? */ - if (iService < 0) - { - char *pdefservice = lp_defaultservice(); - if (pdefservice && *pdefservice && - !strequal(pdefservice,service) && - !strstr(service,"..")) - { - /* - * We need to do a local copy here as lp_defaultservice() - * returns one of the rotating lp_string buffers that - * could get overwritten by the recursive find_service() call - * below. Fix from Josef Hinteregger . - */ - pstring defservice; - pstrcpy(defservice, pdefservice); - iService = find_service(defservice); - if (iService >= 0) - { - all_string_sub(service, "_","/",0); - iService = lp_add_service(service, iService); - } - } - } - - if (iService >= 0) - if (!VALID_SNUM(iService)) - { - DEBUG(0,("Invalid snum %d for %s\n",iService, service)); - iService = -1; - } - - if (iService < 0) - DEBUG(3,("find_service() failed to find service %s\n", service)); - - return (iService); + int iService; + + all_string_sub(service,"\\","/",0); + + iService = lp_servicenumber(service); + + /* now handle the special case of a home directory */ + if (iService < 0) { + char *phome_dir = get_user_home_dir(service); + + if(!phome_dir) { + /* + * Try mapping the servicename, it may + * be a Windows to unix mapped user name. + */ + if(map_username(service)) + phome_dir = get_user_home_dir(service); + } + + DEBUG(3,("checking for home directory %s gave %s\n",service, + phome_dir?phome_dir:"(NULL)")); + + iService = add_home_service(service,service /* 'username' */, phome_dir); + } + + /* If we still don't have a service, attempt to add it as a printer. */ + if (iService < 0) { + int iPrinterService; + + if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0) { + char *pszTemp; + + DEBUG(3,("checking whether %s is a valid printer name...\n", service)); + pszTemp = lp_printcapname(); + if ((pszTemp != NULL) && pcap_printername_ok(service, pszTemp)) { + DEBUG(3,("%s is a valid printer name\n", service)); + DEBUG(3,("adding %s as a printer service\n", service)); + lp_add_printer(service, iPrinterService); + iService = lp_servicenumber(service); + if (iService < 0) { + DEBUG(0,("failed to add %s as a printer service!\n", service)); + } + } else { + DEBUG(3,("%s is not a valid printer name\n", service)); + } + } + } + + /* Check for default vfs service? Unsure whether to implement this */ + if (iService < 0) { + } + + /* just possibly it's a default service? */ + if (iService < 0) { + char *pdefservice = lp_defaultservice(); + if (pdefservice && *pdefservice && !strequal(pdefservice,service) && !strstr(service,"..")) { + /* + * We need to do a local copy here as lp_defaultservice() + * returns one of the rotating lp_string buffers that + * could get overwritten by the recursive find_service() call + * below. Fix from Josef Hinteregger . + */ + pstring defservice; + pstrcpy(defservice, pdefservice); + iService = find_service(defservice); + if (iService >= 0) { + all_string_sub(service, "_","/",0); + iService = lp_add_service(service, iService); + } + } + } + + if (iService >= 0) { + if (!VALID_SNUM(iService)) { + DEBUG(0,("Invalid snum %d for %s\n",iService, service)); + iService = -1; + } + } + + if (iService < 0) + DEBUG(3,("find_service() failed to find service %s\n", service)); + + return (iService); } @@ -218,6 +209,7 @@ int find_service(fstring service) do some basic sainity checks on the share. This function modifies dev, ecode. ****************************************************************************/ + static NTSTATUS share_sanity_checks(int snum, fstring dev) { -- cgit From c9b7cbbfa572512cd0348817965b99fd1df01285 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 9 Mar 2004 00:17:14 +0000 Subject: Added strstr_m() function. Use in all places where we might run into mb (should fix the mb service name problem, can't remember the bugid). Jeremy. (This used to be commit 94a272b9a881ec0004c5da2a7242b0a818da5630) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a53b9267b7..08b6648249 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -174,7 +174,7 @@ int find_service(fstring service) /* just possibly it's a default service? */ if (iService < 0) { char *pdefservice = lp_defaultservice(); - if (pdefservice && *pdefservice && !strequal(pdefservice,service) && !strstr(service,"..")) { + if (pdefservice && *pdefservice && !strequal(pdefservice,service) && !strstr_m(service,"..")) { /* * We need to do a local copy here as lp_defaultservice() * returns one of the rotating lp_string buffers that -- cgit From e0da56a84808c522bc7324b5d636f1cbd317a2c5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 7 May 2004 18:37:47 +0000 Subject: r570: Remove lots of globals to handle case issues - move them to connection struct entries (as they should have been from the start). Jerry, once you've cut over to 3.0.4 release branch I'll add this to 3.0 also. - Jerry cut over :-). Jeremy. (This used to be commit 578a508509d21226ad3332fc54c3ab54cd8ae452) --- source3/smbd/service.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 08b6648249..93b017e94c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -21,12 +21,6 @@ #include "includes.h" extern struct timeval smb_last_time; -extern int case_default; -extern BOOL case_preserve; -extern BOOL short_case_preserve; -extern BOOL case_mangle; -extern BOOL case_sensitive; -extern BOOL use_mangled_map; extern userdom_struct current_user_info; @@ -62,13 +56,7 @@ BOOL set_current_service(connection_struct *conn,BOOL do_chdir) last_conn = conn; - case_default = lp_defaultcase(snum); - case_preserve = lp_preservecase(snum); - short_case_preserve = lp_shortpreservecase(snum); - case_mangle = lp_casemangle(snum); - case_sensitive = lp_casesensitive(snum); magic_char = lp_magicchar(snum); - use_mangled_map = (*lp_mangled_map(snum) ? True:False); return(True); } @@ -357,6 +345,12 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->printer = (strncmp(dev,"LPT",3) == 0); conn->ipc = ((strncmp(dev,"IPC",3) == 0) || strequal(dev,"ADMIN$")); conn->dirptr = NULL; + + /* Case options for the share. */ + conn->case_sensitive = lp_casesensitive(snum); + conn->case_preserve = lp_preservecase(snum); + conn->short_case_preserve = lp_shortpreservecase(snum); + conn->veto_list = NULL; conn->hide_list = NULL; conn->veto_oplock_list = NULL; -- cgit From 89db7e100193c3b895180730f49061424a806c8e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 13 May 2004 00:20:50 +0000 Subject: r656: Make widelinks use realpath(). Tidy up cases where we need to become a service. Jeremy. (This used to be commit a03b6a05e02ec8415efc0e8ceade102e06f8fffe) --- source3/smbd/service.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 93b017e94c..04cade9577 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -788,6 +788,9 @@ void close_cnum(connection_struct *conn, uint16 vuid) { DirCacheFlush(SNUM(conn)); + file_close_conn(conn); + dptr_closecnum(conn); + change_to_root_user(); DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n", @@ -799,9 +802,6 @@ void close_cnum(connection_struct *conn, uint16 vuid) yield_connection(conn, lp_servicename(SNUM(conn))); - file_close_conn(conn); - dptr_closecnum(conn); - /* make sure we leave the directory available for unmount */ vfs_ChDir(conn, "/"); -- cgit From 67d474861d34490f6a8064d3eadc716d5a3a6020 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 20 May 2004 16:23:17 +0000 Subject: r799: BUG 1259 -- add 'printcap cache time' patch from Lars (This used to be commit fac90741139b953d0e88d050dd457657f0b9c9f3) --- source3/smbd/service.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 04cade9577..c74537c299 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -826,3 +826,27 @@ void close_cnum(connection_struct *conn, uint16 vuid) conn_free(conn); } + +/**************************************************************************** + Remove stale printers +****************************************************************************/ + +void remove_stale_printers( void ) +{ + int snum, iNumServices, printersServiceNum; + const char *pname; + + iNumServices = lp_numservices(); + printersServiceNum = lp_servicenumber( PRINTERS_NAME); + for( snum = 0; snum < iNumServices; snum++) { + /* Never remove PRINTERS_NAME */ + if ( snum == printersServiceNum) + continue; + pname = lp_printername( snum); + /* Is snum a print service and still in the printing subsystem? */ + if ( lp_print_ok( snum) && !pcap_printername_ok( pname, NULL)) { + DEBUG( 3, ( "Removing printer: %s\n", pname)); + lp_killservice( snum); + } + } +} -- cgit From cb03592c067a8e475a5f96f72aa0e84ba176a747 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 28 May 2004 01:54:01 +0000 Subject: r933: When using widelinks = no, use realpath to canonicalize the connection path on connection create for the user. We'll be checking all symlinked paths are below this directory. Jeremy. (This used to be commit b562fe9fbca4971059b913959bbaca02af42c1a4) --- source3/smbd/service.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c74537c299..192a043bf5 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -499,6 +499,20 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } + /* + * If widelinks are disallowed we need to canonicalise the + * connect path here to ensure we don't have any symlinks in + * the connectpath. We will be checking all paths on this + * connection are below this directory. We must do this after + * the VFS init as we depend on the realpath() pointer in the vfs table. JRA. + */ + if (!lp_widelinks(snum)) { + pstring s; + pstrcpy(s,conn->connectpath); + canonicalize_path(conn, s); + string_set(&conn->connectpath,s); + } + /* ROOT Activities: */ /* check number of connections */ if (!claim_connection(conn, -- cgit From 2acd0848663f28afedff9b11b738e048f5ead2cc Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 15 Jun 2004 18:36:45 +0000 Subject: r1154: Change default setting for case sensitivity to "auto". If set to auto then is the client supports it (current clients supported are Samba and CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare "NT LM 0.12" string) then the setting of the per packet flag smb_flag FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows the linux CIFS client to use Samba in a case sensitive manner. Additional command in smbclient "case_sensitive", toggles the flag in subsequent packets. Docs to follow. Jeremy. (This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d) --- source3/smbd/service.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 192a043bf5..3b499d5cc1 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -28,10 +28,11 @@ extern userdom_struct current_user_info; Load parameters specific to a connection/service. ****************************************************************************/ -BOOL set_current_service(connection_struct *conn,BOOL do_chdir) +BOOL set_current_service(connection_struct *conn, uint16 flags, BOOL do_chdir) { extern char magic_char; static connection_struct *last_conn; + static uint16 last_flags; int snum; if (!conn) { @@ -51,10 +52,24 @@ BOOL set_current_service(connection_struct *conn,BOOL do_chdir) return(False); } - if (conn == last_conn) + if ((conn == last_conn) && (last_flags == flags)) { return(True); + } last_conn = conn; + last_flags = flags; + + /* Obey the client case sensitivity requests - only for clients that support it. */ + if (lp_casesensitive(snum) == Auto) { + /* We need this uglyness due to DOS/Win9x clients that lie about case insensitivity. */ + enum remote_arch_types ra_type = get_remote_arch(); + if ((ra_type != RA_SAMBA) && (ra_type != RA_CIFSFS)) { + /* Client can't support per-packet case sensitive pathnames. */ + conn->case_sensitive = False; + } else { + conn->case_sensitive = !(flags & FLAG_CASELESS_PATHNAMES); + } + } magic_char = lp_magicchar(snum); return(True); @@ -347,7 +362,13 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->dirptr = NULL; /* Case options for the share. */ - conn->case_sensitive = lp_casesensitive(snum); + if (lp_casesensitive(snum) == Auto) { + /* We will be setting this per packet. Set to be case insensitive for now. */ + conn->case_sensitive = False; + } else { + conn->case_sensitive = (BOOL)lp_casesensitive(snum); + } + conn->case_preserve = lp_preservecase(snum); conn->short_case_preserve = lp_shortpreservecase(snum); -- cgit From cd87b3b972b39003def69671d8a3c6aaf51afd50 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 9 Jul 2004 00:13:55 +0000 Subject: r1414: Memory leak fixes found by valgrind whilst checking the password history code. Error code paths were not freeing up some memory. Jeremy. (This used to be commit 7c4666e56c2c281e023c6483459cb9e8d4787d36) --- source3/smbd/service.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 3b499d5cc1..794b5332ac 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -823,8 +823,12 @@ void close_cnum(connection_struct *conn, uint16 vuid) { DirCacheFlush(SNUM(conn)); - file_close_conn(conn); - dptr_closecnum(conn); + if (IS_IPC(conn)) { + pipe_close_conn(conn); + } else { + file_close_conn(conn); + dptr_closecnum(conn); + } change_to_root_user(); -- cgit From db2ffe10f9283c86f95ae76d38c21916065a4b87 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 25 Aug 2004 23:20:47 +0000 Subject: r2076: Removed old dir caching code - not being used now we have the statcache anyway. New dir caching will be done on nanosecond timestamps. Jeremy. (This used to be commit ba473a580245430009245a4c8b8dcaf9fc4b6406) --- source3/smbd/service.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 794b5332ac..5ebd772aa1 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -821,8 +821,6 @@ close a cnum ****************************************************************************/ void close_cnum(connection_struct *conn, uint16 vuid) { - DirCacheFlush(SNUM(conn)); - if (IS_IPC(conn)) { pipe_close_conn(conn); } else { -- cgit From 3de9b11601fb85209fd3a799da2f3a4a6cd41624 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 21 Sep 2004 13:04:35 +0000 Subject: r2475: A more helpful debug-message when a connection to a dfs-proxy-share is failing. Guenther (This used to be commit 486bcff17faf8c7ecd9bf4bb9af244bc4bcdf843) --- source3/smbd/service.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 5ebd772aa1..4d111e0ea3 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -804,7 +804,8 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, /* Handle non-Dfs clients attempting connections to msdfs proxy */ if (lp_host_msdfs() && (*lp_msdfs_proxy(snum) != '\0')) { - DEBUG(3, ("refusing connection to dfs proxy '%s'\n", service)); + DEBUG(3, ("refusing connection to dfs proxy share '%s' (pointing to %s)\n", + service, lp_msdfs_proxy(snum))); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } -- cgit From 57c468bbf1dd124f568c5beb1fb4a7d3c09dda71 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 2 Dec 2004 17:11:18 +0000 Subject: r4043: BUG 2091: don't remove statically defined printers in remove_stale_printers() (This used to be commit c24a3c49ce20797c0f9172e503e34770d00842ec) --- source3/smbd/service.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 4d111e0ea3..3dcd803a7c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -152,10 +152,9 @@ int find_service(fstring service) int iPrinterService; if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0) { - char *pszTemp; + const char *pszTemp = lp_printcapname(); DEBUG(3,("checking whether %s is a valid printer name...\n", service)); - pszTemp = lp_printcapname(); if ((pszTemp != NULL) && pcap_printername_ok(service, pszTemp)) { DEBUG(3,("%s is a valid printer name\n", service)); DEBUG(3,("adding %s as a printer service\n", service)); @@ -877,12 +876,21 @@ void remove_stale_printers( void ) iNumServices = lp_numservices(); printersServiceNum = lp_servicenumber( PRINTERS_NAME); for( snum = 0; snum < iNumServices; snum++) { + /* Never remove PRINTERS_NAME */ + if ( snum == printersServiceNum) continue; pname = lp_printername( snum); - /* Is snum a print service and still in the printing subsystem? */ - if ( lp_print_ok( snum) && !pcap_printername_ok( pname, NULL)) { + + /* Is snum an autoloaded print service and still + in the printing subsystem? */ + + if ( lp_snum_ok(snum) + && lp_print_ok(snum) + && lp_autoloaded(snum) + && !pcap_printername_ok( pname, NULL)) + { DEBUG( 3, ( "Removing printer: %s\n", pname)); lp_killservice( snum); } -- cgit From d097ea490525e7a35739dae6a295fd03ba52cfc0 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 5 Jan 2005 16:20:35 +0000 Subject: r4539: patch from Rob -- adding real printcap name cache function to speed up printcap reloads (This used to be commit 1cad5250932b963c2eb9b775221b13db386d601b) --- source3/smbd/service.c | 37 +------------------------------------ 1 file changed, 1 insertion(+), 36 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 3dcd803a7c..2e60adc636 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -152,10 +152,8 @@ int find_service(fstring service) int iPrinterService; if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0) { - const char *pszTemp = lp_printcapname(); - DEBUG(3,("checking whether %s is a valid printer name...\n", service)); - if ((pszTemp != NULL) && pcap_printername_ok(service, pszTemp)) { + if (pcap_printername_ok(service)) { DEBUG(3,("%s is a valid printer name\n", service)); DEBUG(3,("adding %s as a printer service\n", service)); lp_add_printer(service, iPrinterService); @@ -863,36 +861,3 @@ void close_cnum(connection_struct *conn, uint16 vuid) conn_free(conn); } - -/**************************************************************************** - Remove stale printers -****************************************************************************/ - -void remove_stale_printers( void ) -{ - int snum, iNumServices, printersServiceNum; - const char *pname; - - iNumServices = lp_numservices(); - printersServiceNum = lp_servicenumber( PRINTERS_NAME); - for( snum = 0; snum < iNumServices; snum++) { - - /* Never remove PRINTERS_NAME */ - - if ( snum == printersServiceNum) - continue; - pname = lp_printername( snum); - - /* Is snum an autoloaded print service and still - in the printing subsystem? */ - - if ( lp_snum_ok(snum) - && lp_print_ok(snum) - && lp_autoloaded(snum) - && !pcap_printername_ok( pname, NULL)) - { - DEBUG( 3, ( "Removing printer: %s\n", pname)); - lp_killservice( snum); - } - } -} -- cgit From 91ef89daa03551fa17ff78adb9f36420057948da Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 3 Feb 2005 02:02:54 +0000 Subject: r5183: Ensure we correctly set the per-connection "case_sensitive" setting. Rename dptrs_open to the more correct dirhandles_open. Remove old #if 1. Jeremy. (This used to be commit c43bae306a18f5716acbe8571f4f414873400cb1) --- source3/smbd/service.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2e60adc636..f199fe3ade 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -60,17 +60,26 @@ BOOL set_current_service(connection_struct *conn, uint16 flags, BOOL do_chdir) last_flags = flags; /* Obey the client case sensitivity requests - only for clients that support it. */ - if (lp_casesensitive(snum) == Auto) { - /* We need this uglyness due to DOS/Win9x clients that lie about case insensitivity. */ - enum remote_arch_types ra_type = get_remote_arch(); - if ((ra_type != RA_SAMBA) && (ra_type != RA_CIFSFS)) { - /* Client can't support per-packet case sensitive pathnames. */ + switch (lp_casesensitive(snum)) { + case Auto: + { + /* We need this uglyness due to DOS/Win9x clients that lie about case insensitivity. */ + enum remote_arch_types ra_type = get_remote_arch(); + if ((ra_type != RA_SAMBA) && (ra_type != RA_CIFSFS)) { + /* Client can't support per-packet case sensitive pathnames. */ + conn->case_sensitive = False; + } else { + conn->case_sensitive = !(flags & FLAG_CASELESS_PATHNAMES); + } + } + break; + case True: + conn->case_sensitive = True; + break; + default: conn->case_sensitive = False; - } else { - conn->case_sensitive = !(flags & FLAG_CASELESS_PATHNAMES); - } + break; } - magic_char = lp_magicchar(snum); return(True); } -- cgit From 09f5aa4269a6133e822ce4bbbde426ce5b37cd34 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 1 Mar 2005 21:26:01 +0000 Subject: r5607: Fix for bug #2399 - ensure we use SMB_VFS_STAT instead of stat when checking for existance of a pathname. Jeremy. (This used to be commit 08aac40e3ac0911673ea7e6ef35ba7fe9822d2fd) --- source3/smbd/service.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index f199fe3ade..bc74a28faf 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -278,6 +278,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *user = 0; fstrcpy(dev, pdev); + ZERO_STRUCT(st); if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, dev))) { return NULL; @@ -622,7 +623,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } #else /* the alternative is just to check the directory exists */ - if (stat(conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) { + if (SMB_VFS_STAT(conn, conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) { DEBUG(0,("'%s' does not exist or is not a directory, when connecting to [%s]\n", conn->connectpath, lp_servicename(SNUM(conn)))); change_to_root_user(); yield_connection(conn, lp_servicename(SNUM(conn))); -- cgit From a5e671e867bcf6bd61d68bcf8a1732cf02647843 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 1 Mar 2005 21:48:34 +0000 Subject: r5608: BUG 2399 - removing dead code (not finished with bug yet). (This used to be commit 48353c199cfbfd56760b34ccf99b089bb627e2ed) --- source3/smbd/service.c | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index bc74a28faf..684d49c56a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -606,22 +606,10 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } #endif -#if CHECK_PATH_ON_TCONX /* win2000 does not check the permissions on the directory during the tree connect, instead relying on permission check during individual operations. To match this behaviour I have disabled this chdir check (tridge) */ - if (vfs_ChDir(conn,conn->connectpath) != 0) { - DEBUG(0,("%s (%s) Can't change directory to %s (%s)\n", - get_remote_machine_name(), conn->client_address, - conn->connectpath,strerror(errno))); - change_to_root_user(); - yield_connection(conn, lp_servicename(SNUM(conn))); - conn_free(conn); - *status = NT_STATUS_BAD_NETWORK_NAME; - return NULL; - } -#else /* the alternative is just to check the directory exists */ if (SMB_VFS_STAT(conn, conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) { DEBUG(0,("'%s' does not exist or is not a directory, when connecting to [%s]\n", conn->connectpath, lp_servicename(SNUM(conn)))); @@ -631,7 +619,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } -#endif string_set(&conn->origpath,conn->connectpath); -- cgit From 4b122ce2da493e3abd1ca54dd2ce8b9752e70ec8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 19 Mar 2005 18:21:39 +0000 Subject: r5905: Fix two warnings found by AIX. They might actually be bugs on 64-bit platforms. Volker (This used to be commit f7218d1c66ae91fa79f5a40e0ba618beba038bbc) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 684d49c56a..7bbf8d7f2a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -272,7 +272,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, struct passwd *pass = NULL; BOOL guest = False; connection_struct *conn; - struct stat st; + SMB_STRUCT_STAT st; fstring user; fstring dev; -- cgit From 978ca8486031e43754a3c23757f361bf3a85f335 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Wed, 6 Apr 2005 16:28:04 +0000 Subject: r6225: get rid of warnings from my compiler about nested externs (This used to be commit efea76ac71412f8622cd233912309e91b9ea52da) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 7bbf8d7f2a..d39d3d3836 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -20,6 +20,7 @@ #include "includes.h" +extern char magic_char; extern struct timeval smb_last_time; extern userdom_struct current_user_info; @@ -30,7 +31,6 @@ extern userdom_struct current_user_info; BOOL set_current_service(connection_struct *conn, uint16 flags, BOOL do_chdir) { - extern char magic_char; static connection_struct *last_conn; static uint16 last_flags; int snum; -- cgit From 595183b9163ab7075e04ef210ca9c75aae041841 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 26 Apr 2005 23:52:21 +0000 Subject: r6497: Ensure yield_connection() is called on all appropriate error conditions. Jeremy. (This used to be commit f895f087adbc367a984bfa073f31f890db25a286) --- source3/smbd/service.c | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index d39d3d3836..d4d6274dff 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -521,7 +521,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* Initialise VFS function pointers */ if (!smbd_vfs_init(conn)) { - DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn)))); + DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(snum))); conn_free(conn); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; @@ -544,8 +544,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* ROOT Activities: */ /* check number of connections */ if (!claim_connection(conn, - lp_servicename(SNUM(conn)), - lp_max_connections(SNUM(conn)), + lp_servicename(snum), + lp_max_connections(snum), False,0)) { DEBUG(1,("too many connections - rejected\n")); conn_free(conn); @@ -555,16 +555,16 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* Preexecs are done here as they might make the dir we are to ChDir to below */ /* execute any "root preexec = " line */ - if (*lp_rootpreexec(SNUM(conn))) { + if (*lp_rootpreexec(snum)) { int ret; pstring cmd; - pstrcpy(cmd,lp_rootpreexec(SNUM(conn))); + pstrcpy(cmd,lp_rootpreexec(snum)); standard_sub_conn(conn,cmd,sizeof(cmd)); DEBUG(5,("cmd=%s\n",cmd)); ret = smbrun(cmd,NULL); - if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) { + if (ret != 0 && lp_rootpreexec_close(snum)) { DEBUG(1,("root preexec gave %d - failing connection\n", ret)); - yield_connection(conn, lp_servicename(SNUM(conn))); + yield_connection(conn, lp_servicename(snum)); conn_free(conn); *status = NT_STATUS_ACCESS_DENIED; return NULL; @@ -575,6 +575,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (!change_to_user(conn, conn->vuid)) { /* No point continuing if they fail the basic checks */ DEBUG(0,("Can't become connected user!\n")); + yield_connection(conn, lp_servicename(snum)); conn_free(conn); *status = NT_STATUS_LOGON_FAILURE; return NULL; @@ -584,16 +585,16 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* Preexecs are done here as they might make the dir we are to ChDir to below */ /* execute any "preexec = " line */ - if (*lp_preexec(SNUM(conn))) { + if (*lp_preexec(snum)) { int ret; pstring cmd; - pstrcpy(cmd,lp_preexec(SNUM(conn))); + pstrcpy(cmd,lp_preexec(snum)); standard_sub_conn(conn,cmd,sizeof(cmd)); ret = smbrun(cmd,NULL); - if (ret != 0 && lp_preexec_close(SNUM(conn))) { + if (ret != 0 && lp_preexec_close(snum)) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); change_to_root_user(); - yield_connection(conn, lp_servicename(SNUM(conn))); + yield_connection(conn, lp_servicename(snum)); conn_free(conn); *status = NT_STATUS_ACCESS_DENIED; return NULL; @@ -601,7 +602,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } #ifdef WITH_FAKE_KASERVER - if (lp_afs_share(SNUM(conn))) { + if (lp_afs_share(snum)) { afs_login(conn); } #endif @@ -612,9 +613,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, I have disabled this chdir check (tridge) */ /* the alternative is just to check the directory exists */ if (SMB_VFS_STAT(conn, conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) { - DEBUG(0,("'%s' does not exist or is not a directory, when connecting to [%s]\n", conn->connectpath, lp_servicename(SNUM(conn)))); + DEBUG(0,("'%s' does not exist or is not a directory, when connecting to [%s]\n", conn->connectpath, lp_servicename(snum))); change_to_root_user(); - yield_connection(conn, lp_servicename(SNUM(conn))); + yield_connection(conn, lp_servicename(snum)); conn_free(conn); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; @@ -642,7 +643,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) { dbgtext( "%s (%s) ", get_remote_machine_name(), conn->client_address ); dbgtext( "%s", srv_is_signing_active() ? "signed " : ""); - dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) ); + dbgtext( "connect to service %s ", lp_servicename(snum) ); dbgtext( "initially as user %s ", user ); dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() ); dbgtext( "(pid %d)\n", (int)sys_getpid() ); @@ -650,9 +651,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* Add veto/hide lists */ if (!IS_IPC(conn) && !IS_PRINT(conn)) { - set_namearray( &conn->veto_list, lp_veto_files(SNUM(conn))); - set_namearray( &conn->hide_list, lp_hide_files(SNUM(conn))); - set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(SNUM(conn))); + set_namearray( &conn->veto_list, lp_veto_files(snum)); + set_namearray( &conn->hide_list, lp_hide_files(snum)); + set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(snum)); } /* Invoke VFS make connection hook */ @@ -660,6 +661,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (SMB_VFS_CONNECT(conn, lp_servicename(snum), user) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); change_to_root_user(); + yield_connection(conn, lp_servicename(snum)); conn_free(conn); *status = NT_STATUS_UNSUCCESSFUL; return NULL; @@ -812,8 +814,9 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, } /**************************************************************************** -close a cnum + Close a cnum. ****************************************************************************/ + void close_cnum(connection_struct *conn, uint16 vuid) { if (IS_IPC(conn)) { -- cgit From 02e3717ee9e045d197d845489e84ac40083ca868 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 6 May 2005 08:07:39 +0000 Subject: r6625: Remove another global variable left over from a long time ago (magic char). Jeremy. (This used to be commit b1bfa9cb37deb22d1d08bc60ba44d61334f6446e) --- source3/smbd/service.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index d4d6274dff..1708c51ff9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -20,11 +20,9 @@ #include "includes.h" -extern char magic_char; extern struct timeval smb_last_time; extern userdom_struct current_user_info; - /**************************************************************************** Load parameters specific to a connection/service. ****************************************************************************/ @@ -80,7 +78,6 @@ BOOL set_current_service(connection_struct *conn, uint16 flags, BOOL do_chdir) conn->case_sensitive = False; break; } - magic_char = lp_magicchar(snum); return(True); } -- cgit From f24d88cf9da46680d52b42b92bd484e7b09ce99b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 31 May 2005 13:46:45 +0000 Subject: r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1) --- source3/smbd/service.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 1708c51ff9..c63a43bac0 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -362,7 +362,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->service = snum; conn->used = True; conn->printer = (strncmp(dev,"LPT",3) == 0); - conn->ipc = ((strncmp(dev,"IPC",3) == 0) || strequal(dev,"ADMIN$")); + conn->ipc = ( (strncmp(dev,"IPC",3) == 0) || ( lp_enable_asu_support() && strequal(dev,"ADMIN$")) ); conn->dirptr = NULL; /* Case options for the share. */ @@ -783,7 +783,9 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, snum = find_service(service); if (snum < 0) { - if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) { + if (strequal(service,"IPC$") + || (lp_enable_asu_support() && strequal(service,"ADMIN$"))) + { DEBUG(3,("refusing IPC connection to %s\n", service)); *status = NT_STATUS_ACCESS_DENIED; return NULL; -- cgit From ed5e7ff9f184fd36b4344c958f145cc4a4987c71 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 2 Jun 2005 23:18:52 +0000 Subject: r7200: Don't use memset, use SET_STAT_INVALID (has the same effect). Jeremy. (This used to be commit 0b6f87d5e14da461bd2b1c3a4e6f47a69d2cd1c4) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c63a43bac0..0566dd8102 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -275,7 +275,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *user = 0; fstrcpy(dev, pdev); - ZERO_STRUCT(st); + SET_STAT_INVALD(st); if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, dev))) { return NULL; -- cgit From 0deab47cc6f17e597430130df66f7acf8842ff30 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 3 Jun 2005 05:35:04 +0000 Subject: r7210: Fix my own mistakes up, sorry. Jeremy. (This used to be commit 53c3a954ee0e1c9dc61950f1a9d0a654de9382c6) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0566dd8102..24f4df7694 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -275,7 +275,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *user = 0; fstrcpy(dev, pdev); - SET_STAT_INVALD(st); + SET_STAT_INVALID(st); if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, dev))) { return NULL; -- cgit From afc7af3fdf3ec8214dff8924734008eb41c81979 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 27 Jun 2005 17:14:15 +0000 Subject: r7948: Ensure we call the vfs connection hook before doing a vfs stat. Allows database vfs backends to initialise with a working connection. Bugid #2827 Jeremy. (This used to be commit 7ef6850056f7fbb380038f5ec5bcb29d27fbf254) --- source3/smbd/service.c | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 24f4df7694..b53d6e3ad9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -604,6 +604,25 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } #endif + /* Add veto/hide lists */ + if (!IS_IPC(conn) && !IS_PRINT(conn)) { + set_namearray( &conn->veto_list, lp_veto_files(snum)); + set_namearray( &conn->hide_list, lp_hide_files(snum)); + set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(snum)); + } + + /* Invoke VFS make connection hook - do this before the VFS_STAT call to allow + any filesystems needing user credentials to initialize themselves. */ + + if (SMB_VFS_CONNECT(conn, lp_servicename(snum), user) < 0) { + DEBUG(0,("make_connection: VFS make connection failed!\n")); + change_to_root_user(); + yield_connection(conn, lp_servicename(snum)); + conn_free(conn); + *status = NT_STATUS_UNSUCCESSFUL; + return NULL; + } + /* win2000 does not check the permissions on the directory during the tree connect, instead relying on permission check during individual operations. To match this behaviour @@ -612,6 +631,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (SMB_VFS_STAT(conn, conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) { DEBUG(0,("'%s' does not exist or is not a directory, when connecting to [%s]\n", conn->connectpath, lp_servicename(snum))); change_to_root_user(); + /* Call VFS disconnect hook */ + SMB_VFS_DISCONNECT(conn); yield_connection(conn, lp_servicename(snum)); conn_free(conn); *status = NT_STATUS_BAD_NETWORK_NAME; @@ -646,27 +667,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, dbgtext( "(pid %d)\n", (int)sys_getpid() ); } - /* Add veto/hide lists */ - if (!IS_IPC(conn) && !IS_PRINT(conn)) { - set_namearray( &conn->veto_list, lp_veto_files(snum)); - set_namearray( &conn->hide_list, lp_hide_files(snum)); - set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(snum)); - } - - /* Invoke VFS make connection hook */ - - if (SMB_VFS_CONNECT(conn, lp_servicename(snum), user) < 0) { - DEBUG(0,("make_connection: VFS make connection failed!\n")); - change_to_root_user(); - yield_connection(conn, lp_servicename(snum)); - conn_free(conn); - *status = NT_STATUS_UNSUCCESSFUL; - return NULL; - } - /* we've finished with the user stuff - go back to root */ change_to_root_user(); - return(conn); } -- cgit From f2f55d703d0dd549a83809d3e5cc5151569b48d6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 27 Jun 2005 22:53:56 +0000 Subject: r7963: Add aio support to 3.0. Jeremy. (This used to be commit 1de27da47051af08790317f5b48b02719d6b9934) --- source3/smbd/service.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b53d6e3ad9..d330e847e2 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -379,6 +379,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->veto_list = NULL; conn->hide_list = NULL; conn->veto_oplock_list = NULL; + conn->aio_write_behind_list = NULL; string_set(&conn->dirpath,""); string_set(&conn->user,user); conn->nt_user_token = NULL; -- cgit From 775056f8e494b716276c9f6b1c6130587a8df9ec Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 3 Oct 2005 18:14:09 +0000 Subject: r10693: Fix bug #3129, reported by Adam Porter . Rotten error message caused hours of wasted time. Jeremy. (This used to be commit f391f065b240d5731d178f9d4a46ffc3315117bc) --- source3/smbd/service.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index d330e847e2..52f9229ee1 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -272,6 +272,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, SMB_STRUCT_STAT st; fstring user; fstring dev; + int ret; *user = 0; fstrcpy(dev, pdev); @@ -554,7 +555,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* Preexecs are done here as they might make the dir we are to ChDir to below */ /* execute any "root preexec = " line */ if (*lp_rootpreexec(snum)) { - int ret; pstring cmd; pstrcpy(cmd,lp_rootpreexec(snum)); standard_sub_conn(conn,cmd,sizeof(cmd)); @@ -584,7 +584,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* Preexecs are done here as they might make the dir we are to ChDir to below */ /* execute any "preexec = " line */ if (*lp_preexec(snum)) { - int ret; pstring cmd; pstrcpy(cmd,lp_preexec(snum)); standard_sub_conn(conn,cmd,sizeof(cmd)); @@ -629,8 +628,13 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, check during individual operations. To match this behaviour I have disabled this chdir check (tridge) */ /* the alternative is just to check the directory exists */ - if (SMB_VFS_STAT(conn, conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) { - DEBUG(0,("'%s' does not exist or is not a directory, when connecting to [%s]\n", conn->connectpath, lp_servicename(snum))); + if ((ret = SMB_VFS_STAT(conn, conn->connectpath, &st)) != 0 || !S_ISDIR(st.st_mode)) { + if (ret == 0 && !S_ISDIR(st.st_mode)) { + DEBUG(0,("'%s' is not a directory, when connecting to [%s]\n", conn->connectpath, lp_servicename(snum))); + } else { + DEBUG(0,("'%s' does not exist or permission denied when connecting to [%s] " + "Error was %s\n", conn->connectpath, lp_servicename(snum), strerror(errno) )); + } change_to_root_user(); /* Call VFS disconnect hook */ SMB_VFS_DISCONNECT(conn); -- cgit From fa4df827d0b7e6e280a1736fb45772ed27131e64 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 12 Dec 2005 18:21:59 +0000 Subject: r12194: Ensure that when we set a connection path we've canonicalized the name (must be abolute - start with /, must not end in /, must have ./ and ../ removed). Of course for realpath resolved paths this won't be the case but for others we need this name to be canonicalized. This name is going into the sharemode db for #3303 so needs to be in a normalized format. Jeremy. (This used to be commit 22e3300911809692b595f49e87d91e3111923e6a) --- source3/smbd/service.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 102 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 52f9229ee1..210edde5d8 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -23,6 +23,105 @@ extern struct timeval smb_last_time; extern userdom_struct current_user_info; +/**************************************************************************** + Ensure when setting connectpath it is a canonicalized (no ./ // or ../) + absolute path stating in / and not ending in /. + Observent people will notice a similarity between this and check_path_syntax :-). +****************************************************************************/ + +void set_conn_connectpath(connection_struct *conn, const pstring connectpath) +{ + pstring destname; + char *d = destname; + const char *s = connectpath; + BOOL start_of_name_component = True; + + *d++ = '/'; /* Always start with root. */ + + while (*s) { + if (*s == '/') { + /* Eat multiple '/' */ + while (*s == '/') { + s++; + } + if ((d != destname) && (*s != '\0')) { + *d++ = '/'; + } + start_of_name_component = True; + continue; + } + + if (start_of_name_component) { + if ((s[0] == '.') && (s[1] == '.') && (s[2] == '/' || s[2] == '\0')) { + /* Uh oh - "/../" or "/..\0" ! */ + + /* Go past the ../ or .. */ + if (s[2] == '/') { + s += 3; + } else { + s += 2; /* Go past the .. */ + } + + /* If we just added a '/' - delete it */ + if ((d > destname) && (*(d-1) == '/')) { + *(d-1) = '\0'; + d--; + } + + /* Are we at the start ? Can't go back further if so. */ + if (d <= destname) { + *d++ = '/'; /* Can't delete root */ + continue; + } + /* Go back one level... */ + /* Decrement d first as d points to the *next* char to write into. */ + for (d--; d > destname; d--) { + if (*d == '/') { + break; + } + } + /* We're still at the start of a name component, just the previous one. */ + continue; + } else if ((s[0] == '.') && ((s[1] == '\0') || s[1] == '/')) { + /* Component of pathname can't be "." only - skip the '.' . */ + if (s[1] == '/') { + s += 2; + } else { + s++; + } + continue; + } + } + + if (!(*s & 0x80)) { + *d++ = *s++; + } else { + switch(next_mb_char_size(s)) { + case 4: + *d++ = *s++; + case 3: + *d++ = *s++; + case 2: + *d++ = *s++; + case 1: + *d++ = *s++; + break; + default: + break; + } + } + start_of_name_component = False; + } + *d = '\0'; + + /* And must not end in '/' */ + if (d > destname + 1 && (*(d-1) == '/')) { + *(d-1) = '\0'; + } + + string_set(&conn->connectpath, destname); +} + /**************************************************************************** Load parameters specific to a connection/service. ****************************************************************************/ @@ -474,7 +573,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, pstring s; pstrcpy(s,lp_pathname(snum)); standard_sub_conn(conn,s,sizeof(s)); - string_set(&conn->connectpath,s); + set_conn_connectpath(conn,s); DEBUG(3,("Connect path is '%s' for service [%s]\n",s, lp_servicename(snum))); } @@ -537,7 +636,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, pstring s; pstrcpy(s,conn->connectpath); canonicalize_path(conn, s); - string_set(&conn->connectpath,s); + set_conn_connectpath(conn,s); } /* ROOT Activities: */ @@ -652,7 +751,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, pstring s; pstrcpy(s,conn->connectpath); vfs_GetWd(conn,s); - string_set(&conn->connectpath,s); + set_conn_connectpath(conn,s); vfs_ChDir(conn,conn->connectpath); } #endif -- cgit From ab7a4f7e8e4b946a8acd0a205c16dbf6a3afecad Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 13 Dec 2005 18:11:50 +0000 Subject: r12213: Final fix for #3303 - send rename messages to smbd's that have open file handles to allow them to correctly implement delete on close. There is a further correctness fix I'm intending to add to this to cope with different share paths, but not right now... Jeremy. (This used to be commit 932e337db8788e75344e1c7cf1ef009d090cb039) --- source3/smbd/service.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 210edde5d8..c9e2cdcf50 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -44,7 +44,7 @@ void set_conn_connectpath(connection_struct *conn, const pstring connectpath) while (*s == '/') { s++; } - if ((d != destname) && (*s != '\0')) { + if ((d > destname + 1) && (*s != '\0')) { *d++ = '/'; } start_of_name_component = True; @@ -119,6 +119,9 @@ void set_conn_connectpath(connection_struct *conn, const pstring connectpath) *(d-1) = '\0'; } + DEBUG(10,("set_conn_connectpath: service %s, connectpath = %s\n", + lp_servicename(SNUM(conn)), destname )); + string_set(&conn->connectpath, destname); } -- cgit From 862e4a11c15b9971762e5ee97186fbccdd2fcfdf Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 17 Dec 2005 17:13:45 +0000 Subject: r12307: Reformatting plus a trivial if/else simplification. There's no point in doing an else branch that only returns NULL. Volker (This used to be commit ef4d9d96de3f1a242d26ae2f8033103bbdb7a2dc) --- source3/smbd/service.c | 194 +++++++++++++++++++++++++++++++------------------ 1 file changed, 122 insertions(+), 72 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c9e2cdcf50..c5fba5b50e 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -366,7 +366,8 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) static connection_struct *make_connection_snum(int snum, user_struct *vuser, DATA_BLOB password, - const char *pdev, NTSTATUS *status) + const char *pdev, + NTSTATUS *status) { struct passwd *pass = NULL; BOOL guest = False; @@ -396,7 +397,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, guest = True; pass = getpwnam_alloc(guestname); if (!pass) { - DEBUG(0,("make_connection_snum: Invalid guest account %s??\n",guestname)); + DEBUG(0,("make_connection_snum: Invalid guest " + "account %s??\n",guestname)); conn_free(conn); *status = NT_STATUS_NO_SUCH_USER; return NULL; @@ -411,14 +413,20 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } else if (vuser) { if (vuser->guest) { if (!lp_guest_ok(snum)) { - DEBUG(2, ("guest user (from session setup) not permitted to access this share (%s)\n", lp_servicename(snum))); + DEBUG(2, ("guest user (from session setup) " + "not permitted to access this share " + "(%s)\n", lp_servicename(snum))); conn_free(conn); *status = NT_STATUS_ACCESS_DENIED; return NULL; } } else { - if (!user_ok(vuser->user.unix_name, snum, vuser->groups, vuser->n_groups)) { - DEBUG(2, ("user '%s' (from session setup) not permitted to access this share (%s)\n", vuser->user.unix_name, lp_servicename(snum))); + if (!user_ok(vuser->user.unix_name, snum, + vuser->groups, vuser->n_groups)) { + DEBUG(2, ("user '%s' (from session setup) not " + "permitted to access this share " + "(%s)\n", vuser->user.unix_name, + lp_servicename(snum))); conn_free(conn); *status = NT_STATUS_ACCESS_DENIED; return NULL; @@ -465,12 +473,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->service = snum; conn->used = True; conn->printer = (strncmp(dev,"LPT",3) == 0); - conn->ipc = ( (strncmp(dev,"IPC",3) == 0) || ( lp_enable_asu_support() && strequal(dev,"ADMIN$")) ); + conn->ipc = ( (strncmp(dev,"IPC",3) == 0) || + ( lp_enable_asu_support() && strequal(dev,"ADMIN$")) ); conn->dirptr = NULL; /* Case options for the share. */ if (lp_casesensitive(snum) == Auto) { - /* We will be setting this per packet. Set to be case insensitive for now. */ + /* We will be setting this per packet. Set to be case + * insensitive for now. */ conn->case_sensitive = False; } else { conn->case_sensitive = (BOOL)lp_casesensitive(snum); @@ -545,30 +555,30 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, pstring_sub(gname,"%S",lp_servicename(snum)); gid = nametogid(gname); - if (gid != (gid_t)-1) { - - /* - * If the user has been forced and the forced group starts - * with a '+', then we only set the group to be the forced - * group if the forced user is a member of that group. - * Otherwise, the meaning of the '+' would be ignored. - */ - if (conn->force_user && user_must_be_member) { - if (user_in_group_list( user, gname, NULL, 0)) { - conn->gid = gid; - DEBUG(3,("Forced group %s for member %s\n",gname,user)); - } - } else { - conn->gid = gid; - DEBUG(3,("Forced group %s\n",gname)); - } - conn->force_group = True; - } else { + if (gid == (gid_t)-1) { DEBUG(1,("Couldn't find group %s\n",gname)); conn_free(conn); *status = NT_STATUS_NO_SUCH_GROUP; return NULL; } + + /* + * If the user has been forced and the forced group starts + * with a '+', then we only set the group to be the forced + * group if the forced user is a member of that group. + * Otherwise, the meaning of the '+' would be ignored. + */ + if (conn->force_user && user_must_be_member) { + if (user_in_group_list( user, gname, NULL, 0)) { + conn->gid = gid; + DEBUG(3,("Forced group %s for member %s\n", + gname,user)); + } + } else { + conn->gid = gid; + DEBUG(3,("Forced group %s\n",gname)); + } + conn->force_group = True; } #endif /* HAVE_GETGRNAM */ @@ -577,7 +587,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, pstrcpy(s,lp_pathname(snum)); standard_sub_conn(conn,s,sizeof(s)); set_conn_connectpath(conn,s); - DEBUG(3,("Connect path is '%s' for service [%s]\n",s, lp_servicename(snum))); + DEBUG(3,("Connect path is '%s' for service [%s]\n",s, + lp_servicename(snum))); } if (conn->force_user || conn->force_group) { @@ -591,9 +602,10 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, initialise_groups(conn->user, conn->uid, conn->gid); get_current_groups(conn->gid, &conn->ngroups,&conn->groups); - conn->nt_user_token = create_nt_token(conn->uid, conn->gid, - conn->ngroups, conn->groups, - guest); + conn->nt_user_token = + create_nt_token(conn->uid, conn->gid, + conn->ngroups, conn->groups, + guest); } /* @@ -604,12 +616,16 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ { - BOOL can_write = share_access_check(conn, snum, vuser, FILE_WRITE_DATA); + BOOL can_write = share_access_check(conn, snum, vuser, + FILE_WRITE_DATA); if (!can_write) { - if (!share_access_check(conn, snum, vuser, FILE_READ_DATA)) { + if (!share_access_check(conn, snum, vuser, + FILE_READ_DATA)) { /* No access, read or write. */ - DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n", + DEBUG(0,("make_connection: connection to %s " + "denied due to security " + "descriptor.\n", lp_servicename(snum))); conn_free(conn); *status = NT_STATUS_ACCESS_DENIED; @@ -622,18 +638,19 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* Initialise VFS function pointers */ if (!smbd_vfs_init(conn)) { - DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(snum))); + DEBUG(0, ("vfs_init failed for service %s\n", + lp_servicename(snum))); conn_free(conn); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } /* - * If widelinks are disallowed we need to canonicalise the - * connect path here to ensure we don't have any symlinks in - * the connectpath. We will be checking all paths on this - * connection are below this directory. We must do this after - * the VFS init as we depend on the realpath() pointer in the vfs table. JRA. + * If widelinks are disallowed we need to canonicalise the connect + * path here to ensure we don't have any symlinks in the + * connectpath. We will be checking all paths on this connection are + * below this directory. We must do this after the VFS init as we + * depend on the realpath() pointer in the vfs table. JRA. */ if (!lp_widelinks(snum)) { pstring s; @@ -654,7 +671,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } - /* Preexecs are done here as they might make the dir we are to ChDir to below */ + /* Preexecs are done here as they might make the dir we are to ChDir + * to below */ /* execute any "root preexec = " line */ if (*lp_rootpreexec(snum)) { pstring cmd; @@ -663,7 +681,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, DEBUG(5,("cmd=%s\n",cmd)); ret = smbrun(cmd,NULL); if (ret != 0 && lp_rootpreexec_close(snum)) { - DEBUG(1,("root preexec gave %d - failing connection\n", ret)); + DEBUG(1,("root preexec gave %d - failing " + "connection\n", ret)); yield_connection(conn, lp_servicename(snum)); conn_free(conn); *status = NT_STATUS_ACCESS_DENIED; @@ -681,9 +700,12 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } - /* Remember that a different vuid can connect later without these checks... */ + /* Remember that a different vuid can connect later without these + * checks... */ - /* Preexecs are done here as they might make the dir we are to ChDir to below */ + /* Preexecs are done here as they might make the dir we are to ChDir + * to below */ + /* execute any "preexec = " line */ if (*lp_preexec(snum)) { pstring cmd; @@ -691,7 +713,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, standard_sub_conn(conn,cmd,sizeof(cmd)); ret = smbrun(cmd,NULL); if (ret != 0 && lp_preexec_close(snum)) { - DEBUG(1,("preexec gave %d - failing connection\n", ret)); + DEBUG(1,("preexec gave %d - failing connection\n", + ret)); change_to_root_user(); yield_connection(conn, lp_servicename(snum)); conn_free(conn); @@ -713,8 +736,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(snum)); } - /* Invoke VFS make connection hook - do this before the VFS_STAT call to allow - any filesystems needing user credentials to initialize themselves. */ + /* Invoke VFS make connection hook - do this before the VFS_STAT call + to allow any filesystems needing user credentials to initialize + themselves. */ if (SMB_VFS_CONNECT(conn, lp_servicename(snum), user) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); @@ -730,12 +754,17 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, check during individual operations. To match this behaviour I have disabled this chdir check (tridge) */ /* the alternative is just to check the directory exists */ - if ((ret = SMB_VFS_STAT(conn, conn->connectpath, &st)) != 0 || !S_ISDIR(st.st_mode)) { + if ((ret = SMB_VFS_STAT(conn, conn->connectpath, &st)) != 0 || + !S_ISDIR(st.st_mode)) { if (ret == 0 && !S_ISDIR(st.st_mode)) { - DEBUG(0,("'%s' is not a directory, when connecting to [%s]\n", conn->connectpath, lp_servicename(snum))); + DEBUG(0,("'%s' is not a directory, when connecting to " + "[%s]\n", conn->connectpath, + lp_servicename(snum))); } else { - DEBUG(0,("'%s' does not exist or permission denied when connecting to [%s] " - "Error was %s\n", conn->connectpath, lp_servicename(snum), strerror(errno) )); + DEBUG(0,("'%s' does not exist or permission denied " + "when connecting to [%s] Error was %s\n", + conn->connectpath, lp_servicename(snum), + strerror(errno) )); } change_to_root_user(); /* Call VFS disconnect hook */ @@ -766,7 +795,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) { - dbgtext( "%s (%s) ", get_remote_machine_name(), conn->client_address ); + dbgtext( "%s (%s) ", get_remote_machine_name(), + conn->client_address ); dbgtext( "%s", srv_is_signing_active() ? "signed " : ""); dbgtext( "connect to service %s ", lp_servicename(snum) ); dbgtext( "initially as user %s ", user ); @@ -784,8 +814,10 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, vfs_chdir() **************************************************************************************/ -connection_struct *make_connection_with_chdir(const char *service_in, DATA_BLOB password, - const char *dev, uint16 vuid, NTSTATUS *status) +connection_struct *make_connection_with_chdir(const char *service_in, + DATA_BLOB password, + const char *dev, uint16 vuid, + NTSTATUS *status) { connection_struct *conn = NULL; @@ -797,7 +829,8 @@ connection_struct *make_connection_with_chdir(const char *service_in, DATA_BLOB */ if ( conn && vfs_ChDir(conn,conn->connectpath) != 0 ) { - DEBUG(0,("move_driver_to_download_area: Can't change directory to %s for [print$] (%s)\n", + DEBUG(0,("move_driver_to_download_area: Can't change " + "directory to %s for [print$] (%s)\n", conn->connectpath,strerror(errno))); yield_connection(conn, lp_servicename(SNUM(conn))); conn_free(conn); @@ -815,7 +848,8 @@ connection_struct *make_connection_with_chdir(const char *service_in, DATA_BLOB ****************************************************************************/ connection_struct *make_connection(const char *service_in, DATA_BLOB password, - const char *pdev, uint16 vuid, NTSTATUS *status) + const char *pdev, uint16 vuid, + NTSTATUS *status) { uid_t euid; user_struct *vuser = NULL; @@ -825,43 +859,52 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, fstrcpy(dev, pdev); - /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */ + /* This must ONLY BE CALLED AS ROOT. As it exits this function as + * root. */ if (!non_root_mode() && (euid = geteuid()) != 0) { - DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot (%u)\n", (unsigned int)euid )); + DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot " + "(%u)\n", (unsigned int)euid )); smb_panic("make_connection: PANIC ERROR. Called as nonroot\n"); } if(lp_security() != SEC_SHARE) { vuser = get_valid_user_struct(vuid); if (!vuser) { - DEBUG(1,("make_connection: refusing to connect with no session setup\n")); + DEBUG(1,("make_connection: refusing to connect with " + "no session setup\n")); *status = NT_STATUS_ACCESS_DENIED; return NULL; } } - /* Logic to try and connect to the correct [homes] share, preferably without too many - getpwnam() lookups. This is particulary nasty for winbind usernames, where the - share name isn't the same as unix username. + /* Logic to try and connect to the correct [homes] share, preferably + without too many getpwnam() lookups. This is particulary nasty for + winbind usernames, where the share name isn't the same as unix + username. - The snum of the homes share is stored on the vuser at session setup time. + The snum of the homes share is stored on the vuser at session setup + time. */ if (strequal(service_in,HOMES_NAME)) { if(lp_security() != SEC_SHARE) { DATA_BLOB no_pw = data_blob(NULL, 0); if (vuser->homes_snum == -1) { - DEBUG(2, ("[homes] share not available for this user because it was not found or created at session setup time\n")); + DEBUG(2, ("[homes] share not available for " + "this user because it was not found " + "or created at session setup " + "time\n")); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } - DEBUG(5, ("making a connection to [homes] service created at session setup time\n")); + DEBUG(5, ("making a connection to [homes] service " + "created at session setup time\n")); return make_connection_snum(vuser->homes_snum, vuser, no_pw, dev, status); } else { - /* Security = share. Try with current_user_info.smb_name - * as the username. */ + /* Security = share. Try with + * current_user_info.smb_name as the username. */ if (*current_user_info.smb_name) { fstring unix_username; fstrcpy(unix_username, @@ -870,16 +913,20 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, snum = find_service(unix_username); } if (snum != -1) { - DEBUG(5, ("making a connection to 'homes' service %s based on security=share\n", service_in)); + DEBUG(5, ("making a connection to 'homes' " + "service %s based on " + "security=share\n", service_in)); return make_connection_snum(snum, NULL, password, dev, status); } } } else if ((lp_security() != SEC_SHARE) && (vuser->homes_snum != -1) - && strequal(service_in, lp_servicename(vuser->homes_snum))) { + && strequal(service_in, + lp_servicename(vuser->homes_snum))) { DATA_BLOB no_pw = data_blob(NULL, 0); - DEBUG(5, ("making a connection to 'homes' service [%s] created at session setup time\n", service_in)); + DEBUG(5, ("making a connection to 'homes' service [%s] " + "created at session setup time\n", service_in)); return make_connection_snum(vuser->homes_snum, vuser, no_pw, dev, status); @@ -893,7 +940,8 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, if (snum < 0) { if (strequal(service,"IPC$") - || (lp_enable_asu_support() && strequal(service,"ADMIN$"))) + || (lp_enable_asu_support() && + strequal(service,"ADMIN$"))) { DEBUG(3,("refusing IPC connection to %s\n", service)); *status = NT_STATUS_ACCESS_DENIED; @@ -908,7 +956,8 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, /* Handle non-Dfs clients attempting connections to msdfs proxy */ if (lp_host_msdfs() && (*lp_msdfs_proxy(snum) != '\0')) { - DEBUG(3, ("refusing connection to dfs proxy share '%s' (pointing to %s)\n", + DEBUG(3, ("refusing connection to dfs proxy share '%s' " + "(pointing to %s)\n", service, lp_msdfs_proxy(snum))); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; @@ -937,7 +986,8 @@ void close_cnum(connection_struct *conn, uint16 vuid) change_to_root_user(); DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n", - get_remote_machine_name(),conn->client_address, + get_remote_machine_name(), + conn->client_address, lp_servicename(SNUM(conn)))); /* Call VFS disconnect hook */ -- cgit From f2c8291791a557889fcdaa4dbcf7d2312e835033 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 17 Dec 2005 17:19:21 +0000 Subject: r12308: Reformatting (This used to be commit 97acfa12e52e889c97d0f7ce72c1a7f863cb0665) --- source3/smbd/service.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c5fba5b50e..fb9dbf0489 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -939,10 +939,8 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, snum = find_service(service); if (snum < 0) { - if (strequal(service,"IPC$") - || (lp_enable_asu_support() && - strequal(service,"ADMIN$"))) - { + if (strequal(service,"IPC$") || + (lp_enable_asu_support() && strequal(service,"ADMIN$"))) { DEBUG(3,("refusing IPC connection to %s\n", service)); *status = NT_STATUS_ACCESS_DENIED; return NULL; -- cgit From b3109006c5b273e5960d71b25787f23bf62ec17f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 23 Jan 2006 23:19:31 +0000 Subject: r13095: Fix warnings assigning int to a size_t. Jeremy. (This used to be commit 1ca4abffd04bcc46b61acdc12444f3e2aad0afed) --- source3/smbd/service.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index fb9dbf0489..7640559d53 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -592,6 +592,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } if (conn->force_user || conn->force_group) { + int ngroups = 0; /* groups stuff added by ih */ conn->ngroups = 0; @@ -600,7 +601,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* Find all the groups this uid is in and store them. Used by change_to_user() */ initialise_groups(conn->user, conn->uid, conn->gid); - get_current_groups(conn->gid, &conn->ngroups,&conn->groups); + get_current_groups(conn->gid, &ngroups, &conn->groups); + conn->ngroups = ngroups; conn->nt_user_token = create_nt_token(conn->uid, conn->gid, -- cgit From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/smbd/service.c | 287 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 206 insertions(+), 81 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 7640559d53..cf0116cc09 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -299,6 +299,13 @@ int find_service(fstring service) } } + /* Is it a usershare service ? */ + if (iService < 0 && *lp_usershare_path()) { + /* Ensure the name is canonicalized. */ + strlower_m(service); + iService = load_usershare_service(service); + } + if (iService >= 0) { if (!VALID_SNUM(iService)) { DEBUG(0,("Invalid snum %d for %s\n",iService, service)); @@ -359,6 +366,131 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) return NT_STATUS_OK; } +static NTSTATUS find_forced_user(int snum, BOOL vuser_is_guest, + uid_t *uid, gid_t *gid, fstring username, + struct nt_user_token **token) +{ + TALLOC_CTX *mem_ctx; + char *fuser, *found_username; + NTSTATUS result; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + DEBUG(0, ("talloc_new failed\n")); + return NT_STATUS_NO_MEMORY; + } + + fuser = talloc_string_sub(mem_ctx, lp_force_user(snum), "%S", + lp_servicename(snum)); + if (fuser == NULL) { + result = NT_STATUS_NO_MEMORY; + goto done; + } + + result = create_token_from_username(mem_ctx, fuser, vuser_is_guest, + uid, gid, &found_username, + token); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + talloc_steal(NULL, *token); + fstrcpy(username, found_username); + + result = NT_STATUS_OK; + done: + talloc_free(mem_ctx); + return result; +} + +/* + * Go through lookup_name etc to find the force'd group. + * + * Create a new token from src_token, replacing the primary group sid with the + * one found. + */ + +static NTSTATUS find_forced_group(BOOL force_user, + int snum, const char *username, + DOM_SID *pgroup_sid, + gid_t *pgid) +{ + NTSTATUS result = NT_STATUS_NO_SUCH_GROUP; + TALLOC_CTX *mem_ctx; + DOM_SID group_sid; + enum SID_NAME_USE type; + char *groupname; + BOOL user_must_be_member = False; + gid_t gid; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + DEBUG(0, ("talloc_new failed\n")); + return NT_STATUS_NO_MEMORY; + } + + groupname = talloc_strdup(mem_ctx, lp_force_group(snum)); + if (groupname == NULL) { + DEBUG(1, ("talloc_strdup failed\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + + if (groupname[0] == '+') { + user_must_be_member = True; + groupname += 1; + } + + groupname = talloc_string_sub(mem_ctx, groupname, + "%S", lp_servicename(snum)); + + if (!lookup_name(mem_ctx, groupname, + LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP, + NULL, NULL, &group_sid, &type)) { + DEBUG(10, ("lookup_name(%s) failed\n", + groupname)); + goto done; + } + + if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) && + (type != SID_NAME_WKN_GRP)) { + DEBUG(10, ("%s is a %s, not a group\n", groupname, + sid_type_lookup(type))); + goto done; + } + + if (!sid_to_gid(&group_sid, &gid)) { + DEBUG(10, ("sid_to_gid(%s) for %s failed\n", + sid_string_static(&group_sid), groupname)); + goto done; + } + + /* + * If the user has been forced and the forced group starts with a '+', + * then we only set the group to be the forced group if the forced + * user is a member of that group. Otherwise, the meaning of the '+' + * would be ignored. + */ + + if (force_user && user_must_be_member) { + if (user_in_group(username, groupname)) { + sid_copy(pgroup_sid, &group_sid); + *pgid = gid; + DEBUG(3,("Forced group %s for member %s\n", + groupname, username)); + } + } else { + sid_copy(pgroup_sid, &group_sid); + *pgid = gid; + DEBUG(3,("Forced group %s\n", groupname)); + } + + result = NT_STATUS_OK; + done: + talloc_free(mem_ctx); + return result; +} + /**************************************************************************** Make a connection, given the snum to connect to, and the vuser of the connecting user if appropriate. @@ -395,7 +527,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (lp_guest_only(snum)) { const char *guestname = lp_guestaccount(); guest = True; - pass = getpwnam_alloc(guestname); + pass = getpwnam_alloc(NULL, guestname); if (!pass) { DEBUG(0,("make_connection_snum: Invalid guest " "account %s??\n",guestname)); @@ -408,7 +540,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->uid = pass->pw_uid; conn->gid = pass->pw_gid; string_set(&conn->user,pass->pw_name); - passwd_free(&pass); + talloc_free(pass); DEBUG(3,("Guest only user %s\n",user)); } else if (vuser) { if (vuser->guest) { @@ -421,8 +553,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } } else { - if (!user_ok(vuser->user.unix_name, snum, - vuser->groups, vuser->n_groups)) { + if (!user_ok_token(vuser->user.unix_name, + vuser->nt_user_token, snum)) { DEBUG(2, ("user '%s' (from session setup) not " "permitted to access this share " "(%s)\n", vuser->user.unix_name, @@ -501,86 +633,98 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->admin_user = False; /* - * If force user is true, then store the - * given userid and also the groups - * of the user we're forcing. + * If force user is true, then store the given userid and the gid of + * the user we're forcing. + * For auxiliary groups see below. */ if (*lp_force_user(snum)) { - struct passwd *pass2; - pstring fuser; - pstrcpy(fuser,lp_force_user(snum)); - - /* Allow %S to be used by force user. */ - pstring_sub(fuser,"%S",lp_servicename(snum)); - - pass2 = (struct passwd *)Get_Pwnam(fuser); - if (pass2) { - conn->uid = pass2->pw_uid; - conn->gid = pass2->pw_gid; - string_set(&conn->user,pass2->pw_name); - fstrcpy(user,pass2->pw_name); - conn->force_user = True; - DEBUG(3,("Forced user %s\n",user)); - } else { - DEBUG(1,("Couldn't find user %s\n",fuser)); + NTSTATUS status2; + + status2 = find_forced_user(snum, + (vuser != NULL) && vuser->guest, + &conn->uid, &conn->gid, user, + &conn->nt_user_token); + if (!NT_STATUS_IS_OK(status2)) { conn_free(conn); - *status = NT_STATUS_NO_SUCH_USER; + *status = status2; return NULL; } + string_set(&conn->user,user); + conn->force_user = True; + DEBUG(3,("Forced user %s\n",user)); } -#ifdef HAVE_GETGRNAM /* * If force group is true, then override * any groupid stored for the connecting user. */ if (*lp_force_group(snum)) { - gid_t gid; - pstring gname; - pstring tmp_gname; - BOOL user_must_be_member = False; - - pstrcpy(tmp_gname,lp_force_group(snum)); - - if (tmp_gname[0] == '+') { - user_must_be_member = True; - /* even now, tmp_gname is null terminated */ - pstrcpy(gname,&tmp_gname[1]); - } else { - pstrcpy(gname,tmp_gname); - } - /* default service may be a group name */ - pstring_sub(gname,"%S",lp_servicename(snum)); - gid = nametogid(gname); - - if (gid == (gid_t)-1) { - DEBUG(1,("Couldn't find group %s\n",gname)); + NTSTATUS status2; + DOM_SID group_sid; + + status2 = find_forced_group(conn->force_user, + snum, user, + &group_sid, &conn->gid); + if (!NT_STATUS_IS_OK(status2)) { conn_free(conn); - *status = NT_STATUS_NO_SUCH_GROUP; + *status = status2; return NULL; } - /* - * If the user has been forced and the forced group starts - * with a '+', then we only set the group to be the forced - * group if the forced user is a member of that group. - * Otherwise, the meaning of the '+' would be ignored. - */ - if (conn->force_user && user_must_be_member) { - if (user_in_group_list( user, gname, NULL, 0)) { - conn->gid = gid; - DEBUG(3,("Forced group %s for member %s\n", - gname,user)); + if ((conn->nt_user_token == NULL) && (vuser != NULL)) { + + /* Not force user and not security=share, but force + * group. vuser has a token to copy */ + + conn->nt_user_token = dup_nt_token( + NULL, vuser->nt_user_token); + if (conn->nt_user_token == NULL) { + DEBUG(0, ("dup_nt_token failed\n")); + conn_free(conn); + *status = NT_STATUS_NO_MEMORY; + return NULL; } - } else { - conn->gid = gid; - DEBUG(3,("Forced group %s\n",gname)); + } + + /* If conn->nt_user_token is still NULL, we have + * security=share. This means ignore the SID, as we had no + * vuser to copy from */ + + if (conn->nt_user_token != NULL) { + /* Overwrite the primary group sid */ + sid_copy(&conn->nt_user_token->user_sids[1], + &group_sid); + } conn->force_group = True; } -#endif /* HAVE_GETGRNAM */ + + if (conn->nt_user_token != NULL) { + size_t i; + + /* We have a share-specific token from force [user|group]. + * This means we have to create the list of unix groups from + * the list of sids. */ + + conn->ngroups = 0; + conn->groups = NULL; + + for (i=0; int_user_token->num_sids; i++) { + gid_t gid; + DOM_SID *sid = &conn->nt_user_token->user_sids[i]; + + if (!sid_to_gid(sid, &gid)) { + DEBUG(10, ("Could not convert SID %s to gid, " + "ignoring it\n", + sid_string_static(sid))); + continue; + } + add_gid_to_array_unique(NULL, gid, &conn->groups, + &conn->ngroups); + } + } { pstring s; @@ -591,25 +735,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, lp_servicename(snum))); } - if (conn->force_user || conn->force_group) { - int ngroups = 0; - - /* groups stuff added by ih */ - conn->ngroups = 0; - conn->groups = NULL; - - /* Find all the groups this uid is in and - store them. Used by change_to_user() */ - initialise_groups(conn->user, conn->uid, conn->gid); - get_current_groups(conn->gid, &ngroups, &conn->groups); - conn->ngroups = ngroups; - - conn->nt_user_token = - create_nt_token(conn->uid, conn->gid, - conn->ngroups, conn->groups, - guest); - } - /* * New code to check if there's a share security descripter * added from NT server manager. This is done after the -- cgit From 301d51e13a1aa4e633e2da161b0dd260a8a499cd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 13 Feb 2006 17:08:25 +0000 Subject: r13494: Merge the stuff I've done in head the last days. Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index cf0116cc09..0fce677ea9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -473,7 +473,7 @@ static NTSTATUS find_forced_group(BOOL force_user, */ if (force_user && user_must_be_member) { - if (user_in_group(username, groupname)) { + if (user_in_group_sid(username, &group_sid)) { sid_copy(pgroup_sid, &group_sid); *pgid = gid; DEBUG(3,("Forced group %s for member %s\n", -- cgit From fb5362c069b5b6548478b2217a0519c56d856705 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 20 Feb 2006 17:59:58 +0000 Subject: r13571: Replace all calls to talloc_free() with thye TALLOC_FREE() macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2) --- source3/smbd/service.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0fce677ea9..5c4974329c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -399,7 +399,7 @@ static NTSTATUS find_forced_user(int snum, BOOL vuser_is_guest, result = NT_STATUS_OK; done: - talloc_free(mem_ctx); + TALLOC_FREE(mem_ctx); return result; } @@ -487,7 +487,7 @@ static NTSTATUS find_forced_group(BOOL force_user, result = NT_STATUS_OK; done: - talloc_free(mem_ctx); + TALLOC_FREE(mem_ctx); return result; } @@ -540,7 +540,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->uid = pass->pw_uid; conn->gid = pass->pw_gid; string_set(&conn->user,pass->pw_name); - talloc_free(pass); + TALLOC_FREE(pass); DEBUG(3,("Guest only user %s\n",user)); } else if (vuser) { if (vuser->guest) { -- cgit From 010c725b36feb1a234dce9f40b95ae5869058698 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 15 Apr 2006 04:07:10 +0000 Subject: r15088: Remove all time() and gettimeofday() calls out of the mainline packet processing code. Only do these when needed (ie. in the idle timeout code). We drop an unneccessary global here too. Jeremy. (This used to be commit 8272a5ab0605fcf95527143c4f909aa1008e5b94) --- source3/smbd/service.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 5c4974329c..ba87d0743d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -20,7 +20,6 @@ #include "includes.h" -extern struct timeval smb_last_time; extern userdom_struct current_user_info; /**************************************************************************** @@ -140,7 +139,7 @@ BOOL set_current_service(connection_struct *conn, uint16 flags, BOOL do_chdir) return(False); } - conn->lastused = smb_last_time.tv_sec; + conn->lastused_count++; snum = SNUM(conn); @@ -601,7 +600,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, safe_strcpy(conn->client_address, client_addr(), sizeof(conn->client_address)-1); conn->num_files_open = 0; - conn->lastused = time(NULL); + conn->lastused = conn->lastused_count = time(NULL); conn->service = snum; conn->used = True; conn->printer = (strncmp(dev,"LPT",3) == 0); -- cgit From 2602e5fab165d426e3a87e0cdcf8f7c67596e501 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 12 May 2006 23:10:01 +0000 Subject: r15555: Make "change notify timeout" a per-share parameter - used when there's no kernel or FAM change notify. If set to zero this will turn off change notify for the share except when we ourselves change something (renames / deletes etc. ). Designed to help on large directory shares where a new changenotify is issued between each delete. This will be fixed correctly when we move to internal change notify (eg. back-port Samba4 changenotify). Jeremy. (This used to be commit 5a17bffbcd5082fde79c241468a0ff2b5903d540) --- source3/smbd/service.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ba87d0743d..7ca2380e0d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -930,6 +930,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, dbgtext( "(pid %d)\n", (int)sys_getpid() ); } + /* Setup the minimum value for a change notify wait time (seconds). */ + set_change_notify_timeout(lp_change_notify_timeout(snum)); + /* we've finished with the user stuff - go back to root */ change_to_root_user(); return(conn); -- cgit From 75d2304643c6935c0705b1a8ae2ea73a527f2f97 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 14 May 2006 15:24:14 +0000 Subject: r15601: Fix segfaults with 'security=share' and 'guest only = yes' Volker (This used to be commit ea7cced6bcb3cb7d817e4cb072774692e4afedb0) --- source3/smbd/service.c | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 7ca2380e0d..cb9bfcc27a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -523,8 +523,12 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } + conn->nt_user_token = NULL; + if (lp_guest_only(snum)) { const char *guestname = lp_guestaccount(); + NTSTATUS status2; + char *found_username; guest = True; pass = getpwnam_alloc(NULL, guestname); if (!pass) { @@ -534,11 +538,18 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *status = NT_STATUS_NO_SUCH_USER; return NULL; } - fstrcpy(user,pass->pw_name); + status2 = create_token_from_username(NULL, pass->pw_name, True, + &conn->uid, &conn->gid, + &found_username, + &conn->nt_user_token); + if (!NT_STATUS_IS_OK(status2)) { + conn_free(conn); + *status = status2; + return NULL; + } + fstrcpy(user, found_username); + string_set(&conn->user,user); conn->force_user = True; - conn->uid = pass->pw_uid; - conn->gid = pass->pw_gid; - string_set(&conn->user,pass->pw_name); TALLOC_FREE(pass); DEBUG(3,("Guest only user %s\n",user)); } else if (vuser) { @@ -570,6 +581,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, fstrcpy(user,vuser->user.unix_name); guest = vuser->guest; } else if (lp_security() == SEC_SHARE) { + NTSTATUS status2; + char *found_username; /* add it as a possible user name if we are in share mode security */ add_session_user(lp_servicename(snum)); @@ -582,12 +595,18 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } pass = Get_Pwnam(user); + status2 = create_token_from_username(NULL, pass->pw_name, True, + &conn->uid, &conn->gid, + &found_username, + &conn->nt_user_token); + if (!NT_STATUS_IS_OK(status2)) { + conn_free(conn); + *status = status2; + return NULL; + } + fstrcpy(user, found_username); + string_set(&conn->user,user); conn->force_user = True; - conn->uid = pass->pw_uid; - conn->gid = pass->pw_gid; - string_set(&conn->user, pass->pw_name); - fstrcpy(user, pass->pw_name); - } else { DEBUG(0, ("invalid VUID (vuser) but not in security=share\n")); conn_free(conn); @@ -626,7 +645,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->aio_write_behind_list = NULL; string_set(&conn->dirpath,""); string_set(&conn->user,user); - conn->nt_user_token = NULL; conn->read_only = lp_readonly(conn->service); conn->admin_user = False; -- cgit From fbdcf2663b56007a438ac4f0d8d82436b1bfe688 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Jul 2006 18:01:26 +0000 Subject: r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8) --- source3/smbd/service.c | 63 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 43 insertions(+), 20 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index cb9bfcc27a..9dcb8a354f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -371,35 +371,38 @@ static NTSTATUS find_forced_user(int snum, BOOL vuser_is_guest, { TALLOC_CTX *mem_ctx; char *fuser, *found_username; + struct nt_user_token *tmp_token; NTSTATUS result; - mem_ctx = talloc_new(NULL); - if (mem_ctx == NULL) { + if (!(mem_ctx = talloc_new(NULL))) { DEBUG(0, ("talloc_new failed\n")); return NT_STATUS_NO_MEMORY; } - fuser = talloc_string_sub(mem_ctx, lp_force_user(snum), "%S", - lp_servicename(snum)); - if (fuser == NULL) { - result = NT_STATUS_NO_MEMORY; - goto done; + if (!(fuser = talloc_string_sub(mem_ctx, lp_force_user(snum), "%S", + lp_servicename(snum)))) { + TALLOC_FREE(mem_ctx); + return NT_STATUS_NO_MEMORY; + } result = create_token_from_username(mem_ctx, fuser, vuser_is_guest, uid, gid, &found_username, - token); + &tmp_token); if (!NT_STATUS_IS_OK(result)) { - goto done; + TALLOC_FREE(mem_ctx); + return result; + } + + if (!(*token = dup_nt_token(NULL, tmp_token))) { + TALLOC_FREE(mem_ctx); + return NT_STATUS_NO_MEMORY; } - talloc_steal(NULL, *token); fstrcpy(username, found_username); - result = NT_STATUS_OK; - done: TALLOC_FREE(mem_ctx); - return result; + return NT_STATUS_OK; } /* @@ -620,7 +623,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, sizeof(conn->client_address)-1); conn->num_files_open = 0; conn->lastused = conn->lastused_count = time(NULL); - conn->service = snum; + conn->params->service = snum; conn->used = True; conn->printer = (strncmp(dev,"LPT",3) == 0); conn->ipc = ( (strncmp(dev,"IPC",3) == 0) || @@ -646,7 +649,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, string_set(&conn->dirpath,""); string_set(&conn->user,user); - conn->read_only = lp_readonly(conn->service); + conn->read_only = lp_readonly(SNUM(conn)); conn->admin_user = False; /* @@ -746,7 +749,11 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, { pstring s; pstrcpy(s,lp_pathname(snum)); - standard_sub_conn(conn,s,sizeof(s)); + standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user, + conn->connectpath, conn->gid, + get_current_username(), + current_user_info.domain, + s, sizeof(s)); set_conn_connectpath(conn,s); DEBUG(3,("Connect path is '%s' for service [%s]\n",s, lp_servicename(snum))); @@ -821,7 +828,11 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (*lp_rootpreexec(snum)) { pstring cmd; pstrcpy(cmd,lp_rootpreexec(snum)); - standard_sub_conn(conn,cmd,sizeof(cmd)); + standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user, + conn->connectpath, conn->gid, + get_current_username(), + current_user_info.domain, + cmd, sizeof(cmd)); DEBUG(5,("cmd=%s\n",cmd)); ret = smbrun(cmd,NULL); if (ret != 0 && lp_rootpreexec_close(snum)) { @@ -854,7 +865,11 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (*lp_preexec(snum)) { pstring cmd; pstrcpy(cmd,lp_preexec(snum)); - standard_sub_conn(conn,cmd,sizeof(cmd)); + standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user, + conn->connectpath, conn->gid, + get_current_username(), + current_user_info.domain, + cmd, sizeof(cmd)); ret = smbrun(cmd,NULL); if (ret != 0 && lp_preexec_close(snum)) { DEBUG(1,("preexec gave %d - failing connection\n", @@ -1148,7 +1163,11 @@ void close_cnum(connection_struct *conn, uint16 vuid) change_to_user(conn, vuid)) { pstring cmd; pstrcpy(cmd,lp_postexec(SNUM(conn))); - standard_sub_conn(conn,cmd,sizeof(cmd)); + standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user, + conn->connectpath, conn->gid, + get_current_username(), + current_user_info.domain, + cmd, sizeof(cmd)); smbrun(cmd,NULL); change_to_root_user(); } @@ -1158,7 +1177,11 @@ void close_cnum(connection_struct *conn, uint16 vuid) if (*lp_rootpostexec(SNUM(conn))) { pstring cmd; pstrcpy(cmd,lp_rootpostexec(SNUM(conn))); - standard_sub_conn(conn,cmd,sizeof(cmd)); + standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user, + conn->connectpath, conn->gid, + get_current_username(), + current_user_info.domain, + cmd, sizeof(cmd)); smbrun(cmd,NULL); } -- cgit From 283b74fce595642fb2e2a2fad87c2de9c3bc5403 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 17 Jul 2006 19:50:59 +0000 Subject: r17096: Simplify share_access_check a bit: It takes the sharename instead of the snum, and the decision which token to use (conn or vuser) does not really belong here, it is better done in the two places where this is called. Volker (This used to be commit 0a138888adf7a0f04a38cd911e797e1a379e908b) --- source3/smbd/service.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 9dcb8a354f..395114592a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -767,11 +767,16 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ { - BOOL can_write = share_access_check(conn, snum, vuser, + NT_USER_TOKEN *token = conn->nt_user_token ? + conn->nt_user_token : vuser->nt_user_token; + + BOOL can_write = share_access_check(token, + lp_servicename(snum), FILE_WRITE_DATA); if (!can_write) { - if (!share_access_check(conn, snum, vuser, + if (!share_access_check(token, + lp_servicename(snum), FILE_READ_DATA)) { /* No access, read or write. */ DEBUG(0,("make_connection: connection to %s " -- cgit From f8aa1c75f4961739863928392c8870c9c9a019d8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 4 Aug 2006 20:35:52 +0000 Subject: r17402: Added lookup_name_smbconf() to be called when looking up names from smb.conf. If the name is unqualified it causes the lookup to be done in WORKGROUP\name, then "Unix [users|groups]"\name rather than searching the domain. Should fix the problems with "force user" selecting a domain user by preference. Jeremy. (This used to be commit 1e1fcb5eb2ac4bd360461b29f85c07dbf460025d) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 395114592a..d0ad6fa7e6 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -446,10 +446,10 @@ static NTSTATUS find_forced_group(BOOL force_user, groupname = talloc_string_sub(mem_ctx, groupname, "%S", lp_servicename(snum)); - if (!lookup_name(mem_ctx, groupname, + if (!lookup_name_smbconf(mem_ctx, groupname, LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP, NULL, NULL, &group_sid, &type)) { - DEBUG(10, ("lookup_name(%s) failed\n", + DEBUG(10, ("lookup_name_smbconf(%s) failed\n", groupname)); goto done; } -- cgit From 2b27c93a9a8471693d7dcb5fdbe8afe65b22ff66 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 8 Sep 2006 14:28:06 +0000 Subject: r18271: Big change: * autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index d0ad6fa7e6..734feef4f7 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -420,7 +420,7 @@ static NTSTATUS find_forced_group(BOOL force_user, NTSTATUS result = NT_STATUS_NO_SUCH_GROUP; TALLOC_CTX *mem_ctx; DOM_SID group_sid; - enum SID_NAME_USE type; + enum lsa_SidType type; char *groupname; BOOL user_must_be_member = False; gid_t gid; -- cgit From f18c9365caaad75c0f4c9e26b89327a75cfcb3e6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 21 Sep 2006 17:00:07 +0000 Subject: r18787: Fix the strlen_m and strlen_m_term code by merging in (and using elsewhere) next_codepoint from Samba4. Jerry please test. Jeremy. (This used to be commit ece00b70a4621633f1ac9e576c4bbe332031de09) --- source3/smbd/service.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 734feef4f7..9c341f19fd 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -95,13 +95,22 @@ void set_conn_connectpath(connection_struct *conn, const pstring connectpath) if (!(*s & 0x80)) { *d++ = *s++; } else { - switch(next_mb_char_size(s)) { + size_t siz; + /* Get the size of the next MB character. */ + next_codepoint(s,&siz); + switch(siz) { + case 5: + *d++ = *s++; + /*fall through*/ case 4: *d++ = *s++; + /*fall through*/ case 3: *d++ = *s++; + /*fall through*/ case 2: *d++ = *s++; + /*fall through*/ case 1: *d++ = *s++; break; -- cgit From 81014d255e488da3807abe75f067042f976fc50d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 29 Sep 2006 12:47:00 +0000 Subject: r19000: Merge the max tcon check from 3_0_23. Thanks to James Peach that this was not done in the 3_0 tree. Volker (This used to be commit b2fbf5ac0ca38577957e8e7ddb176dd3499de213) --- source3/smbd/service.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 9c341f19fd..29f26c0302 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1043,6 +1043,11 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, smb_panic("make_connection: PANIC ERROR. Called as nonroot\n"); } + if (conn_num_open() > 2047) { + *status = NT_STATUS_INSUFF_SERVER_RESOURCES; + return NULL; + } + if(lp_security() != SEC_SHARE) { vuser = get_valid_user_struct(vuid); if (!vuser) { -- cgit From d988af921de131a05490f1eaa92dd33d36501580 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 14 Nov 2006 20:21:23 +0000 Subject: r19705: Fix blocker bug for 3.0.23d - find_forced_group could return an uninitialized sid. Jeremy. (This used to be commit 57c60103e7dd8f9907bc2954369ea8db8b3b69ff) --- source3/smbd/service.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 29f26c0302..60ba85ab65 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -434,6 +434,9 @@ static NTSTATUS find_forced_group(BOOL force_user, BOOL user_must_be_member = False; gid_t gid; + ZERO_STRUCTP(pgroup_sid); + *pgid = (gid_t)-1; + mem_ctx = talloc_new(NULL); if (mem_ctx == NULL) { DEBUG(0, ("talloc_new failed\n")); @@ -489,6 +492,12 @@ static NTSTATUS find_forced_group(BOOL force_user, *pgid = gid; DEBUG(3,("Forced group %s for member %s\n", groupname, username)); + } else { + DEBUG(0,("find_forced_group: forced user %s is not a member " + "of forced group %s. Disallowing access.\n", + username, groupname )); + result = NT_STATUS_MEMBER_NOT_IN_GROUP; + goto done; } } else { sid_copy(pgroup_sid, &group_sid); -- cgit From 575845ccbeb2acc5dcb5133b80fd19b1d80169f2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 30 Nov 2006 07:38:40 +0000 Subject: r19963: Add 'registry shares = yes' and registry key security descriptors. (This used to be commit 6cab254c49e07b11c170511ec613f0f33914c3e6) --- source3/smbd/service.c | 113 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 60ba85ab65..e63bc01a7d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -229,6 +229,115 @@ int add_home_service(const char *service, const char *username, const char *home } +static int load_registry_service(const char *servicename) +{ + REGISTRY_KEY *key; + char *path; + WERROR err; + NTSTATUS status; + + uint32 i, num_values; + char **value_names; + struct registry_value **values = NULL; + + int res; + + if (!lp_registry_shares()) { + return -1; + } + + if (asprintf(&path, "%s\\%s", KEY_SMBCONF, servicename) == -1) { + return -1; + } + + err = regkey_open_internal(NULL, NULL, &key, path, get_root_nt_token(), + REG_KEY_READ); + SAFE_FREE(path); + + if (!W_ERROR_IS_OK(err)) { + return -1; + } + + status = registry_fetch_values(NULL, key, &num_values, &value_names, + &values); + + TALLOC_FREE(key); + + if (!NT_STATUS_IS_OK(status)) { + goto error; + } + + res = lp_add_service(servicename, -1); + if (res == -1) { + goto error; + } + + for (i=0; itype) { + case REG_DWORD: { + char *val; + if (asprintf(&val, "%d", values[i]->v.dword) == -1) { + continue; + } + lp_do_parameter(res, value_names[i], val); + SAFE_FREE(val); + break; + } + case REG_SZ: { + lp_do_parameter(res, value_names[i], + values[i]->v.sz.str); + break; + } + default: + /* Ignore all the rest */ + break; + } + } + + TALLOC_FREE(value_names); + TALLOC_FREE(values); + return res; + + error: + + TALLOC_FREE(value_names); + TALLOC_FREE(values); + return -1; +} + +void load_registry_shares(void) +{ + REGISTRY_KEY *key; + REGSUBKEY_CTR *keys; + WERROR err; + int i; + + if (!lp_registry_shares()) { + return; + } + + if (!(keys = TALLOC_ZERO_P(NULL, REGSUBKEY_CTR))) { + goto done; + } + + err = regkey_open_internal(keys, NULL, &key, KEY_SMBCONF, + get_root_nt_token(), REG_KEY_READ); + if (!(W_ERROR_IS_OK(err))) { + goto done; + } + + if (fetch_reg_keys(key, keys) == -1) { + goto done; + } + + for (i=0; inum_subkeys; i++) { + load_registry_service(keys->subkeys[i]); + } + + done: + TALLOC_FREE(keys); + return; +} /** * Find a service entry. @@ -307,6 +416,10 @@ int find_service(fstring service) } } + if (iService < 0) { + iService = load_registry_service(service); + } + /* Is it a usershare service ? */ if (iService < 0 && *lp_usershare_path()) { /* Ensure the name is canonicalized. */ -- cgit From ecf90c495eb850cd6f376fb4e090640b69f0c029 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 1 Dec 2006 20:01:09 +0000 Subject: r19991: Sorry for this 2000-liner... The main thing here is a rewrite of srv_winreg_nt.c. The core functionality has moved to registry/reg_api.c which is then usable by the rest of Samba as well. On that way it fixes creating keys with more than one element in the path. This did not work before. Two things that sneaked in (sorry :-) is the change of some routines from NTSTATUS to WERROR the removed "parent" argument to regkey_open_internal. Volker (This used to be commit fea52801de8c7b85c578d200c599475680c5339f) --- source3/smbd/service.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index e63bc01a7d..048c0f00b1 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -234,7 +234,6 @@ static int load_registry_service(const char *servicename) REGISTRY_KEY *key; char *path; WERROR err; - NTSTATUS status; uint32 i, num_values; char **value_names; @@ -250,7 +249,7 @@ static int load_registry_service(const char *servicename) return -1; } - err = regkey_open_internal(NULL, NULL, &key, path, get_root_nt_token(), + err = regkey_open_internal(NULL, &key, path, get_root_nt_token(), REG_KEY_READ); SAFE_FREE(path); @@ -258,12 +257,12 @@ static int load_registry_service(const char *servicename) return -1; } - status = registry_fetch_values(NULL, key, &num_values, &value_names, - &values); + err = registry_fetch_values(NULL, key, &num_values, &value_names, + &values); TALLOC_FREE(key); - if (!NT_STATUS_IS_OK(status)) { + if (!W_ERROR_IS_OK(err)) { goto error; } @@ -320,7 +319,7 @@ void load_registry_shares(void) goto done; } - err = regkey_open_internal(keys, NULL, &key, KEY_SMBCONF, + err = regkey_open_internal(keys, &key, KEY_SMBCONF, get_root_nt_token(), REG_KEY_READ); if (!(W_ERROR_IS_OK(err))) { goto done; -- cgit From fc030c313f4ec93bceea460787484994b39af2dd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 2 Dec 2006 10:53:00 +0000 Subject: r20006: Convert the registry shares to use the new API (This used to be commit 66e889bbabde6dfd05df46937635a6d3e606cb27) --- source3/smbd/service.c | 79 ++++++++++++++++++++------------------------------ 1 file changed, 31 insertions(+), 48 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 048c0f00b1..5779ad1be9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -231,15 +231,15 @@ int add_home_service(const char *service, const char *username, const char *home static int load_registry_service(const char *servicename) { - REGISTRY_KEY *key; + struct registry_key *key; char *path; WERROR err; - uint32 i, num_values; - char **value_names; - struct registry_value **values = NULL; + uint32 i; + char *value_name; + struct registry_value *value; - int res; + int res = -1; if (!lp_registry_shares()) { return -1; @@ -249,65 +249,56 @@ static int load_registry_service(const char *servicename) return -1; } - err = regkey_open_internal(NULL, &key, path, get_root_nt_token(), - REG_KEY_READ); + err = reg_open_path(NULL, path, REG_KEY_READ, get_root_nt_token(), + &key); SAFE_FREE(path); if (!W_ERROR_IS_OK(err)) { return -1; } - err = registry_fetch_values(NULL, key, &num_values, &value_names, - &values); - - TALLOC_FREE(key); - - if (!W_ERROR_IS_OK(err)) { - goto error; - } - res = lp_add_service(servicename, -1); if (res == -1) { goto error; } - for (i=0; itype) { + for (i=0; + W_ERROR_IS_OK(reg_enumvalue(key, key, i, &value_name, &value)); + i++) { + switch (value->type) { case REG_DWORD: { - char *val; - if (asprintf(&val, "%d", values[i]->v.dword) == -1) { + char *tmp; + if (asprintf(&tmp, "%d", value->v.dword) == -1) { continue; } - lp_do_parameter(res, value_names[i], val); - SAFE_FREE(val); + lp_do_parameter(res, value_name, tmp); + SAFE_FREE(tmp); break; } case REG_SZ: { - lp_do_parameter(res, value_names[i], - values[i]->v.sz.str); + lp_do_parameter(res, value_name, value->v.sz.str); break; } default: /* Ignore all the rest */ break; } - } - TALLOC_FREE(value_names); - TALLOC_FREE(values); - return res; + TALLOC_FREE(value_name); + TALLOC_FREE(value); + } + res = 0; error: - TALLOC_FREE(value_names); - TALLOC_FREE(values); - return -1; + TALLOC_FREE(key); + return res; } void load_registry_shares(void) { - REGISTRY_KEY *key; - REGSUBKEY_CTR *keys; + struct registry_key *key; + char *name; WERROR err; int i; @@ -315,26 +306,18 @@ void load_registry_shares(void) return; } - if (!(keys = TALLOC_ZERO_P(NULL, REGSUBKEY_CTR))) { - goto done; - } - - err = regkey_open_internal(keys, &key, KEY_SMBCONF, - get_root_nt_token(), REG_KEY_READ); + err = reg_open_path(NULL, KEY_SMBCONF, REG_KEY_READ, + get_root_nt_token(), &key); if (!(W_ERROR_IS_OK(err))) { - goto done; - } - - if (fetch_reg_keys(key, keys) == -1) { - goto done; + return; } - for (i=0; inum_subkeys; i++) { - load_registry_service(keys->subkeys[i]); + for (i=0; W_ERROR_IS_OK(reg_enumkey(key, key, i, &name, NULL)); i++) { + load_registry_service(name); + TALLOC_FREE(name); } - done: - TALLOC_FREE(keys); + TALLOC_FREE(key); return; } -- cgit From 7299dc8b54079c42ded160e76e4f18b1eb24450a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 3 Dec 2006 15:34:52 +0000 Subject: r20014: Ouch.... "res" is not a flag here, it is the service number... (This used to be commit a4862f48d085d1f518389f86a410722e91449755) --- source3/smbd/service.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 5779ad1be9..c2dd062777 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -288,7 +288,6 @@ static int load_registry_service(const char *servicename) TALLOC_FREE(value); } - res = 0; error: TALLOC_FREE(key); -- cgit From 63609fbb04d2ce620338b4b79e7c1abf39f08ef8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 9 Dec 2006 02:58:18 +0000 Subject: r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24) --- source3/smbd/service.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c2dd062777..62d85cfdd9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -853,8 +853,13 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, sid_string_static(sid))); continue; } - add_gid_to_array_unique(NULL, gid, &conn->groups, - &conn->ngroups); + if (!add_gid_to_array_unique(NULL, gid, &conn->groups, + &conn->ngroups)) { + DEBUG(0, ("add_gid_to_array_unique failed\n")); + conn_free(conn); + *status = NT_STATUS_NO_MEMORY; + return NULL; + } } } -- cgit From af0f14e3a72756dfaff36e0106ae0f7eaac06633 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 9 Dec 2006 23:55:20 +0000 Subject: r20097: Ensure found_username is freed correctly when talloced on the null context. Jeremy. (This used to be commit 2c59c4dddceb9cb12848d7ee48257c5e93ea2667) --- source3/smbd/service.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 62d85cfdd9..08370b1c80 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -643,7 +643,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (lp_guest_only(snum)) { const char *guestname = lp_guestaccount(); NTSTATUS status2; - char *found_username; + char *found_username = NULL; + guest = True; pass = getpwnam_alloc(NULL, guestname); if (!pass) { @@ -658,6 +659,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, &found_username, &conn->nt_user_token); if (!NT_STATUS_IS_OK(status2)) { + TALLOC_FREE(found_username); conn_free(conn); *status = status2; return NULL; @@ -665,6 +667,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, fstrcpy(user, found_username); string_set(&conn->user,user); conn->force_user = True; + TALLOC_FREE(found_username); TALLOC_FREE(pass); DEBUG(3,("Guest only user %s\n",user)); } else if (vuser) { @@ -697,7 +700,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, guest = vuser->guest; } else if (lp_security() == SEC_SHARE) { NTSTATUS status2; - char *found_username; + char *found_username = NULL; /* add it as a possible user name if we are in share mode security */ add_session_user(lp_servicename(snum)); @@ -715,12 +718,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, &found_username, &conn->nt_user_token); if (!NT_STATUS_IS_OK(status2)) { + TALLOC_FREE(found_username); conn_free(conn); *status = status2; return NULL; } fstrcpy(user, found_username); string_set(&conn->user,user); + TALLOC_FREE(found_username); conn->force_user = True; } else { DEBUG(0, ("invalid VUID (vuser) but not in security=share\n")); -- cgit From 25d6eaae8d0d885add7e64b96df7a489328c6b0f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 10 Dec 2006 05:23:47 +0000 Subject: r20098: Properly fix issues with create_token_from_username() reported by James. Ensure that this function allocates everything on the temporary context except the return memory. Never call this with a null mem context, and now use conn->mem_ctx instead in smbd/service.c. Remove separate free functions for conn->ngroups and conn->nt_user_token as they are now always talloc'ed off the conn->mem_ctx. Future optimization will be to remove conn->mem_ctx and make all objects pointed to in the conn struct talloc'ed off conn itself. Easy to free then :-). Jeremy. (This used to be commit f83b6de44f1058811ff94ac72a8a71bd8e49e4e8) --- source3/smbd/service.c | 50 +++++++++++++++++--------------------------------- 1 file changed, 17 insertions(+), 33 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 08370b1c80..9b6743f76b 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -468,43 +468,28 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) return NT_STATUS_OK; } -static NTSTATUS find_forced_user(int snum, BOOL vuser_is_guest, - uid_t *uid, gid_t *gid, fstring username, - struct nt_user_token **token) +static NTSTATUS find_forced_user(connection_struct *conn, BOOL vuser_is_guest, fstring username) { - TALLOC_CTX *mem_ctx; + int snum = conn->params->service; char *fuser, *found_username; - struct nt_user_token *tmp_token; NTSTATUS result; - if (!(mem_ctx = talloc_new(NULL))) { - DEBUG(0, ("talloc_new failed\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!(fuser = talloc_string_sub(mem_ctx, lp_force_user(snum), "%S", + if (!(fuser = talloc_string_sub(conn->mem_ctx, lp_force_user(snum), "%S", lp_servicename(snum)))) { - TALLOC_FREE(mem_ctx); return NT_STATUS_NO_MEMORY; - } - result = create_token_from_username(mem_ctx, fuser, vuser_is_guest, - uid, gid, &found_username, - &tmp_token); + result = create_token_from_username(conn->mem_ctx, fuser, vuser_is_guest, + &conn->uid, &conn->gid, &found_username, + &conn->nt_user_token); if (!NT_STATUS_IS_OK(result)) { - TALLOC_FREE(mem_ctx); return result; } - if (!(*token = dup_nt_token(NULL, tmp_token))) { - TALLOC_FREE(mem_ctx); - return NT_STATUS_NO_MEMORY; - } - fstrcpy(username, found_username); - TALLOC_FREE(mem_ctx); + TALLOC_FREE(fuser); + TALLOC_FREE(found_username); return NT_STATUS_OK; } @@ -638,6 +623,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } + conn->params->service = snum; conn->nt_user_token = NULL; if (lp_guest_only(snum)) { @@ -654,12 +640,12 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *status = NT_STATUS_NO_SUCH_USER; return NULL; } - status2 = create_token_from_username(NULL, pass->pw_name, True, + status2 = create_token_from_username(conn->mem_ctx, pass->pw_name, True, &conn->uid, &conn->gid, &found_username, &conn->nt_user_token); if (!NT_STATUS_IS_OK(status2)) { - TALLOC_FREE(found_username); + TALLOC_FREE(pass); conn_free(conn); *status = status2; return NULL; @@ -701,6 +687,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } else if (lp_security() == SEC_SHARE) { NTSTATUS status2; char *found_username = NULL; + /* add it as a possible user name if we are in share mode security */ add_session_user(lp_servicename(snum)); @@ -713,12 +700,11 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } pass = Get_Pwnam(user); - status2 = create_token_from_username(NULL, pass->pw_name, True, + status2 = create_token_from_username(conn->mem_ctx, pass->pw_name, True, &conn->uid, &conn->gid, &found_username, &conn->nt_user_token); if (!NT_STATUS_IS_OK(status2)) { - TALLOC_FREE(found_username); conn_free(conn); *status = status2; return NULL; @@ -740,7 +726,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, sizeof(conn->client_address)-1); conn->num_files_open = 0; conn->lastused = conn->lastused_count = time(NULL); - conn->params->service = snum; conn->used = True; conn->printer = (strncmp(dev,"LPT",3) == 0); conn->ipc = ( (strncmp(dev,"IPC",3) == 0) || @@ -778,10 +763,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (*lp_force_user(snum)) { NTSTATUS status2; - status2 = find_forced_user(snum, - (vuser != NULL) && vuser->guest, - &conn->uid, &conn->gid, user, - &conn->nt_user_token); + status2 = find_forced_user(conn, + (vuser != NULL) && vuser->guest, + user); if (!NT_STATUS_IS_OK(status2)) { conn_free(conn); *status = status2; @@ -858,7 +842,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, sid_string_static(sid))); continue; } - if (!add_gid_to_array_unique(NULL, gid, &conn->groups, + if (!add_gid_to_array_unique(conn->mem_ctx, gid, &conn->groups, &conn->ngroups)) { DEBUG(0, ("add_gid_to_array_unique failed\n")); conn_free(conn); -- cgit From d5206610cd67f88e2cc7d5b2b434e320e81c29d5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 21 Jan 2007 11:49:00 +0000 Subject: r20931: This changes the notify infrastructure from a polling-based to an event-driven based approach. The only remaining hook into the backend is now void *(*notify_add)(TALLOC_CTX *mem_ctx, struct event_context *event_ctx, files_struct *fsp, uint32 *filter); (Should we put this through the VFS, so that others can more easily plug in?) The trick here is that the backend can pick filter bits that the main smbd should not handle anymore. Thanks to tridge for this idea. The backend can notify the main smbd process via void notify_fsp(files_struct *fsp, uint32 action, char *name); The core patch is not big, what makes this more than 1800 lines are the individual backends that are considerably changed but can be reviewed one by one. Based on this I'll continue with inotify now. Volker (This used to be commit 9cd6a8a82792b7b6967141565d043b6337836a5d) --- source3/smbd/service.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 9b6743f76b..9efe63a82c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1074,9 +1074,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, dbgtext( "(pid %d)\n", (int)sys_getpid() ); } - /* Setup the minimum value for a change notify wait time (seconds). */ - set_change_notify_timeout(lp_change_notify_timeout(snum)); - /* we've finished with the user stuff - go back to root */ change_to_root_user(); return(conn); -- cgit From 37a3339a1891f0189ff62891e6be85ace23efc33 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 31 Jan 2007 13:09:07 +0000 Subject: r21082: Make canonicalize_path static to service.c -- we do have conn->connectpath (This used to be commit 06f58096e3785d0e2e0b9f2053d4975e44568e15) --- source3/smbd/service.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 9efe63a82c..ff6f9d1c1a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -22,6 +22,31 @@ extern userdom_struct current_user_info; +BOOL canonicalize_path(connection_struct *conn, pstring path) +{ +#ifdef REALPATH_TAKES_NULL + char *resolved_name = SMB_VFS_REALPATH(conn,path,NULL); + if (!resolved_name) { + return False; + } + pstrcpy(path, resolved_name); + SAFE_FREE(resolved_name); + return True; +#else +#ifdef PATH_MAX + char resolved_name_buf[PATH_MAX+1]; +#else + pstring resolved_name_buf; +#endif + char *resolved_name = SMB_VFS_REALPATH(conn,path,resolved_name_buf); + if (!resolved_name) { + return False; + } + pstrcpy(path, resolved_name); + return True; +#endif /* REALPATH_TAKES_NULL */ +} + /**************************************************************************** Ensure when setting connectpath it is a canonicalized (no ./ // or ../) absolute path stating in / and not ending in /. -- cgit From b9af9646807373ba3264a4c44779c0b2eea68723 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 31 Jan 2007 13:12:38 +0000 Subject: r21083: Actually make it static... :-) (This used to be commit 65f473d22bd8f3b04becfc0be369758898fdadb6) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ff6f9d1c1a..b5569c680d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -22,7 +22,7 @@ extern userdom_struct current_user_info; -BOOL canonicalize_path(connection_struct *conn, pstring path) +static BOOL canonicalize_path(connection_struct *conn, pstring path) { #ifdef REALPATH_TAKES_NULL char *resolved_name = SMB_VFS_REALPATH(conn,path,NULL); -- cgit From 2852ecc67ebded7758a07d8fb72eef53bfa1c63a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 31 Jan 2007 14:42:56 +0000 Subject: r21092: Ok, that's the one that activates the Samba4 notify backend. Now to clean up / fix lots of stuff. Volker (This used to be commit 9e7443fa1417c01be903b15073825dc4def78d99) --- source3/smbd/service.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index b5569c680d..8dbcc2b5ab 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -946,6 +946,13 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, set_conn_connectpath(conn,s); } + if ((!conn->printer) && (!conn->ipc)) { + conn->notify_ctx = notify_init(conn->mem_ctx, server_id_self(), + smbd_messaging_context(), + smbd_event_context(), + conn->params); + } + /* ROOT Activities: */ /* check number of connections */ if (!claim_connection(conn, -- cgit From 240a3fd644bbc94e5872f699c9b90649b52b98a1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 1 Feb 2007 13:36:02 +0000 Subject: r21108: Send sys_notify_watch through the VFS, FAM is next (This used to be commit 603a96761391f36ae9a1c8777d3333ab5c02eb34) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 8dbcc2b5ab..c3bc89ec0d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -950,7 +950,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->notify_ctx = notify_init(conn->mem_ctx, server_id_self(), smbd_messaging_context(), smbd_event_context(), - conn->params); + conn); } /* ROOT Activities: */ -- cgit From d9a29aade0f01df1fa00ccdb8691b02b39bc1d14 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 11 Feb 2007 14:39:21 +0000 Subject: r21279: Get rid of 'aio write behind', this is broken. It should probably better be integrated with our write cache. Volker (This used to be commit 58bfd168b046a97a895aaa3384fd7af8d077a1d5) --- source3/smbd/service.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c3bc89ec0d..eb464c29b2 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -772,7 +772,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->veto_list = NULL; conn->hide_list = NULL; conn->veto_oplock_list = NULL; - conn->aio_write_behind_list = NULL; string_set(&conn->dirpath,""); string_set(&conn->user,user); -- cgit From 01ecda0534a4a7f2a9fe492f1accbcec7552e8d1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 21 Feb 2007 02:04:28 +0000 Subject: r21481: No one said anything, so I'm disallowing anything but explicit shares in "default service" :-). Jeremy. (This used to be commit 90bdcce765998cc0f5768d24926d52b8a4a44f90) --- source3/smbd/service.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index eb464c29b2..1b8e2e1d30 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -402,6 +402,13 @@ int find_service(fstring service) if (iService < 0) { } + /* Is it a usershare service ? */ + if (iService < 0 && *lp_usershare_path()) { + /* Ensure the name is canonicalized. */ + strlower_m(service); + iService = load_usershare_service(service); + } + /* just possibly it's a default service? */ if (iService < 0) { char *pdefservice = lp_defaultservice(); @@ -414,6 +421,14 @@ int find_service(fstring service) */ pstring defservice; pstrcpy(defservice, pdefservice); + + /* Disallow anything except explicit share names. */ + if (strequal(defservice,HOMES_NAME) || + strequal(defservice, PRINTERS_NAME) || + strequal(defservice, "ipc$")) { + goto fail; + } + iService = find_service(defservice); if (iService >= 0) { all_string_sub(service, "_","/",0); @@ -426,13 +441,6 @@ int find_service(fstring service) iService = load_registry_service(service); } - /* Is it a usershare service ? */ - if (iService < 0 && *lp_usershare_path()) { - /* Ensure the name is canonicalized. */ - strlower_m(service); - iService = load_usershare_service(service); - } - if (iService >= 0) { if (!VALID_SNUM(iService)) { DEBUG(0,("Invalid snum %d for %s\n",iService, service)); @@ -440,6 +448,8 @@ int find_service(fstring service) } } + fail: + if (iService < 0) DEBUG(3,("find_service() failed to find service %s\n", service)); -- cgit From 2afcdc8732bbf7364c57a9d10d432684d1f4f037 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 21 Feb 2007 02:11:06 +0000 Subject: r21482: Use IPC$ not ipc$ for consistency. Jeremy. (This used to be commit 42a846b3dfa50eea6592c6bb425f7bdb672c25f9) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 1b8e2e1d30..de2bfd9100 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -425,7 +425,7 @@ int find_service(fstring service) /* Disallow anything except explicit share names. */ if (strequal(defservice,HOMES_NAME) || strequal(defservice, PRINTERS_NAME) || - strequal(defservice, "ipc$")) { + strequal(defservice, "IPC$")) { goto fail; } -- cgit From 28e2069d1f066f20b376d911d6ed582a76c4a713 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 26 Feb 2007 20:14:35 +0000 Subject: r21547: Fix from Michael Adam : Refuse registry shares without path. Thanks, Volker (This used to be commit e795865d58472498097edc3fb68438ed08c38d8d) --- source3/smbd/service.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index de2bfd9100..c96bcea4e2 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -313,6 +313,14 @@ static int load_registry_service(const char *servicename) TALLOC_FREE(value); } + if (!service_ok(res)) { + /* this is actually never reached, since + * service_ok only returns False if the service + * entry does not have a service name, and we _know_ + * we do have a service name here... */ + res = -1; + } + error: TALLOC_FREE(key); -- cgit From b93126ea12f057497fd5d97e79e5ebac1bcfe1ef Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 23 Mar 2007 21:50:44 +0000 Subject: r21953: One format fix, clarify a condition that the IBM checker was worried about. Jeremy. (This used to be commit 70eec7b8ae6a4992b43df853dffc21dd91498390) --- source3/smbd/service.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c96bcea4e2..79c618e7b3 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -915,10 +915,28 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ { + BOOL can_write = False; NT_USER_TOKEN *token = conn->nt_user_token ? - conn->nt_user_token : vuser->nt_user_token; + conn->nt_user_token : + (vuser ? vuser->nt_user_token : NULL); + + /* + * I don't believe this can happen. But the + * logic above is convoluted enough to confuse + * automated checkers, so be sure. JRA. + */ + + if (token == NULL) { + DEBUG(0,("make_connection: connection to %s " + "denied due to missing " + "NT token.\n", + lp_servicename(snum))); + conn_free(conn); + *status = NT_STATUS_ACCESS_DENIED; + return NULL; + } - BOOL can_write = share_access_check(token, + can_write = share_access_check(token, lp_servicename(snum), FILE_WRITE_DATA); -- cgit From b4a7b7a8889737e2891fc1176feabd4ce47f2737 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 14 May 2007 12:16:20 +0000 Subject: r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 79c618e7b3..6d2cdff594 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1230,7 +1230,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, if (strequal(service_in,HOMES_NAME)) { if(lp_security() != SEC_SHARE) { - DATA_BLOB no_pw = data_blob(NULL, 0); + DATA_BLOB no_pw = data_blob_null; if (vuser->homes_snum == -1) { DEBUG(2, ("[homes] share not available for " "this user because it was not found " @@ -1266,7 +1266,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, } else if ((lp_security() != SEC_SHARE) && (vuser->homes_snum != -1) && strequal(service_in, lp_servicename(vuser->homes_snum))) { - DATA_BLOB no_pw = data_blob(NULL, 0); + DATA_BLOB no_pw = data_blob_null; DEBUG(5, ("making a connection to 'homes' service [%s] " "created at session setup time\n", service_in)); return make_connection_snum(vuser->homes_snum, -- cgit From f3c477c631e7318ccaa6f277731b721a462112b8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 27 May 2007 16:22:12 +0000 Subject: r23167: Remove an unused parameter (This used to be commit 3452a870d58cdddf03ddf6ee698bca8416e05cbf) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 6d2cdff594..5b087fd583 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -993,7 +993,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (!claim_connection(conn, lp_servicename(snum), lp_max_connections(snum), - False,0)) { + 0)) { DEBUG(1,("too many connections - rejected\n")); conn_free(conn); *status = NT_STATUS_INSUFFICIENT_RESOURCES; -- cgit From 14e25f10d6a3da34fb8b29c4331571efa11ee3b8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 27 May 2007 16:34:49 +0000 Subject: r23168: Move the lp_max_connections() into service.c. (This used to be commit 4afe37d431b6eb475769a2057025da9aa8d1bb14) --- source3/smbd/service.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 5b087fd583..2b84223695 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -989,17 +989,31 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } /* ROOT Activities: */ - /* check number of connections */ - if (!claim_connection(conn, - lp_servicename(snum), - lp_max_connections(snum), - 0)) { - DEBUG(1,("too many connections - rejected\n")); + /* + * Enforce the max connections parameter. + */ + + if ((lp_max_connections(snum) > 0) + && (count_current_connections(lp_servicename(SNUM(conn)), True) >= + lp_max_connections(snum))) { + + DEBUG(1, ("Max connections (%d) exceeded for %s\n", + lp_max_connections(snum), lp_servicename(snum))); conn_free(conn); *status = NT_STATUS_INSUFFICIENT_RESOURCES; return NULL; } + /* + * Get us an entry in the connections db + */ + if (!claim_connection(conn, lp_servicename(snum), 0)) { + DEBUG(1, ("Could not store connections entry\n")); + conn_free(conn); + *status = NT_STATUS_INTERNAL_DB_ERROR; + return NULL; + } + /* Preexecs are done here as they might make the dir we are to ChDir * to below */ /* execute any "root preexec = " line */ -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2b84223695..007b99d79c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/smbd/service.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 007b99d79c..aeb0e0f31d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 12f61e09d943ea7fc4149166077507b5b0b3b4e7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 12 Sep 2007 21:48:20 +0000 Subject: r25117: The mega-patch Jerry was waiting for. Remove all pstrings from the main server code paths. We should now be able to cope with paths up to PATH_MAX length now. Final job will be to add the TALLOC_CTX * parameter to unix_convert to make it explicit (for Volker). Jeremy. (This used to be commit 7f0db75fb0f24873577dcb758a2ecee74fdc4297) --- source3/smbd/service.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index aeb0e0f31d..4daa2924a2 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -52,7 +52,7 @@ static BOOL canonicalize_path(connection_struct *conn, pstring path) Observent people will notice a similarity between this and check_path_syntax :-). ****************************************************************************/ -void set_conn_connectpath(connection_struct *conn, const pstring connectpath) +void set_conn_connectpath(connection_struct *conn, const char *connectpath) { pstring destname; char *d = destname; @@ -1117,27 +1117,31 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, strerror(errno) )); } change_to_root_user(); - /* Call VFS disconnect hook */ + /* Call VFS disconnect hook */ SMB_VFS_DISCONNECT(conn); yield_connection(conn, lp_servicename(snum)); conn_free(conn); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } - + string_set(&conn->origpath,conn->connectpath); - + #if SOFTLINK_OPTIMISATION /* resolve any soft links early if possible */ if (vfs_ChDir(conn,conn->connectpath) == 0) { - pstring s; - pstrcpy(s,conn->connectpath); - vfs_GetWd(conn,s); + TALLOC_CTX *ctx = talloc_stackframe(); + char *s = vfs_GetWd(ctx,s); + if (!s) { + *status = map_nt_error_from_unix(errno); + return NULL; + } set_conn_connectpath(conn,s); vfs_ChDir(conn,conn->connectpath); + TALLOC_FREE(ctx); } #endif - + /* * Print out the 'connected as' stuff here as we need * to know the effective uid and gid we will be using @@ -1153,7 +1157,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() ); dbgtext( "(pid %d)\n", (int)sys_getpid() ); } - + /* we've finished with the user stuff - go back to root */ change_to_root_user(); return(conn); -- cgit From e5a951325a6cac8567af3a66de6d2df577508ae4 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Wed, 10 Oct 2007 15:34:30 -0500 Subject: [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch. (This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab) --- source3/smbd/service.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 4daa2924a2..1c46e3776c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -312,14 +312,7 @@ static int load_registry_service(const char *servicename) TALLOC_FREE(value); } - if (!service_ok(res)) { - /* this is actually never reached, since - * service_ok only returns False if the service - * entry does not have a service name, and we _know_ - * we do have a service name here... */ - res = -1; - } - + res = 0; error: TALLOC_FREE(key); @@ -409,6 +402,10 @@ int find_service(fstring service) if (iService < 0) { } + if (iService < 0) { + iService = load_registry_service(service); + } + /* Is it a usershare service ? */ if (iService < 0 && *lp_usershare_path()) { /* Ensure the name is canonicalized. */ @@ -444,10 +441,6 @@ int find_service(fstring service) } } - if (iService < 0) { - iService = load_registry_service(service); - } - if (iService >= 0) { if (!VALID_SNUM(iService)) { DEBUG(0,("Invalid snum %d for %s\n",iService, service)); @@ -789,6 +782,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->veto_list = NULL; conn->hide_list = NULL; conn->veto_oplock_list = NULL; + conn->aio_write_behind_list = NULL; string_set(&conn->dirpath,""); string_set(&conn->user,user); -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/smbd/service.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 1c46e3776c..bb279b701f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -21,7 +21,7 @@ extern userdom_struct current_user_info; -static BOOL canonicalize_path(connection_struct *conn, pstring path) +static bool canonicalize_path(connection_struct *conn, pstring path) { #ifdef REALPATH_TAKES_NULL char *resolved_name = SMB_VFS_REALPATH(conn,path,NULL); @@ -57,7 +57,7 @@ void set_conn_connectpath(connection_struct *conn, const char *connectpath) pstring destname; char *d = destname; const char *s = connectpath; - BOOL start_of_name_component = True; + bool start_of_name_component = True; *d++ = '/'; /* Always start with root. */ @@ -161,7 +161,7 @@ void set_conn_connectpath(connection_struct *conn, const char *connectpath) Load parameters specific to a connection/service. ****************************************************************************/ -BOOL set_current_service(connection_struct *conn, uint16 flags, BOOL do_chdir) +bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir) { static connection_struct *last_conn; static uint16 last_flags; @@ -503,7 +503,7 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) return NT_STATUS_OK; } -static NTSTATUS find_forced_user(connection_struct *conn, BOOL vuser_is_guest, fstring username) +static NTSTATUS find_forced_user(connection_struct *conn, bool vuser_is_guest, fstring username) { int snum = conn->params->service; char *fuser, *found_username; @@ -535,7 +535,7 @@ static NTSTATUS find_forced_user(connection_struct *conn, BOOL vuser_is_guest, f * one found. */ -static NTSTATUS find_forced_group(BOOL force_user, +static NTSTATUS find_forced_group(bool force_user, int snum, const char *username, DOM_SID *pgroup_sid, gid_t *pgid) @@ -545,7 +545,7 @@ static NTSTATUS find_forced_group(BOOL force_user, DOM_SID group_sid; enum lsa_SidType type; char *groupname; - BOOL user_must_be_member = False; + bool user_must_be_member = False; gid_t gid; ZERO_STRUCTP(pgroup_sid); @@ -636,7 +636,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, NTSTATUS *status) { struct passwd *pass = NULL; - BOOL guest = False; + bool guest = False; connection_struct *conn; SMB_STRUCT_STAT st; fstring user; @@ -773,7 +773,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, * insensitive for now. */ conn->case_sensitive = False; } else { - conn->case_sensitive = (BOOL)lp_casesensitive(snum); + conn->case_sensitive = (bool)lp_casesensitive(snum); } conn->case_preserve = lp_preservecase(snum); @@ -908,7 +908,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ { - BOOL can_write = False; + bool can_write = False; NT_USER_TOKEN *token = conn->nt_user_token ? conn->nt_user_token : (vuser ? vuser->nt_user_token : NULL); -- cgit From 6658165d5e9cd186fea74e1581091233e8990e9b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 3 Nov 2007 18:15:45 -0700 Subject: Stop get_peer_addr() and client_addr() from using global statics. Part of my library cleanups. Jeremy. (This used to be commit e848506c858bd16706c1d7f6b4b032005512b8ac) --- source3/smbd/service.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index bb279b701f..2901cd3417 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -642,6 +642,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, fstring user; fstring dev; int ret; + char addr[INET6_ADDRSTRLEN]; *user = 0; fstrcpy(dev, pdev); @@ -757,7 +758,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, add_session_user(user); - safe_strcpy(conn->client_address, client_addr(), + safe_strcpy(conn->client_address, client_addr(addr), sizeof(conn->client_address)-1); conn->num_files_open = 0; conn->lastused = conn->lastused_count = time(NULL); @@ -1204,6 +1205,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, fstring service; fstring dev; int snum = -1; + char addr[INET6_ADDRSTRLEN]; fstrcpy(dev, pdev); @@ -1300,7 +1302,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, } DEBUG(0,("%s (%s) couldn't find service %s\n", - get_remote_machine_name(), client_addr(), service)); + get_remote_machine_name(), client_addr(addr), service)); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } -- cgit From 25074433f412c4dd2531fd268d51be8753ddc11b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 3 Nov 2007 18:41:26 -0700 Subject: I can't get away without a 'length' arg. :-). Jeremy. (This used to be commit 95d01279a5def709d0a5d5ae7224d6286006d120) --- source3/smbd/service.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2901cd3417..502fadedc7 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -758,7 +758,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, add_session_user(user); - safe_strcpy(conn->client_address, client_addr(addr), + safe_strcpy(conn->client_address, client_addr(addr,sizeof(addr)), sizeof(conn->client_address)-1); conn->num_files_open = 0; conn->lastused = conn->lastused_count = time(NULL); @@ -1302,7 +1302,9 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, } DEBUG(0,("%s (%s) couldn't find service %s\n", - get_remote_machine_name(), client_addr(addr), service)); + get_remote_machine_name(), + client_addr(addr,sizeof(addr)), + service)); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } -- cgit From 5b0b4f23ef5fec3d1ad518237f973d4e014b5766 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 3 Nov 2007 23:20:10 -0700 Subject: Remove most of the remaining globals out of lib/util_sock.c. I have a plan for dealing with the remaining..... Watch this space. Jeremy. (This used to be commit 963fc7685212689f02b3adcc05b4273ee5c382d4) --- source3/smbd/service.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 502fadedc7..2402be3aed 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -758,8 +758,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, add_session_user(user); - safe_strcpy(conn->client_address, client_addr(addr,sizeof(addr)), - sizeof(conn->client_address)-1); + safe_strcpy(conn->client_address, + client_addr(get_client_fd(),addr,sizeof(addr)), + sizeof(conn->client_address)-1); conn->num_files_open = 0; conn->lastused = conn->lastused_count = time(NULL); conn->used = True; @@ -1303,7 +1304,7 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, DEBUG(0,("%s (%s) couldn't find service %s\n", get_remote_machine_name(), - client_addr(addr,sizeof(addr)), + client_addr(get_client_fd(),addr,sizeof(addr)), service)); *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; -- cgit From ec1ecd92c914048a72a61b373a1c6d8507d0e92f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 3 Nov 2007 15:03:26 +0100 Subject: Make load_registry_service return the share number (This used to be commit 934964c90f39d588d2399f10e3738ab1b4e01290) --- source3/smbd/service.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2402be3aed..2cd3363cf6 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -312,7 +312,6 @@ static int load_registry_service(const char *servicename) TALLOC_FREE(value); } - res = 0; error: TALLOC_FREE(key); -- cgit From acc0218f1396de2aad521dff722ada43631d92f9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 10 Nov 2007 14:43:39 -0800 Subject: Remove pstring from service.c. Jeremy. (This used to be commit cdd9e5cc8366cf0be4dc31f793fc0e5be6f63c3e) --- source3/smbd/service.c | 180 ++++++++++++++++++++++++++++++------------------- 1 file changed, 109 insertions(+), 71 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2cd3363cf6..dd09a6955e 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -21,16 +21,17 @@ extern userdom_struct current_user_info; -static bool canonicalize_path(connection_struct *conn, pstring path) +static bool canonicalize_connect_path(connection_struct *conn) { #ifdef REALPATH_TAKES_NULL - char *resolved_name = SMB_VFS_REALPATH(conn,path,NULL); + bool ret; + char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath,NULL); if (!resolved_name) { - return False; + return false; } - pstrcpy(path, resolved_name); + ret = set_conn_connectpath(conn,resolved_name); SAFE_FREE(resolved_name); - return True; + return ret; #else #ifdef PATH_MAX char resolved_name_buf[PATH_MAX+1]; @@ -39,10 +40,9 @@ static bool canonicalize_path(connection_struct *conn, pstring path) #endif char *resolved_name = SMB_VFS_REALPATH(conn,path,resolved_name_buf); if (!resolved_name) { - return False; + return false; } - pstrcpy(path, resolved_name); - return True; + return set_conn_connectpath(conn,resolved_name); #endif /* REALPATH_TAKES_NULL */ } @@ -52,12 +52,18 @@ static bool canonicalize_path(connection_struct *conn, pstring path) Observent people will notice a similarity between this and check_path_syntax :-). ****************************************************************************/ -void set_conn_connectpath(connection_struct *conn, const char *connectpath) +bool set_conn_connectpath(connection_struct *conn, const char *connectpath) { - pstring destname; - char *d = destname; + char *destname; + char *d; const char *s = connectpath; - bool start_of_name_component = True; + bool start_of_name_component = true; + + destname = SMB_STRDUP(connectpath); + if (!destname) { + return false; + } + d = destname; *d++ = '/'; /* Always start with root. */ @@ -142,7 +148,7 @@ void set_conn_connectpath(connection_struct *conn, const char *connectpath) break; } } - start_of_name_component = False; + start_of_name_component = false; } *d = '\0'; @@ -155,6 +161,8 @@ void set_conn_connectpath(connection_struct *conn, const char *connectpath) lp_servicename(SNUM(conn)), destname )); string_set(&conn->connectpath, destname); + SAFE_FREE(destname); + return true; } /**************************************************************************** @@ -422,13 +430,17 @@ int find_service(fstring service) * could get overwritten by the recursive find_service() call * below. Fix from Josef Hinteregger . */ - pstring defservice; - pstrcpy(defservice, pdefservice); + char *defservice = SMB_STRDUP(pdefservice); + + if (!defservice) { + goto fail; + } /* Disallow anything except explicit share names. */ if (strequal(defservice,HOMES_NAME) || strequal(defservice, PRINTERS_NAME) || strequal(defservice, "IPC$")) { + SAFE_FREE(defservice); goto fail; } @@ -437,6 +449,7 @@ int find_service(fstring service) all_string_sub(service, "_","/",0); iService = lp_add_service(service, iService); } + SAFE_FREE(defservice); } } @@ -642,6 +655,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, fstring dev; int ret; char addr[INET6_ADDRSTRLEN]; + bool on_err_call_dis_hook = false; *user = 0; fstrcpy(dev, pdev); @@ -889,16 +903,27 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } { - pstring s; - pstrcpy(s,lp_pathname(snum)); - standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user, - conn->connectpath, conn->gid, - get_current_username(), - current_user_info.domain, - s, sizeof(s)); - set_conn_connectpath(conn,s); + char *s = talloc_sub_advanced(talloc_tos(), + lp_servicename(SNUM(conn)), conn->user, + conn->connectpath, conn->gid, + get_current_username(), + current_user_info.domain, + lp_pathname(snum)); + if (!s) { + conn_free(conn); + *status = NT_STATUS_NO_MEMORY; + return NULL; + } + + if (!set_conn_connectpath(conn,s)) { + TALLOC_FREE(s); + conn_free(conn); + *status = NT_STATUS_NO_MEMORY; + return NULL; + } DEBUG(3,("Connect path is '%s' for service [%s]\n",s, lp_servicename(snum))); + TALLOC_FREE(s); } /* @@ -969,10 +994,15 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, * depend on the realpath() pointer in the vfs table. JRA. */ if (!lp_widelinks(snum)) { - pstring s; - pstrcpy(s,conn->connectpath); - canonicalize_path(conn, s); - set_conn_connectpath(conn,s); + if (!canonicalize_connect_path(conn)) { + DEBUG(0, ("canonicalize_connect_path failed " + "for service %s, path %s\n", + lp_servicename(snum), + conn->connectpath)); + conn_free(conn); + *status = NT_STATUS_BAD_NETWORK_NAME; + return NULL; + } } if ((!conn->printer) && (!conn->ipc)) { @@ -1012,15 +1042,15 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, * to below */ /* execute any "root preexec = " line */ if (*lp_rootpreexec(snum)) { - pstring cmd; - pstrcpy(cmd,lp_rootpreexec(snum)); - standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user, - conn->connectpath, conn->gid, - get_current_username(), - current_user_info.domain, - cmd, sizeof(cmd)); + char *cmd = talloc_sub_advanced(talloc_tos(), + lp_servicename(SNUM(conn)), conn->user, + conn->connectpath, conn->gid, + get_current_username(), + current_user_info.domain, + lp_rootpreexec(snum)); DEBUG(5,("cmd=%s\n",cmd)); ret = smbrun(cmd,NULL); + TALLOC_FREE(cmd); if (ret != 0 && lp_rootpreexec_close(snum)) { DEBUG(1,("root preexec gave %d - failing " "connection\n", ret)); @@ -1049,22 +1079,19 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* execute any "preexec = " line */ if (*lp_preexec(snum)) { - pstring cmd; - pstrcpy(cmd,lp_preexec(snum)); - standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user, - conn->connectpath, conn->gid, - get_current_username(), - current_user_info.domain, - cmd, sizeof(cmd)); + char *cmd = talloc_sub_advanced(talloc_tos(), + lp_servicename(SNUM(conn)), conn->user, + conn->connectpath, conn->gid, + get_current_username(), + current_user_info.domain, + lp_preexec(snum)); ret = smbrun(cmd,NULL); + TALLOC_FREE(cmd); if (ret != 0 && lp_preexec_close(snum)) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); - change_to_root_user(); - yield_connection(conn, lp_servicename(snum)); - conn_free(conn); *status = NT_STATUS_ACCESS_DENIED; - return NULL; + goto err_root_exit; } } @@ -1087,13 +1114,13 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (SMB_VFS_CONNECT(conn, lp_servicename(snum), user) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); - change_to_root_user(); - yield_connection(conn, lp_servicename(snum)); - conn_free(conn); *status = NT_STATUS_UNSUCCESSFUL; - return NULL; + goto err_root_exit; } + /* Any error exit after here needs to call the disconnect hook. */ + on_err_call_dis_hook = true; + /* win2000 does not check the permissions on the directory during the tree connect, instead relying on permission check during individual operations. To match this behaviour @@ -1111,13 +1138,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->connectpath, lp_servicename(snum), strerror(errno) )); } - change_to_root_user(); - /* Call VFS disconnect hook */ - SMB_VFS_DISCONNECT(conn); - yield_connection(conn, lp_servicename(snum)); - conn_free(conn); *status = NT_STATUS_BAD_NETWORK_NAME; - return NULL; + goto err_root_exit; } string_set(&conn->origpath,conn->connectpath); @@ -1129,9 +1151,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, char *s = vfs_GetWd(ctx,s); if (!s) { *status = map_nt_error_from_unix(errno); - return NULL; + TALLOC_FREE(ctx); + goto err_root_exit; + } + if (!set_conn_connectpath(conn,s)) { + *status = NT_STATUS_NO_MEMORY; + TALLOC_FREE(ctx); + goto err_root_exit; } - set_conn_connectpath(conn,s); vfs_ChDir(conn,conn->connectpath); TALLOC_FREE(ctx); } @@ -1156,6 +1183,17 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* we've finished with the user stuff - go back to root */ change_to_root_user(); return(conn); + + err_root_exit: + + change_to_root_user(); + if (on_err_call_dis_hook) { + /* Call VFS disconnect hook */ + SMB_VFS_DISCONNECT(conn); + } + yield_connection(conn, lp_servicename(snum)); + conn_free(conn); + return NULL; } /*************************************************************************************** @@ -1356,28 +1394,28 @@ void close_cnum(connection_struct *conn, uint16 vuid) /* execute any "postexec = " line */ if (*lp_postexec(SNUM(conn)) && change_to_user(conn, vuid)) { - pstring cmd; - pstrcpy(cmd,lp_postexec(SNUM(conn))); - standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user, - conn->connectpath, conn->gid, - get_current_username(), - current_user_info.domain, - cmd, sizeof(cmd)); + char *cmd = talloc_sub_advanced(talloc_tos(), + lp_servicename(SNUM(conn)), conn->user, + conn->connectpath, conn->gid, + get_current_username(), + current_user_info.domain, + lp_postexec(SNUM(conn))); smbrun(cmd,NULL); + TALLOC_FREE(cmd); change_to_root_user(); } change_to_root_user(); /* execute any "root postexec = " line */ if (*lp_rootpostexec(SNUM(conn))) { - pstring cmd; - pstrcpy(cmd,lp_rootpostexec(SNUM(conn))); - standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user, - conn->connectpath, conn->gid, - get_current_username(), - current_user_info.domain, - cmd, sizeof(cmd)); + char *cmd = talloc_sub_advanced(talloc_tos(), + lp_servicename(SNUM(conn)), conn->user, + conn->connectpath, conn->gid, + get_current_username(), + current_user_info.domain, + lp_rootpostexec(SNUM(conn))); smbrun(cmd,NULL); + TALLOC_FREE(cmd); } conn_free(conn); -- cgit From 54d65bfb9a3200943afa14e314a3d620f6fa32b3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 10 Nov 2007 15:02:08 -0800 Subject: Fix the build when realpath doesn't take null as a last arg. Jeremy. (This used to be commit 63125225383f512f43002b9a92569d4b8f1b63bd) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index dd09a6955e..c3972391f3 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -38,7 +38,7 @@ static bool canonicalize_connect_path(connection_struct *conn) #else pstring resolved_name_buf; #endif - char *resolved_name = SMB_VFS_REALPATH(conn,path,resolved_name_buf); + char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath,resolved_name_buf); if (!resolved_name) { return false; } -- cgit From 2b3c44e4fb980335c22abcc07a88f32b13e5918f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 10 Nov 2007 22:31:34 -0800 Subject: Always define PATH_MAX. Makes code simpler (removes a bunch of #defines). Remove pstring from msdfs.c. Jeremy. (This used to be commit e203ba22275320808bc11b17361ad1f2d5b0b897) --- source3/smbd/service.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c3972391f3..e98ce0f8c2 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -33,11 +33,7 @@ static bool canonicalize_connect_path(connection_struct *conn) SAFE_FREE(resolved_name); return ret; #else -#ifdef PATH_MAX char resolved_name_buf[PATH_MAX+1]; -#else - pstring resolved_name_buf; -#endif char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath,resolved_name_buf); if (!resolved_name) { return false; -- cgit From 900288a2b86abd247f9eb4cd15dc5617a17cfef1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 21:11:36 +0100 Subject: Replace sid_string_static by sid_string_dbg in DEBUGs (This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index e98ce0f8c2..88ab9f0048 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -597,7 +597,7 @@ static NTSTATUS find_forced_group(bool force_user, if (!sid_to_gid(&group_sid, &gid)) { DEBUG(10, ("sid_to_gid(%s) for %s failed\n", - sid_string_static(&group_sid), groupname)); + sid_string_dbg(&group_sid), groupname)); goto done; } @@ -885,7 +885,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (!sid_to_gid(sid, &gid)) { DEBUG(10, ("Could not convert SID %s to gid, " "ignoring it\n", - sid_string_static(sid))); + sid_string_dbg(sid))); continue; } if (!add_gid_to_array_unique(conn->mem_ctx, gid, &conn->groups, -- cgit From e518e19bc0000019f131354f55e9f5b55f6a2c5e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Dec 2007 15:02:59 +0100 Subject: Remove Get_Pwnam and its associated static variable All callers are replaced by Get_Pwnam_alloc (This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a) --- source3/smbd/service.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 88ab9f0048..ed43528c76 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -357,6 +357,7 @@ void load_registry_shares(void) int find_service(fstring service) { int iService; + TALLOC_CTX *frame = talloc_stackframe(); all_string_sub(service,"\\","/",0); @@ -364,7 +365,7 @@ int find_service(fstring service) /* now handle the special case of a home directory */ if (iService < 0) { - char *phome_dir = get_user_home_dir(service); + char *phome_dir = get_user_home_dir(talloc_tos(), service); if(!phome_dir) { /* @@ -372,7 +373,8 @@ int find_service(fstring service) * be a Windows to unix mapped user name. */ if(map_username(service)) - phome_dir = get_user_home_dir(service); + phome_dir = get_user_home_dir( + talloc_tos(), service); } DEBUG(3,("checking for home directory %s gave %s\n",service, @@ -461,6 +463,8 @@ int find_service(fstring service) if (iService < 0) DEBUG(3,("find_service() failed to find service %s\n", service)); + TALLOC_FREE(frame); + return (iService); } @@ -744,11 +748,12 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *status = NT_STATUS_WRONG_PASSWORD; return NULL; } - pass = Get_Pwnam(user); + pass = Get_Pwnam_alloc(talloc_tos(), user); status2 = create_token_from_username(conn->mem_ctx, pass->pw_name, True, &conn->uid, &conn->gid, &found_username, &conn->nt_user_token); + TALLOC_FREE(pass); if (!NT_STATUS_IS_OK(status2)) { conn_free(conn); *status = status2; -- cgit From 1176e04c76e28d9ee9ab355c5e9edcd1b627ac03 Mon Sep 17 00:00:00 2001 From: James Peach Date: Sat, 22 Dec 2007 14:01:25 -0800 Subject: Cache the underlying filesystem capabilities at connection time. This change alters the Samba connection code to cache the filesystem capabilities when a new client connects. This can be used to enable filesystem specific optimisations is a general manner. (This used to be commit de3c5b808a941ac8e9ebe7169536d8290067eef5) --- source3/smbd/service.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ed43528c76..8e69a3b381 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1165,6 +1165,21 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } #endif + /* Figure out the characteristics of the underlying filesystem. This + * assumes that all the filesystem mounted withing a share path have + * the same characteristics, which is likely but not guaranteed. + */ + { + vfs_statvfs_struct svfs; + + conn->fs_capabilities = + FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES; + + if (SMB_VFS_STATVFS(conn, conn->connectpath, &svfs) == 0) { + conn->fs_capabilities = svfs.FsCapabilities; + } + } + /* * Print out the 'connected as' stuff here as we need * to know the effective uid and gid we will be using -- cgit From afce2b245a8ff137a4ecea547c3cfb65ab58dc15 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 27 Dec 2007 23:51:03 -0800 Subject: Add the capability to set "smb encrypt = required" on a share (or global) and have the server reply with ACCESS_DENIED for all non-encrypted traffic (except that used to query encryption requirements and set encryption state). Jeremy. (This used to be commit d241bfa57729bb934ada6beabf842a2ca7b4f8a2) --- source3/smbd/service.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 8e69a3b381..65fc818144 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -795,6 +795,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->case_preserve = lp_preservecase(snum); conn->short_case_preserve = lp_shortpreservecase(snum); + conn->encrypt_level = lp_smb_encrypt(snum); + conn->veto_list = NULL; conn->hide_list = NULL; conn->veto_oplock_list = NULL; -- cgit From 253fbf1a6ece5c8dc9759e3535b7f9fa46883c1b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 9 Jan 2008 17:11:04 -0800 Subject: Make use of talloc_pool in the main codepaths. Remove the sub-contexts. Jeremy. (This used to be commit bc932b8ad4396f76b71c43efe9a6346f89c3632c) --- source3/smbd/service.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 65fc818144..2588a66b8b 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -357,7 +357,6 @@ void load_registry_shares(void) int find_service(fstring service) { int iService; - TALLOC_CTX *frame = talloc_stackframe(); all_string_sub(service,"\\","/",0); @@ -463,8 +462,6 @@ int find_service(fstring service) if (iService < 0) DEBUG(3,("find_service() failed to find service %s\n", service)); - TALLOC_FREE(frame); - return (iService); } @@ -1150,20 +1147,17 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, #if SOFTLINK_OPTIMISATION /* resolve any soft links early if possible */ if (vfs_ChDir(conn,conn->connectpath) == 0) { - TALLOC_CTX *ctx = talloc_stackframe(); + TALLOC_CTX *ctx = talloc_tos(); char *s = vfs_GetWd(ctx,s); if (!s) { *status = map_nt_error_from_unix(errno); - TALLOC_FREE(ctx); goto err_root_exit; } if (!set_conn_connectpath(conn,s)) { *status = NT_STATUS_NO_MEMORY; - TALLOC_FREE(ctx); goto err_root_exit; } vfs_ChDir(conn,conn->connectpath); - TALLOC_FREE(ctx); } #endif -- cgit From b92c3e281c66127dbd2b16b7c71e2cba4e0c1de9 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 16 Jan 2008 16:40:59 +0100 Subject: Add handling of [homes] and [printers] via registry shares. Now homes and printers shares can be accessed through the registry meachanism on demand in pure registry configurations with "config backend = registry" without the need to have a special handler for these two. Michael (This used to be commit eec3248ef90fbfe6e048394c875173b164a8b439) --- source3/smbd/service.c | 84 +++++++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 39 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2588a66b8b..ed8061e2f7 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -219,44 +219,6 @@ bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir) return(True); } -/**************************************************************************** - Add a home service. Returns the new service number or -1 if fail. -****************************************************************************/ - -int add_home_service(const char *service, const char *username, const char *homedir) -{ - int iHomeService; - - if (!service || !homedir) - return -1; - - if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) - return -1; - - /* - * If this is a winbindd provided username, remove - * the domain component before adding the service. - * Log a warning if the "path=" parameter does not - * include any macros. - */ - - { - const char *p = strchr(service,*lp_winbind_separator()); - - /* We only want the 'user' part of the string */ - if (p) { - service = p + 1; - } - } - - if (!lp_add_home(service, iHomeService, username, homedir)) { - return -1; - } - - return lp_servicenumber(service); - -} - static int load_registry_service(const char *servicename) { struct registry_key *key; @@ -348,6 +310,47 @@ void load_registry_shares(void) return; } +/**************************************************************************** + Add a home service. Returns the new service number or -1 if fail. +****************************************************************************/ + +int add_home_service(const char *service, const char *username, const char *homedir) +{ + int iHomeService; + + if (!service || !homedir) + return -1; + + if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) { + if ((iHomeService = load_registry_service(HOMES_NAME)) < 0) { + return -1; + } + } + + /* + * If this is a winbindd provided username, remove + * the domain component before adding the service. + * Log a warning if the "path=" parameter does not + * include any macros. + */ + + { + const char *p = strchr(service,*lp_winbind_separator()); + + /* We only want the 'user' part of the string */ + if (p) { + service = p + 1; + } + } + + if (!lp_add_home(service, iHomeService, username, homedir)) { + return -1; + } + + return lp_servicenumber(service); + +} + /** * Find a service entry. * @@ -386,7 +389,10 @@ int find_service(fstring service) if (iService < 0) { int iPrinterService; - if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0) { + if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) < 0) { + iPrinterService = load_registry_service(PRINTERS_NAME); + } + if (iPrinterService) { DEBUG(3,("checking whether %s is a valid printer name...\n", service)); if (pcap_printername_ok(service)) { DEBUG(3,("%s is a valid printer name\n", service)); -- cgit From 9a226532221b88369b913bc9f9d6ec335620349f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 21 Jan 2008 15:10:44 +0100 Subject: Add SMB_VFS_FS_CAPABILITIES It turns out that this is a necessary operation, separate from statvfs. statvfs can fail during tcon, so conn->fs_capabilities would never see that we support streams on a particular share. James, can you check that I got the darwin variant right? Thanks! (This used to be commit 3ad798d803b3b023533bb48e6993885f22b96095) --- source3/smbd/service.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ed8061e2f7..a8aa25405a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1171,16 +1171,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, * assumes that all the filesystem mounted withing a share path have * the same characteristics, which is likely but not guaranteed. */ - { - vfs_statvfs_struct svfs; - - conn->fs_capabilities = - FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES; - if (SMB_VFS_STATVFS(conn, conn->connectpath, &svfs) == 0) { - conn->fs_capabilities = svfs.FsCapabilities; - } - } + conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn); /* * Print out the 'connected as' stuff here as we need -- cgit From 67536eddc34e225562e31e500cf64c03d63ad1cc Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 11 Mar 2008 02:02:27 +0100 Subject: registry shares: prevent creating regular share called "global". This is a first quick fix. Registry shares should be rewritten to use libnet_conf. Michael (This used to be commit 71bd0bd0ea018e8c5033bbf904333c596330855a) --- source3/smbd/service.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a8aa25405a..8b73f68364 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -235,6 +235,10 @@ static int load_registry_service(const char *servicename) return -1; } + if (strequal(servicename, GLOBAL_NAME)) { + return -2; + } + if (asprintf(&path, "%s\\%s", KEY_SMBCONF, servicename) == -1) { return -1; } -- cgit From 6476313b6d4ad8b33e63f8b7bf9bf6a7384d23ec Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 12 Mar 2008 02:07:37 +0100 Subject: Add a debug message. Michael (This used to be commit a39807044879ad9df7614e010db6ea16b51000a0) --- source3/smbd/service.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 8b73f68364..33b2cb26c1 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -295,6 +295,7 @@ void load_registry_shares(void) WERROR err; int i; + DEBUG(8, ("load_registry_shares()\n")); if (!lp_registry_shares()) { return; } -- cgit From d62563342e8c83d67dbcfb0c4b8e2ed886742006 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 28 Apr 2008 10:31:49 +0200 Subject: Remove connection_struct->mem_ctx, connection_struct is its own parent (This used to be commit 559180f7d30606d1999399d954ceedc798c669a4) --- source3/smbd/service.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 33b2cb26c1..a405ffc9bc 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -529,12 +529,12 @@ static NTSTATUS find_forced_user(connection_struct *conn, bool vuser_is_guest, f char *fuser, *found_username; NTSTATUS result; - if (!(fuser = talloc_string_sub(conn->mem_ctx, lp_force_user(snum), "%S", + if (!(fuser = talloc_string_sub(conn, lp_force_user(snum), "%S", lp_servicename(snum)))) { return NT_STATUS_NO_MEMORY; } - result = create_token_from_username(conn->mem_ctx, fuser, vuser_is_guest, + result = create_token_from_username(conn, fuser, vuser_is_guest, &conn->uid, &conn->gid, &found_username, &conn->nt_user_token); if (!NT_STATUS_IS_OK(result)) { @@ -697,7 +697,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *status = NT_STATUS_NO_SUCH_USER; return NULL; } - status2 = create_token_from_username(conn->mem_ctx, pass->pw_name, True, + status2 = create_token_from_username(conn, pass->pw_name, True, &conn->uid, &conn->gid, &found_username, &conn->nt_user_token); @@ -757,7 +757,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } pass = Get_Pwnam_alloc(talloc_tos(), user); - status2 = create_token_from_username(conn->mem_ctx, pass->pw_name, True, + status2 = create_token_from_username(conn, pass->pw_name, True, &conn->uid, &conn->gid, &found_username, &conn->nt_user_token); @@ -903,7 +903,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, sid_string_dbg(sid))); continue; } - if (!add_gid_to_array_unique(conn->mem_ctx, gid, &conn->groups, + if (!add_gid_to_array_unique(conn, gid, &conn->groups, &conn->ngroups)) { DEBUG(0, ("add_gid_to_array_unique failed\n")); conn_free(conn); @@ -1017,7 +1017,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } if ((!conn->printer) && (!conn->ipc)) { - conn->notify_ctx = notify_init(conn->mem_ctx, server_id_self(), + conn->notify_ctx = notify_init(conn, server_id_self(), smbd_messaging_context(), smbd_event_context(), conn); -- cgit From bb3755968f5e953340edfb0b71997dddc11badb9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 29 Apr 2008 13:35:00 +0200 Subject: Remove "nt_user_token" from "struct user_struct" (This used to be commit 51d5d512f28eadc74eced43e5e7f4e5bdff3ff69) --- source3/smbd/service.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a405ffc9bc..a286e561c7 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -725,7 +725,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } } else { if (!user_ok_token(vuser->user.unix_name, - vuser->nt_user_token, snum)) { + vuser->server_info->ptok, snum)) { DEBUG(2, ("user '%s' (from session setup) not " "permitted to access this share " "(%s)\n", vuser->user.unix_name, @@ -861,7 +861,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, * group. vuser has a token to copy */ conn->nt_user_token = dup_nt_token( - NULL, vuser->nt_user_token); + NULL, vuser->server_info->ptok); if (conn->nt_user_token == NULL) { DEBUG(0, ("dup_nt_token failed\n")); conn_free(conn); @@ -948,7 +948,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, bool can_write = False; NT_USER_TOKEN *token = conn->nt_user_token ? conn->nt_user_token : - (vuser ? vuser->nt_user_token : NULL); + (vuser ? vuser->server_info->ptok : NULL); /* * I don't believe this can happen. But the -- cgit From c6d209f8342d56adc52a6c8ab99a4a2e17d409b2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 29 Apr 2008 13:43:10 +0200 Subject: Remove the unix token info from "struct user_struct" (This used to be commit aa2299d42adf4d27e707ac755e07be70d0af1bb4) --- source3/smbd/service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a286e561c7..43f8699e29 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -736,8 +736,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } } conn->vuid = vuser->vuid; - conn->uid = vuser->uid; - conn->gid = vuser->gid; + conn->uid = vuser->server_info->uid; + conn->gid = vuser->server_info->gid; string_set(&conn->user,vuser->user.unix_name); fstrcpy(user,vuser->user.unix_name); guest = vuser->guest; -- cgit From 71ff1ba2deddf8fa12b034518e92e0a461871388 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 29 Apr 2008 13:45:58 +0200 Subject: Remove "guest" from "struct user_struct" (This used to be commit 570a6b80feb5b0dc23213ba936c721e766cd4818) --- source3/smbd/service.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 43f8699e29..7b0fdc8976 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -714,7 +714,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, TALLOC_FREE(pass); DEBUG(3,("Guest only user %s\n",user)); } else if (vuser) { - if (vuser->guest) { + if (vuser->server_info->guest) { if (!lp_guest_ok(snum)) { DEBUG(2, ("guest user (from session setup) " "not permitted to access this share " @@ -740,7 +740,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->gid = vuser->server_info->gid; string_set(&conn->user,vuser->user.unix_name); fstrcpy(user,vuser->user.unix_name); - guest = vuser->guest; + guest = vuser->server_info->guest; } else if (lp_security() == SEC_SHARE) { NTSTATUS status2; char *found_username = NULL; @@ -825,7 +825,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, NTSTATUS status2; status2 = find_forced_user(conn, - (vuser != NULL) && vuser->guest, + (vuser != NULL) && vuser->server_info->guest, user); if (!NT_STATUS_IS_OK(status2)) { conn_free(conn); -- cgit From bec1dfab27be3db888eeb451b4547f16e08e93c3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 30 Apr 2008 17:42:39 +0200 Subject: Remove "userdom_struct user" from "struct user_struct" (This used to be commit 420de035237bb08bc470c9eb820f3da2edaa6805) --- source3/smbd/service.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 7b0fdc8976..ff69fc4029 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -724,11 +724,12 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } } else { - if (!user_ok_token(vuser->user.unix_name, + if (!user_ok_token(vuser->server_info->unix_name, vuser->server_info->ptok, snum)) { DEBUG(2, ("user '%s' (from session setup) not " "permitted to access this share " - "(%s)\n", vuser->user.unix_name, + "(%s)\n", + vuser->server_info->unix_name, lp_servicename(snum))); conn_free(conn); *status = NT_STATUS_ACCESS_DENIED; @@ -738,8 +739,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->vuid = vuser->vuid; conn->uid = vuser->server_info->uid; conn->gid = vuser->server_info->gid; - string_set(&conn->user,vuser->user.unix_name); - fstrcpy(user,vuser->user.unix_name); + string_set(&conn->user,vuser->server_info->unix_name); + fstrcpy(user,vuser->server_info->unix_name); guest = vuser->server_info->guest; } else if (lp_security() == SEC_SHARE) { NTSTATUS status2; -- cgit From 193b63f326d31907bdc4486fadec4a7f4dcb0bac Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 7 May 2008 14:20:15 +0200 Subject: Use talloc_stackframe() in find_forced_group (This used to be commit 27a9bbc645416265eebdfc866925855021bd407c) --- source3/smbd/service.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ff69fc4029..d57156762f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -561,7 +561,7 @@ static NTSTATUS find_forced_group(bool force_user, gid_t *pgid) { NTSTATUS result = NT_STATUS_NO_SUCH_GROUP; - TALLOC_CTX *mem_ctx; + TALLOC_CTX *frame = talloc_stackframe(); DOM_SID group_sid; enum lsa_SidType type; char *groupname; @@ -571,13 +571,7 @@ static NTSTATUS find_forced_group(bool force_user, ZERO_STRUCTP(pgroup_sid); *pgid = (gid_t)-1; - mem_ctx = talloc_new(NULL); - if (mem_ctx == NULL) { - DEBUG(0, ("talloc_new failed\n")); - return NT_STATUS_NO_MEMORY; - } - - groupname = talloc_strdup(mem_ctx, lp_force_group(snum)); + groupname = talloc_strdup(talloc_tos(), lp_force_group(snum)); if (groupname == NULL) { DEBUG(1, ("talloc_strdup failed\n")); result = NT_STATUS_NO_MEMORY; @@ -589,10 +583,10 @@ static NTSTATUS find_forced_group(bool force_user, groupname += 1; } - groupname = talloc_string_sub(mem_ctx, groupname, + groupname = talloc_string_sub(talloc_tos(), groupname, "%S", lp_servicename(snum)); - if (!lookup_name_smbconf(mem_ctx, groupname, + if (!lookup_name_smbconf(talloc_tos(), groupname, LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP, NULL, NULL, &group_sid, &type)) { DEBUG(10, ("lookup_name_smbconf(%s) failed\n", @@ -641,7 +635,7 @@ static NTSTATUS find_forced_group(bool force_user, result = NT_STATUS_OK; done: - TALLOC_FREE(mem_ctx); + TALLOC_FREE(frame); return result; } -- cgit From 4f731150bdc4e7257e1fc87e6ea6944d33cb1e34 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 6 May 2008 15:16:45 +0200 Subject: Use talloc_tos() for a temporary getpwnam_alloc in make_connection_snum (This used to be commit 1843ea64ab1df5ced5926aedbeb27c8320b0c70b) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index d57156762f..f589f0644b 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -683,7 +683,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, char *found_username = NULL; guest = True; - pass = getpwnam_alloc(NULL, guestname); + pass = getpwnam_alloc(talloc_tos(), guestname); if (!pass) { DEBUG(0,("make_connection_snum: Invalid guest " "account %s??\n",guestname)); -- cgit From 270a3f2a6f6674c0a854b513b756500a9edb3d21 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 6 May 2008 17:48:22 +0200 Subject: Add create_connection_server_info() -- not used yet (This used to be commit 50bf075f7556fd09e0081175c31a5020a8eaf4d6) --- source3/smbd/service.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index f589f0644b..35a415b0ac 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -639,6 +639,82 @@ static NTSTATUS find_forced_group(bool force_user, return result; } +/**************************************************************************** + Create an auth_serversupplied_info structure for a connection_struct +****************************************************************************/ + +static NTSTATUS create_connection_server_info(TALLOC_CTX *mem_ctx, int snum, + struct auth_serversupplied_info *vuid_serverinfo, + DATA_BLOB password, + struct auth_serversupplied_info **presult) +{ + if (lp_guest_only(snum)) { + return make_server_info_guest(mem_ctx, presult); + } + + if (vuid_serverinfo != NULL) { + + struct auth_serversupplied_info *result; + + /* + * This is the normal security != share case where we have a + * valid vuid from the session setup. */ + + if (vuid_serverinfo->guest) { + if (!lp_guest_ok(snum)) { + DEBUG(2, ("guest user (from session setup) " + "not permitted to access this share " + "(%s)\n", lp_servicename(snum))); + return NT_STATUS_ACCESS_DENIED; + } + } else { + if (!user_ok_token(vuid_serverinfo->unix_name, + vuid_serverinfo->ptok, snum)) { + DEBUG(2, ("user '%s' (from session setup) not " + "permitted to access this share " + "(%s)\n", + vuid_serverinfo->unix_name, + lp_servicename(snum))); + return NT_STATUS_ACCESS_DENIED; + } + } + + result = copy_serverinfo(mem_ctx, vuid_serverinfo); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + + *presult = result; + return NT_STATUS_OK; + } + + if (lp_security() == SEC_SHARE) { + + fstring user; + bool guest; + + /* add the sharename as a possible user name if we + are in share mode security */ + + add_session_user(lp_servicename(snum)); + + /* shall we let them in? */ + + if (!authorise_login(snum,user,password,&guest)) { + DEBUG( 2, ( "Invalid username/password for [%s]\n", + lp_servicename(snum)) ); + return NT_STATUS_WRONG_PASSWORD; + } + + return make_serverinfo_from_username(mem_ctx, user, guest, + presult); + } + + DEBUG(0, ("invalid VUID (vuser) but not in security=share\n")); + return NT_STATUS_ACCESS_DENIED; +} + + /**************************************************************************** Make a connection, given the snum to connect to, and the vuser of the connecting user if appropriate. -- cgit From 39a318aee4ca4114ce7cbb2f1af001a6035bf783 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 6 May 2008 21:50:08 +0200 Subject: "status" -> "pstatus" in make_connection_snum (This used to be commit 3ce395e61e931a77c5d2f52f39c7e3f71a9605a9) --- source3/smbd/service.c | 80 ++++++++++++++++++++++++-------------------------- 1 file changed, 38 insertions(+), 42 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 35a415b0ac..40863fc55d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -723,7 +723,7 @@ static NTSTATUS create_connection_server_info(TALLOC_CTX *mem_ctx, int snum, static connection_struct *make_connection_snum(int snum, user_struct *vuser, DATA_BLOB password, const char *pdev, - NTSTATUS *status) + NTSTATUS *pstatus) { struct passwd *pass = NULL; bool guest = False; @@ -734,19 +734,20 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, int ret; char addr[INET6_ADDRSTRLEN]; bool on_err_call_dis_hook = false; + NTSTATUS status; *user = 0; fstrcpy(dev, pdev); SET_STAT_INVALID(st); - if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, dev))) { + if (NT_STATUS_IS_ERR(*pstatus = share_sanity_checks(snum, dev))) { return NULL; } conn = conn_new(); if (!conn) { DEBUG(0,("Couldn't find free connection.\n")); - *status = NT_STATUS_INSUFFICIENT_RESOURCES; + *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES; return NULL; } @@ -755,7 +756,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (lp_guest_only(snum)) { const char *guestname = lp_guestaccount(); - NTSTATUS status2; char *found_username = NULL; guest = True; @@ -764,17 +764,17 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, DEBUG(0,("make_connection_snum: Invalid guest " "account %s??\n",guestname)); conn_free(conn); - *status = NT_STATUS_NO_SUCH_USER; + *pstatus = NT_STATUS_NO_SUCH_USER; return NULL; } - status2 = create_token_from_username(conn, pass->pw_name, True, - &conn->uid, &conn->gid, - &found_username, - &conn->nt_user_token); - if (!NT_STATUS_IS_OK(status2)) { + status = create_token_from_username(conn, pass->pw_name, True, + &conn->uid, &conn->gid, + &found_username, + &conn->nt_user_token); + if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(pass); conn_free(conn); - *status = status2; + *pstatus = status; return NULL; } fstrcpy(user, found_username); @@ -790,7 +790,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, "not permitted to access this share " "(%s)\n", lp_servicename(snum))); conn_free(conn); - *status = NT_STATUS_ACCESS_DENIED; + *pstatus = NT_STATUS_ACCESS_DENIED; return NULL; } } else { @@ -802,7 +802,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, vuser->server_info->unix_name, lp_servicename(snum))); conn_free(conn); - *status = NT_STATUS_ACCESS_DENIED; + *pstatus = NT_STATUS_ACCESS_DENIED; return NULL; } } @@ -824,7 +824,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, DEBUG( 2, ( "Invalid username/password for [%s]\n", lp_servicename(snum)) ); conn_free(conn); - *status = NT_STATUS_WRONG_PASSWORD; + *pstatus = NT_STATUS_WRONG_PASSWORD; return NULL; } pass = Get_Pwnam_alloc(talloc_tos(), user); @@ -835,7 +835,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, TALLOC_FREE(pass); if (!NT_STATUS_IS_OK(status2)) { conn_free(conn); - *status = status2; + *pstatus = status2; return NULL; } fstrcpy(user, found_username); @@ -845,7 +845,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } else { DEBUG(0, ("invalid VUID (vuser) but not in security=share\n")); conn_free(conn); - *status = NT_STATUS_ACCESS_DENIED; + *pstatus = NT_STATUS_ACCESS_DENIED; return NULL; } @@ -893,14 +893,12 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ if (*lp_force_user(snum)) { - NTSTATUS status2; - - status2 = find_forced_user(conn, + status = find_forced_user(conn, (vuser != NULL) && vuser->server_info->guest, user); - if (!NT_STATUS_IS_OK(status2)) { + if (!NT_STATUS_IS_OK(status)) { conn_free(conn); - *status = status2; + *pstatus = status; return NULL; } string_set(&conn->user,user); @@ -914,15 +912,13 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ if (*lp_force_group(snum)) { - NTSTATUS status2; DOM_SID group_sid; - status2 = find_forced_group(conn->force_user, - snum, user, - &group_sid, &conn->gid); - if (!NT_STATUS_IS_OK(status2)) { + status = find_forced_group(conn->force_user, snum, user, + &group_sid, &conn->gid); + if (!NT_STATUS_IS_OK(status)) { conn_free(conn); - *status = status2; + *pstatus = status; return NULL; } @@ -936,7 +932,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (conn->nt_user_token == NULL) { DEBUG(0, ("dup_nt_token failed\n")); conn_free(conn); - *status = NT_STATUS_NO_MEMORY; + *pstatus = NT_STATUS_NO_MEMORY; return NULL; } } @@ -978,7 +974,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, &conn->ngroups)) { DEBUG(0, ("add_gid_to_array_unique failed\n")); conn_free(conn); - *status = NT_STATUS_NO_MEMORY; + *pstatus = NT_STATUS_NO_MEMORY; return NULL; } } @@ -993,14 +989,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, lp_pathname(snum)); if (!s) { conn_free(conn); - *status = NT_STATUS_NO_MEMORY; + *pstatus = NT_STATUS_NO_MEMORY; return NULL; } if (!set_conn_connectpath(conn,s)) { TALLOC_FREE(s); conn_free(conn); - *status = NT_STATUS_NO_MEMORY; + *pstatus = NT_STATUS_NO_MEMORY; return NULL; } DEBUG(3,("Connect path is '%s' for service [%s]\n",s, @@ -1033,7 +1029,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, "NT token.\n", lp_servicename(snum))); conn_free(conn); - *status = NT_STATUS_ACCESS_DENIED; + *pstatus = NT_STATUS_ACCESS_DENIED; return NULL; } @@ -1051,7 +1047,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, "descriptor.\n", lp_servicename(snum))); conn_free(conn); - *status = NT_STATUS_ACCESS_DENIED; + *pstatus = NT_STATUS_ACCESS_DENIED; return NULL; } else { conn->read_only = True; @@ -1064,7 +1060,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(snum))); conn_free(conn); - *status = NT_STATUS_BAD_NETWORK_NAME; + *pstatus = NT_STATUS_BAD_NETWORK_NAME; return NULL; } @@ -1082,7 +1078,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, lp_servicename(snum), conn->connectpath)); conn_free(conn); - *status = NT_STATUS_BAD_NETWORK_NAME; + *pstatus = NT_STATUS_BAD_NETWORK_NAME; return NULL; } } @@ -1106,7 +1102,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, DEBUG(1, ("Max connections (%d) exceeded for %s\n", lp_max_connections(snum), lp_servicename(snum))); conn_free(conn); - *status = NT_STATUS_INSUFFICIENT_RESOURCES; + *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES; return NULL; } @@ -1116,7 +1112,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (!claim_connection(conn, lp_servicename(snum), 0)) { DEBUG(1, ("Could not store connections entry\n")); conn_free(conn); - *status = NT_STATUS_INTERNAL_DB_ERROR; + *pstatus = NT_STATUS_INTERNAL_DB_ERROR; return NULL; } @@ -1138,7 +1134,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, "connection\n", ret)); yield_connection(conn, lp_servicename(snum)); conn_free(conn); - *status = NT_STATUS_ACCESS_DENIED; + *pstatus = NT_STATUS_ACCESS_DENIED; return NULL; } } @@ -1149,7 +1145,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, DEBUG(0,("Can't become connected user!\n")); yield_connection(conn, lp_servicename(snum)); conn_free(conn); - *status = NT_STATUS_LOGON_FAILURE; + *pstatus = NT_STATUS_LOGON_FAILURE; return NULL; } @@ -1172,7 +1168,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (ret != 0 && lp_preexec_close(snum)) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); - *status = NT_STATUS_ACCESS_DENIED; + *pstatus = NT_STATUS_ACCESS_DENIED; goto err_root_exit; } } @@ -1196,7 +1192,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (SMB_VFS_CONNECT(conn, lp_servicename(snum), user) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); - *status = NT_STATUS_UNSUCCESSFUL; + *pstatus = NT_STATUS_UNSUCCESSFUL; goto err_root_exit; } @@ -1220,7 +1216,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->connectpath, lp_servicename(snum), strerror(errno) )); } - *status = NT_STATUS_BAD_NETWORK_NAME; + *pstatus = NT_STATUS_BAD_NETWORK_NAME; goto err_root_exit; } -- cgit From f93e232535eb14d8f3862fff965adc544e70819f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 6 May 2008 22:12:04 +0200 Subject: Remove unused "force_group" from connection_struct (This used to be commit 03944f8d8934cff74e19fc036f7611c1491e0d57) --- source3/smbd/service.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 40863fc55d..e2715fa6d8 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -947,7 +947,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, &group_sid); } - conn->force_group = True; } if (conn->nt_user_token != NULL) { -- cgit From 90995202c0f64d2c379be26760d3bf8c122199b5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 7 May 2008 12:20:18 +0200 Subject: Add "server_info" to connection_struct This will replace all the user identity stuff in connection_struct, for now it is just a source where the other fields in connection_struct are filled from. (This used to be commit 0f53f9e7db9f99f239c4d0950452d0e2cde2ae8b) --- source3/smbd/service.c | 120 ++++++++++--------------------------------------- 1 file changed, 23 insertions(+), 97 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index e2715fa6d8..974af83932 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -725,18 +725,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, const char *pdev, NTSTATUS *pstatus) { - struct passwd *pass = NULL; - bool guest = False; connection_struct *conn; SMB_STRUCT_STAT st; - fstring user; fstring dev; int ret; char addr[INET6_ADDRSTRLEN]; bool on_err_call_dis_hook = false; NTSTATUS status; - *user = 0; fstrcpy(dev, pdev); SET_STAT_INVALID(st); @@ -754,102 +750,33 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->params->service = snum; conn->nt_user_token = NULL; + status = create_connection_server_info( + conn, snum, vuser ? vuser->server_info : NULL, password, + &conn->server_info); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("create_connection_server_info failed: %s\n", + nt_errstr(status))); + *pstatus = status; + conn_free(conn); + return NULL; + } + if (lp_guest_only(snum)) { - const char *guestname = lp_guestaccount(); - char *found_username = NULL; - - guest = True; - pass = getpwnam_alloc(talloc_tos(), guestname); - if (!pass) { - DEBUG(0,("make_connection_snum: Invalid guest " - "account %s??\n",guestname)); - conn_free(conn); - *pstatus = NT_STATUS_NO_SUCH_USER; - return NULL; - } - status = create_token_from_username(conn, pass->pw_name, True, - &conn->uid, &conn->gid, - &found_username, - &conn->nt_user_token); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(pass); - conn_free(conn); - *pstatus = status; - return NULL; - } - fstrcpy(user, found_username); - string_set(&conn->user,user); - conn->force_user = True; - TALLOC_FREE(found_username); - TALLOC_FREE(pass); - DEBUG(3,("Guest only user %s\n",user)); + string_set(&conn->user, conn->server_info->unix_name); + conn->force_user = true; + DEBUG(3,("Guest only user %s\n", conn->user)); } else if (vuser) { - if (vuser->server_info->guest) { - if (!lp_guest_ok(snum)) { - DEBUG(2, ("guest user (from session setup) " - "not permitted to access this share " - "(%s)\n", lp_servicename(snum))); - conn_free(conn); - *pstatus = NT_STATUS_ACCESS_DENIED; - return NULL; - } - } else { - if (!user_ok_token(vuser->server_info->unix_name, - vuser->server_info->ptok, snum)) { - DEBUG(2, ("user '%s' (from session setup) not " - "permitted to access this share " - "(%s)\n", - vuser->server_info->unix_name, - lp_servicename(snum))); - conn_free(conn); - *pstatus = NT_STATUS_ACCESS_DENIED; - return NULL; - } - } conn->vuid = vuser->vuid; conn->uid = vuser->server_info->uid; conn->gid = vuser->server_info->gid; string_set(&conn->user,vuser->server_info->unix_name); - fstrcpy(user,vuser->server_info->unix_name); - guest = vuser->server_info->guest; } else if (lp_security() == SEC_SHARE) { - NTSTATUS status2; - char *found_username = NULL; - - /* add it as a possible user name if we - are in share mode security */ - add_session_user(lp_servicename(snum)); - /* shall we let them in? */ - if (!authorise_login(snum,user,password,&guest)) { - DEBUG( 2, ( "Invalid username/password for [%s]\n", - lp_servicename(snum)) ); - conn_free(conn); - *pstatus = NT_STATUS_WRONG_PASSWORD; - return NULL; - } - pass = Get_Pwnam_alloc(talloc_tos(), user); - status2 = create_token_from_username(conn, pass->pw_name, True, - &conn->uid, &conn->gid, - &found_username, - &conn->nt_user_token); - TALLOC_FREE(pass); - if (!NT_STATUS_IS_OK(status2)) { - conn_free(conn); - *pstatus = status2; - return NULL; - } - fstrcpy(user, found_username); - string_set(&conn->user,user); - TALLOC_FREE(found_username); + string_set(&conn->user, conn->server_info->unix_name); conn->force_user = True; - } else { - DEBUG(0, ("invalid VUID (vuser) but not in security=share\n")); - conn_free(conn); - *pstatus = NT_STATUS_ACCESS_DENIED; - return NULL; } - add_session_user(user); + add_session_user(conn->user); safe_strcpy(conn->client_address, client_addr(get_client_fd(),addr,sizeof(addr)), @@ -881,7 +808,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->veto_oplock_list = NULL; conn->aio_write_behind_list = NULL; string_set(&conn->dirpath,""); - string_set(&conn->user,user); conn->read_only = lp_readonly(SNUM(conn)); conn->admin_user = False; @@ -895,15 +821,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (*lp_force_user(snum)) { status = find_forced_user(conn, (vuser != NULL) && vuser->server_info->guest, - user); + conn->user); if (!NT_STATUS_IS_OK(status)) { conn_free(conn); *pstatus = status; return NULL; } - string_set(&conn->user,user); conn->force_user = True; - DEBUG(3,("Forced user %s\n",user)); + DEBUG(3,("Forced user %s\n",conn->user)); } /* @@ -914,7 +839,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (*lp_force_group(snum)) { DOM_SID group_sid; - status = find_forced_group(conn->force_user, snum, user, + status = find_forced_group(conn->force_user, snum, + conn->user, &group_sid, &conn->gid); if (!NT_STATUS_IS_OK(status)) { conn_free(conn); @@ -1189,7 +1115,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, to allow any filesystems needing user credentials to initialize themselves. */ - if (SMB_VFS_CONNECT(conn, lp_servicename(snum), user) < 0) { + if (SMB_VFS_CONNECT(conn, lp_servicename(snum), conn->user) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); *pstatus = NT_STATUS_UNSUCCESSFUL; goto err_root_exit; @@ -1256,7 +1182,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->client_address ); dbgtext( "%s", srv_is_signing_active() ? "signed " : ""); dbgtext( "connect to service %s ", lp_servicename(snum) ); - dbgtext( "initially as user %s ", user ); + dbgtext( "initially as user %s ", conn->user ); dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() ); dbgtext( "(pid %d)\n", (int)sys_getpid() ); } -- cgit From ca2580028744c8c9301487ffee87befdd94be383 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 7 May 2008 12:42:36 +0200 Subject: Simplify make_connection_snum: Copy connection_struct info from server_info (This used to be commit 5aa3cdf355c179d89c2703f528919194ab084337) --- source3/smbd/service.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 974af83932..a95f756132 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -762,20 +762,16 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } - if (lp_guest_only(snum)) { - string_set(&conn->user, conn->server_info->unix_name); + if ((lp_guest_only(snum)) || (lp_security() == SEC_SHARE)) { conn->force_user = true; - DEBUG(3,("Guest only user %s\n", conn->user)); - } else if (vuser) { - conn->vuid = vuser->vuid; - conn->uid = vuser->server_info->uid; - conn->gid = vuser->server_info->gid; - string_set(&conn->user,vuser->server_info->unix_name); - } else if (lp_security() == SEC_SHARE) { - string_set(&conn->user, conn->server_info->unix_name); - conn->force_user = True; } + conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID; + + conn->uid = conn->server_info->uid; + conn->gid = conn->server_info->gid; + string_set(&conn->user, conn->server_info->unix_name); + add_session_user(conn->user); safe_strcpy(conn->client_address, @@ -819,16 +815,18 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ if (*lp_force_user(snum)) { + fstring tmp; + fstrcpy(tmp, conn->user); status = find_forced_user(conn, (vuser != NULL) && vuser->server_info->guest, - conn->user); + tmp); if (!NT_STATUS_IS_OK(status)) { conn_free(conn); *pstatus = status; return NULL; } conn->force_user = True; - DEBUG(3,("Forced user %s\n",conn->user)); + DEBUG(3,("Forced user %s\n",tmp)); } /* -- cgit From ddcea20947fb3ca5ccd9e2a1e024ac8296dc4055 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 7 May 2008 13:16:20 +0200 Subject: Replace find_forced_user by a direct call to make_serverinfo_from_username (This used to be commit 7991e6764b4187ba86802569dfdc5816e6137f78) --- source3/smbd/service.c | 63 +++++++++++++++++++++----------------------------- 1 file changed, 26 insertions(+), 37 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a95f756132..e3635d45db 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -523,31 +523,6 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) return NT_STATUS_OK; } -static NTSTATUS find_forced_user(connection_struct *conn, bool vuser_is_guest, fstring username) -{ - int snum = conn->params->service; - char *fuser, *found_username; - NTSTATUS result; - - if (!(fuser = talloc_string_sub(conn, lp_force_user(snum), "%S", - lp_servicename(snum)))) { - return NT_STATUS_NO_MEMORY; - } - - result = create_token_from_username(conn, fuser, vuser_is_guest, - &conn->uid, &conn->gid, &found_username, - &conn->nt_user_token); - if (!NT_STATUS_IS_OK(result)) { - return result; - } - - fstrcpy(username, found_username); - - TALLOC_FREE(fuser); - TALLOC_FREE(found_username); - return NT_STATUS_OK; -} - /* * Go through lookup_name etc to find the force'd group. * @@ -766,13 +741,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->force_user = true; } - conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID; - - conn->uid = conn->server_info->uid; - conn->gid = conn->server_info->gid; - string_set(&conn->user, conn->server_info->unix_name); - add_session_user(conn->user); + add_session_user(conn->server_info->unix_name); safe_strcpy(conn->client_address, client_addr(get_client_fd(),addr,sizeof(addr)), @@ -815,20 +785,39 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ if (*lp_force_user(snum)) { - fstring tmp; - fstrcpy(tmp, conn->user); - status = find_forced_user(conn, - (vuser != NULL) && vuser->server_info->guest, - tmp); + char *fuser; + struct auth_serversupplied_info *forced_serverinfo; + + fuser = talloc_string_sub(conn, lp_force_user(snum), "%S", + lp_servicename(snum)); + if (fuser == NULL) { + conn_free(conn); + *pstatus = NT_STATUS_NO_MEMORY; + return NULL; + } + + status = make_serverinfo_from_username( + conn, fuser, conn->server_info->guest, + &forced_serverinfo); if (!NT_STATUS_IS_OK(status)) { conn_free(conn); *pstatus = status; return NULL; } + + TALLOC_FREE(conn->server_info); + conn->server_info = forced_serverinfo; + conn->force_user = True; - DEBUG(3,("Forced user %s\n",tmp)); + DEBUG(3,("Forced user %s\n", fuser)); } + conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID; + + conn->uid = conn->server_info->uid; + conn->gid = conn->server_info->gid; + string_set(&conn->user, conn->server_info->unix_name); + /* * If force group is true, then override * any groupid stored for the connecting user. -- cgit From 39bd6a95959e9015262b7b4250d3fcd58be44fc9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 7 May 2008 14:25:47 +0200 Subject: Do not unnecessarily mess with the results in find_forced_group() (This used to be commit 6d9860d09b54c61625f011c2d56d710aa59d7686) --- source3/smbd/service.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index e3635d45db..60d962f3fd 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -543,9 +543,6 @@ static NTSTATUS find_forced_group(bool force_user, bool user_must_be_member = False; gid_t gid; - ZERO_STRUCTP(pgroup_sid); - *pgid = (gid_t)-1; - groupname = talloc_strdup(talloc_tos(), lp_force_group(snum)); if (groupname == NULL) { DEBUG(1, ("talloc_strdup failed\n")); -- cgit From d2157f13422da4991ffcc007c7bc3c07e1f42912 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 7 May 2008 14:28:23 +0200 Subject: Add an error return in find_forced_group() (This used to be commit 93ce0705c14f222bda3e6204f4b54ba1893f33e1) --- source3/smbd/service.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 60d962f3fd..30e48018e9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -557,6 +557,11 @@ static NTSTATUS find_forced_group(bool force_user, groupname = talloc_string_sub(talloc_tos(), groupname, "%S", lp_servicename(snum)); + if (groupname == NULL) { + DEBUG(1, ("talloc_string_sub failed\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } if (!lookup_name_smbconf(talloc_tos(), groupname, LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP, -- cgit From 322896f8dd9e7d92fe677178bd131fcfc09319f2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 7 May 2008 14:36:15 +0200 Subject: find_forced_group can directly change the token in server_info Now that we have a token that is correctly set up with gids already, this saves manual translation of the SIDs to GIDs. (This used to be commit 6136a6d9d7301c65f37e2bf485681138cddd8bd2) --- source3/smbd/service.c | 88 +++++++++----------------------------------------- 1 file changed, 16 insertions(+), 72 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 30e48018e9..267ca3c29f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -743,7 +743,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->force_user = true; } - add_session_user(conn->server_info->unix_name); safe_strcpy(conn->client_address, @@ -780,13 +779,13 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->read_only = lp_readonly(SNUM(conn)); conn->admin_user = False; - /* - * If force user is true, then store the given userid and the gid of - * the user we're forcing. - * For auxiliary groups see below. - */ - if (*lp_force_user(snum)) { + + /* + * Replace conn->server_info with a completely faked up one + * from the username we are forced into :-) + */ + char *fuser; struct auth_serversupplied_info *forced_serverinfo; @@ -814,85 +813,30 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, DEBUG(3,("Forced user %s\n", fuser)); } - conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID; - - conn->uid = conn->server_info->uid; - conn->gid = conn->server_info->gid; - string_set(&conn->user, conn->server_info->unix_name); - /* * If force group is true, then override * any groupid stored for the connecting user. */ - + if (*lp_force_group(snum)) { - DOM_SID group_sid; - status = find_forced_group(conn->force_user, snum, - conn->user, - &group_sid, &conn->gid); + status = find_forced_group( + conn->force_user, snum, conn->user, + &conn->server_info->ptok->user_sids[1], + &conn->server_info->gid); + if (!NT_STATUS_IS_OK(status)) { conn_free(conn); *pstatus = status; return NULL; } - - if ((conn->nt_user_token == NULL) && (vuser != NULL)) { - - /* Not force user and not security=share, but force - * group. vuser has a token to copy */ - - conn->nt_user_token = dup_nt_token( - NULL, vuser->server_info->ptok); - if (conn->nt_user_token == NULL) { - DEBUG(0, ("dup_nt_token failed\n")); - conn_free(conn); - *pstatus = NT_STATUS_NO_MEMORY; - return NULL; - } - } - - /* If conn->nt_user_token is still NULL, we have - * security=share. This means ignore the SID, as we had no - * vuser to copy from */ - - if (conn->nt_user_token != NULL) { - /* Overwrite the primary group sid */ - sid_copy(&conn->nt_user_token->user_sids[1], - &group_sid); - - } } - if (conn->nt_user_token != NULL) { - size_t i; - - /* We have a share-specific token from force [user|group]. - * This means we have to create the list of unix groups from - * the list of sids. */ - - conn->ngroups = 0; - conn->groups = NULL; - - for (i=0; int_user_token->num_sids; i++) { - gid_t gid; - DOM_SID *sid = &conn->nt_user_token->user_sids[i]; + conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID; - if (!sid_to_gid(sid, &gid)) { - DEBUG(10, ("Could not convert SID %s to gid, " - "ignoring it\n", - sid_string_dbg(sid))); - continue; - } - if (!add_gid_to_array_unique(conn, gid, &conn->groups, - &conn->ngroups)) { - DEBUG(0, ("add_gid_to_array_unique failed\n")); - conn_free(conn); - *pstatus = NT_STATUS_NO_MEMORY; - return NULL; - } - } - } + conn->uid = conn->server_info->uid; + conn->gid = conn->server_info->gid; + string_set(&conn->user, conn->server_info->unix_name); { char *s = talloc_sub_advanced(talloc_tos(), -- cgit From 776caa081bc36aac0ab7cc826836740f5bf0bf24 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 8 May 2008 15:09:02 +0200 Subject: Replace nt_user_token with server_info in connection_struct (This used to be commit a3738aef59e97d4533010b048534d937d36c0950) --- source3/smbd/service.c | 28 ++++------------------------ 1 file changed, 4 insertions(+), 24 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 267ca3c29f..77ed320e07 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -725,7 +725,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } conn->params->service = snum; - conn->nt_user_token = NULL; status = create_connection_server_info( conn, snum, vuser ? vuser->server_info : NULL, password, @@ -871,32 +870,13 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, { bool can_write = False; - NT_USER_TOKEN *token = conn->nt_user_token ? - conn->nt_user_token : - (vuser ? vuser->server_info->ptok : NULL); - /* - * I don't believe this can happen. But the - * logic above is convoluted enough to confuse - * automated checkers, so be sure. JRA. - */ - - if (token == NULL) { - DEBUG(0,("make_connection: connection to %s " - "denied due to missing " - "NT token.\n", - lp_servicename(snum))); - conn_free(conn); - *pstatus = NT_STATUS_ACCESS_DENIED; - return NULL; - } - - can_write = share_access_check(token, - lp_servicename(snum), - FILE_WRITE_DATA); + can_write = share_access_check(conn->server_info->ptok, + lp_servicename(snum), + FILE_WRITE_DATA); if (!can_write) { - if (!share_access_check(token, + if (!share_access_check(conn->server_info->ptok, lp_servicename(snum), FILE_READ_DATA)) { /* No access, read or write. */ -- cgit From 53a623d8a69b5dd7fbd964013032878e09032375 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 8 May 2008 15:53:55 +0200 Subject: Remove the unix token info from connection_struct (This used to be commit 2834dacc8d49f77fe55fb5d7e3eb2dda431d1d3d) --- source3/smbd/service.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 77ed320e07..fd072135e8 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -833,14 +833,13 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID; - conn->uid = conn->server_info->uid; - conn->gid = conn->server_info->gid; string_set(&conn->user, conn->server_info->unix_name); { char *s = talloc_sub_advanced(talloc_tos(), lp_servicename(SNUM(conn)), conn->user, - conn->connectpath, conn->gid, + conn->connectpath, + conn->server_info->gid, get_current_username(), current_user_info.domain, lp_pathname(snum)); @@ -960,7 +959,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (*lp_rootpreexec(snum)) { char *cmd = talloc_sub_advanced(talloc_tos(), lp_servicename(SNUM(conn)), conn->user, - conn->connectpath, conn->gid, + conn->connectpath, + conn->server_info->gid, get_current_username(), current_user_info.domain, lp_rootpreexec(snum)); @@ -997,7 +997,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (*lp_preexec(snum)) { char *cmd = talloc_sub_advanced(talloc_tos(), lp_servicename(SNUM(conn)), conn->user, - conn->connectpath, conn->gid, + conn->connectpath, + conn->server_info->gid, get_current_username(), current_user_info.domain, lp_preexec(snum)); @@ -1316,7 +1317,8 @@ void close_cnum(connection_struct *conn, uint16 vuid) change_to_user(conn, vuid)) { char *cmd = talloc_sub_advanced(talloc_tos(), lp_servicename(SNUM(conn)), conn->user, - conn->connectpath, conn->gid, + conn->connectpath, + conn->server_info->gid, get_current_username(), current_user_info.domain, lp_postexec(SNUM(conn))); @@ -1330,7 +1332,8 @@ void close_cnum(connection_struct *conn, uint16 vuid) if (*lp_rootpostexec(SNUM(conn))) { char *cmd = talloc_sub_advanced(talloc_tos(), lp_servicename(SNUM(conn)), conn->user, - conn->connectpath, conn->gid, + conn->connectpath, + conn->server_info->gid, get_current_username(), current_user_info.domain, lp_rootpostexec(SNUM(conn))); -- cgit From 5bda9a8af02c7889e15e580a5620689aa312a16a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 8 May 2008 16:06:42 +0200 Subject: Remove "user" from connection_struct (This used to be commit 368454a27cb53a408ec416cbf37235b304592fb5) --- source3/smbd/service.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index fd072135e8..c90d4d16bc 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -820,7 +820,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (*lp_force_group(snum)) { status = find_forced_group( - conn->force_user, snum, conn->user, + conn->force_user, snum, conn->server_info->unix_name, &conn->server_info->ptok->user_sids[1], &conn->server_info->gid); @@ -833,11 +833,10 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID; - string_set(&conn->user, conn->server_info->unix_name); - { char *s = talloc_sub_advanced(talloc_tos(), - lp_servicename(SNUM(conn)), conn->user, + lp_servicename(SNUM(conn)), + conn->server_info->unix_name, conn->connectpath, conn->server_info->gid, get_current_username(), @@ -958,7 +957,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* execute any "root preexec = " line */ if (*lp_rootpreexec(snum)) { char *cmd = talloc_sub_advanced(talloc_tos(), - lp_servicename(SNUM(conn)), conn->user, + lp_servicename(SNUM(conn)), + conn->server_info->unix_name, conn->connectpath, conn->server_info->gid, get_current_username(), @@ -996,7 +996,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, /* execute any "preexec = " line */ if (*lp_preexec(snum)) { char *cmd = talloc_sub_advanced(talloc_tos(), - lp_servicename(SNUM(conn)), conn->user, + lp_servicename(SNUM(conn)), + conn->server_info->unix_name, conn->connectpath, conn->server_info->gid, get_current_username(), @@ -1029,7 +1030,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, to allow any filesystems needing user credentials to initialize themselves. */ - if (SMB_VFS_CONNECT(conn, lp_servicename(snum), conn->user) < 0) { + if (SMB_VFS_CONNECT(conn, lp_servicename(snum), + conn->server_info->unix_name) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); *pstatus = NT_STATUS_UNSUCCESSFUL; goto err_root_exit; @@ -1096,7 +1098,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->client_address ); dbgtext( "%s", srv_is_signing_active() ? "signed " : ""); dbgtext( "connect to service %s ", lp_servicename(snum) ); - dbgtext( "initially as user %s ", conn->user ); + dbgtext( "initially as user %s ", + conn->server_info->unix_name ); dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() ); dbgtext( "(pid %d)\n", (int)sys_getpid() ); } @@ -1316,7 +1319,8 @@ void close_cnum(connection_struct *conn, uint16 vuid) if (*lp_postexec(SNUM(conn)) && change_to_user(conn, vuid)) { char *cmd = talloc_sub_advanced(talloc_tos(), - lp_servicename(SNUM(conn)), conn->user, + lp_servicename(SNUM(conn)), + conn->server_info->unix_name, conn->connectpath, conn->server_info->gid, get_current_username(), @@ -1331,7 +1335,8 @@ void close_cnum(connection_struct *conn, uint16 vuid) /* execute any "root postexec = " line */ if (*lp_rootpostexec(SNUM(conn))) { char *cmd = talloc_sub_advanced(talloc_tos(), - lp_servicename(SNUM(conn)), conn->user, + lp_servicename(SNUM(conn)), + conn->server_info->unix_name, conn->connectpath, conn->server_info->gid, get_current_username(), -- cgit From 320fadd8fc600262d26ea417a92d395aeb16ef57 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 11 May 2008 01:03:45 +0200 Subject: Remove the reference to current_user_info from share_access.c This required to pass around the domain a bit (This used to be commit 17b0db20d28d1b737c5e86b78106657e8ca5ce9c) --- source3/smbd/service.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c90d4d16bc..4092928de1 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -646,6 +646,7 @@ static NTSTATUS create_connection_server_info(TALLOC_CTX *mem_ctx, int snum, } } else { if (!user_ok_token(vuid_serverinfo->unix_name, + pdb_get_domain(vuid_serverinfo->sam_account), vuid_serverinfo->ptok, snum)) { DEBUG(2, ("user '%s' (from session setup) not " "permitted to access this share " -- cgit From 50ab871813d8281760e0c70d454cba996e0b67d8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 11 May 2008 11:26:33 +0200 Subject: Remove some references to get_current_username() and current_user_info (This used to be commit 344d69f95e217d16213eaa6b53141af6ab459708) --- source3/smbd/service.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 4092928de1..fbce22e975 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -840,8 +840,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->server_info->unix_name, conn->connectpath, conn->server_info->gid, - get_current_username(), - current_user_info.domain, + conn->server_info->sanitized_username, + pdb_get_domain(conn->server_info->sam_account), lp_pathname(snum)); if (!s) { conn_free(conn); @@ -962,8 +962,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->server_info->unix_name, conn->connectpath, conn->server_info->gid, - get_current_username(), - current_user_info.domain, + conn->server_info->sanitized_username, + pdb_get_domain(conn->server_info->sam_account), lp_rootpreexec(snum)); DEBUG(5,("cmd=%s\n",cmd)); ret = smbrun(cmd,NULL); @@ -1001,8 +1001,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->server_info->unix_name, conn->connectpath, conn->server_info->gid, - get_current_username(), - current_user_info.domain, + conn->server_info->sanitized_username, + pdb_get_domain(conn->server_info->sam_account), lp_preexec(snum)); ret = smbrun(cmd,NULL); TALLOC_FREE(cmd); @@ -1324,8 +1324,8 @@ void close_cnum(connection_struct *conn, uint16 vuid) conn->server_info->unix_name, conn->connectpath, conn->server_info->gid, - get_current_username(), - current_user_info.domain, + conn->server_info->sanitized_username, + pdb_get_domain(conn->server_info->sam_account), lp_postexec(SNUM(conn))); smbrun(cmd,NULL); TALLOC_FREE(cmd); @@ -1340,8 +1340,8 @@ void close_cnum(connection_struct *conn, uint16 vuid) conn->server_info->unix_name, conn->connectpath, conn->server_info->gid, - get_current_username(), - current_user_info.domain, + conn->server_info->sanitized_username, + pdb_get_domain(conn->server_info->sam_account), lp_rootpostexec(SNUM(conn))); smbrun(cmd,NULL); TALLOC_FREE(cmd); -- cgit From ae5135310737499dfe801df48fe554e5ba53a834 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 26 May 2008 21:13:05 -0700 Subject: Re-enable the evil "aio write behind" parameter. Jeremy. (This used to be commit 5d22ca00bcdf49dcb35468400ac8cc3c57808d0d) --- source3/smbd/service.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index fbce22e975..ac233a97b7 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1025,6 +1025,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, set_namearray( &conn->veto_list, lp_veto_files(snum)); set_namearray( &conn->hide_list, lp_hide_files(snum)); set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(snum)); + set_namearray( &conn->aio_write_behind_list, + lp_aio_write_behind(snum)); } /* Invoke VFS make connection hook - do this before the VFS_STAT call -- cgit From 40f5eab5eb515937e1b23cf6762b77c194d29b9d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 19 Jun 2008 16:54:12 +0200 Subject: Wrap the unix token info in a unix_user_token in auth_serversupplied_info No functional change, this is a preparation for more current_user ref removal (This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445) --- source3/smbd/service.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ac233a97b7..1ad48451ff 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -823,7 +823,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, status = find_forced_group( conn->force_user, snum, conn->server_info->unix_name, &conn->server_info->ptok->user_sids[1], - &conn->server_info->gid); + &conn->server_info->utok.gid); if (!NT_STATUS_IS_OK(status)) { conn_free(conn); @@ -839,7 +839,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), lp_pathname(snum)); @@ -961,7 +961,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), lp_rootpreexec(snum)); @@ -1000,7 +1000,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), lp_preexec(snum)); @@ -1325,7 +1325,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), lp_postexec(SNUM(conn))); @@ -1341,7 +1341,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), lp_rootpostexec(SNUM(conn))); -- cgit From 3c516937e80bcac5dd453dd9e6f83ccb67c5a22b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 26 Jun 2008 13:32:11 +0200 Subject: Fix a debug message (This used to be commit 8dd94d448bc5ad067024c56c6ef498bc88a396b2) --- source3/smbd/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 1ad48451ff..0b851f1e48 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1143,7 +1143,7 @@ connection_struct *make_connection_with_chdir(const char *service_in, */ if ( conn && vfs_ChDir(conn,conn->connectpath) != 0 ) { - DEBUG(0,("move_driver_to_download_area: Can't change " + DEBUG(0,("make_connection_with_chdir: Can't change " "directory to %s for [print$] (%s)\n", conn->connectpath,strerror(errno))); yield_connection(conn, lp_servicename(SNUM(conn))); -- cgit