From ef2e26c91b80556af033d3335e55f5dfa6fff31d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 13 Aug 2003 01:53:07 +0000 Subject: first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) --- source4/modules/developer.c | 132 +++++ source4/modules/mysql.c | 1043 ++++++++++++++++++++++++++++++++++++++ source4/modules/vfs_audit.c | 278 ++++++++++ source4/modules/vfs_extd_audit.c | 319 ++++++++++++ source4/modules/vfs_fake_perms.c | 471 +++++++++++++++++ source4/modules/vfs_netatalk.c | 429 ++++++++++++++++ source4/modules/vfs_recycle.c | 648 +++++++++++++++++++++++ source4/modules/xml.c | 575 +++++++++++++++++++++ 8 files changed, 3895 insertions(+) create mode 100644 source4/modules/developer.c create mode 100644 source4/modules/mysql.c create mode 100644 source4/modules/vfs_audit.c create mode 100644 source4/modules/vfs_extd_audit.c create mode 100644 source4/modules/vfs_fake_perms.c create mode 100644 source4/modules/vfs_netatalk.c create mode 100644 source4/modules/vfs_recycle.c create mode 100644 source4/modules/xml.c (limited to 'source4/modules') diff --git a/source4/modules/developer.c b/source4/modules/developer.c new file mode 100644 index 0000000000..a697abcd22 --- /dev/null +++ b/source4/modules/developer.c @@ -0,0 +1,132 @@ +/* + Unix SMB/CIFS implementation. + Samba module with developer tools + Copyright (C) Andrew Tridgell 2001 + Copyright (C) Jelmer Vernooij 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +static struct { + char from; + char *to; + int len; +} weird_table[] = { + {'q', "^q^", 3}, + {'Q', "^Q^", 3}, + {0, NULL} +}; + +static size_t weird_pull(void *cd, char **inbuf, size_t *inbytesleft, + char **outbuf, size_t *outbytesleft) +{ + while (*inbytesleft >= 1 && *outbytesleft >= 2) { + int i; + int done = 0; + for (i=0;weird_table[i].from;i++) { + if (strncmp((*inbuf), + weird_table[i].to, + weird_table[i].len) == 0) { + if (*inbytesleft < weird_table[i].len) { + DEBUG(0,("ERROR: truncated weird string\n")); + /* smb_panic("weird_pull"); */ + + } else { + (*outbuf)[0] = weird_table[i].from; + (*outbuf)[1] = 0; + (*inbytesleft) -= weird_table[i].len; + (*outbytesleft) -= 2; + (*inbuf) += weird_table[i].len; + (*outbuf) += 2; + done = 1; + break; + } + } + } + if (done) continue; + (*outbuf)[0] = (*inbuf)[0]; + (*outbuf)[1] = 0; + (*inbytesleft) -= 1; + (*outbytesleft) -= 2; + (*inbuf) += 1; + (*outbuf) += 2; + } + + if (*inbytesleft > 0) { + errno = E2BIG; + return -1; + } + + return 0; +} + +static size_t weird_push(void *cd, char **inbuf, size_t *inbytesleft, + char **outbuf, size_t *outbytesleft) +{ + int ir_count=0; + + while (*inbytesleft >= 2 && *outbytesleft >= 1) { + int i; + int done=0; + for (i=0;weird_table[i].from;i++) { + if ((*inbuf)[0] == weird_table[i].from && + (*inbuf)[1] == 0) { + if (*outbytesleft < weird_table[i].len) { + DEBUG(0,("No room for weird character\n")); + /* smb_panic("weird_push"); */ + } else { + memcpy(*outbuf, weird_table[i].to, + weird_table[i].len); + (*inbytesleft) -= 2; + (*outbytesleft) -= weird_table[i].len; + (*inbuf) += 2; + (*outbuf) += weird_table[i].len; + done = 1; + break; + } + } + } + if (done) continue; + + (*outbuf)[0] = (*inbuf)[0]; + if ((*inbuf)[1]) ir_count++; + (*inbytesleft) -= 2; + (*outbytesleft) -= 1; + (*inbuf) += 2; + (*outbuf) += 1; + } + + if (*inbytesleft == 1) { + errno = EINVAL; + return -1; + } + + if (*inbytesleft > 1) { + errno = E2BIG; + return -1; + } + + return ir_count; +} + +struct charset_functions weird_functions = {"WEIRD", weird_pull, weird_push}; + +int init_module(void) +{ + smb_register_charset(&weird_functions); + return 1; +} diff --git a/source4/modules/mysql.c b/source4/modules/mysql.c new file mode 100644 index 0000000000..1d5819295b --- /dev/null +++ b/source4/modules/mysql.c @@ -0,0 +1,1043 @@ + +/* + * MySQL password backend for samba + * Copyright (C) Jelmer Vernooij 2002 + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" +#include + +#define CONFIG_TABLE_DEFAULT "user" +#define CONFIG_LOGON_TIME_DEFAULT "logon_time" +#define CONFIG_LOGOFF_TIME_DEFAULT "logoff_time" +#define CONFIG_KICKOFF_TIME_DEFAULT "kickoff_time" +#define CONFIG_PASS_LAST_SET_TIME_DEFAULT "pass_last_set_time" +#define CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT "pass_can_change_time" +#define CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT "pass_must_change_time" +#define CONFIG_USERNAME_DEFAULT "username" +#define CONFIG_DOMAIN_DEFAULT "domain" +#define CONFIG_NT_USERNAME_DEFAULT "nt_username" +#define CONFIG_FULLNAME_DEFAULT "nt_fullname" +#define CONFIG_HOME_DIR_DEFAULT "home_dir" +#define CONFIG_DIR_DRIVE_DEFAULT "dir_drive" +#define CONFIG_LOGON_SCRIPT_DEFAULT "logon_script" +#define CONFIG_PROFILE_PATH_DEFAULT "profile_path" +#define CONFIG_ACCT_DESC_DEFAULT "acct_desc" +#define CONFIG_WORKSTATIONS_DEFAULT "workstations" +#define CONFIG_UNKNOWN_STR_DEFAULT "unknown_str" +#define CONFIG_MUNGED_DIAL_DEFAULT "munged_dial" +#define CONFIG_UID_DEFAULT "uid" +#define CONFIG_GID_DEFAULT "gid" +#define CONFIG_USER_SID_DEFAULT "user_sid" +#define CONFIG_GROUP_SID_DEFAULT "group_sid" +#define CONFIG_LM_PW_DEFAULT "lm_pw" +#define CONFIG_NT_PW_DEFAULT "nt_pw" +#define CONFIG_PLAIN_PW_DEFAULT "NULL" +#define CONFIG_ACCT_CTRL_DEFAULT "acct_ctrl" +#define CONFIG_UNKNOWN_3_DEFAULT "unknown_3" +#define CONFIG_LOGON_DIVS_DEFAULT "logon_divs" +#define CONFIG_HOURS_LEN_DEFAULT "hours_len" +#define CONFIG_UNKNOWN_5_DEFAULT "unknown_5" +#define CONFIG_UNKNOWN_6_DEFAULT "unknown_6" +#define CONFIG_HOST_DEFAULT "localhost" +#define CONFIG_USER_DEFAULT "samba" +#define CONFIG_PASS_DEFAULT "" +#define CONFIG_PORT_DEFAULT "3306" +#define CONFIG_DB_DEFAULT "samba" + +static int mysqlsam_debug_level = DBGC_ALL; + +#undef DBGC_CLASS +#define DBGC_CLASS mysqlsam_debug_level + +typedef struct pdb_mysql_data { + MYSQL *handle; + MYSQL_RES *pwent; + const char *location; +} pdb_mysql_data; + +/* Used to construct insert and update queries */ + +typedef struct pdb_mysql_query { + char update; + TALLOC_CTX *mem_ctx; + char *part1; + char *part2; +} pdb_mysql_query; +#define SET_DATA(data,methods) { \ + if(!methods){ \ + DEBUG(0, ("invalid methods!\n")); \ + return NT_STATUS_INVALID_PARAMETER; \ + } \ + data = (struct pdb_mysql_data *)methods->private_data; \ + if(!data || !(data->handle)){ \ + DEBUG(0, ("invalid handle!\n")); \ + return NT_STATUS_INVALID_HANDLE; \ + } \ +} + +static void pdb_mysql_int_field(struct pdb_methods *m, + struct pdb_mysql_query *q, char *name, int value) +{ + if (!name || strchr(name, '\'')) + return; /* This field shouldn't be set by us */ + + if (q->update) { + q->part1 = + talloc_asprintf_append(q->mem_ctx, q->part1, + "%s = %d,", name, value); + } else { + q->part1 = + talloc_asprintf_append(q->mem_ctx, q->part1, "%s,", name); + q->part2 = + talloc_asprintf_append(q->mem_ctx, q->part2, "%d,", value); + } +} + +static NTSTATUS pdb_mysql_string_field(struct pdb_methods *methods, + struct pdb_mysql_query *q, + char *name, const char *value) +{ + char *esc_value; + struct pdb_mysql_data *data; + char *tmp_value; + + SET_DATA(data, methods); + + if (!name || !value || !strcmp(value, "") || strchr(name, '\'')) + return NT_STATUS_INVALID_PARAMETER; /* This field shouldn't be set by module */ + + esc_value = malloc(strlen(value) * 2 + 1); + + tmp_value = smb_xstrdup(value); + mysql_real_escape_string(data->handle, esc_value, tmp_value, + strlen(tmp_value)); + SAFE_FREE(tmp_value); + + if (q->update) { + q->part1 = + talloc_asprintf_append(q->mem_ctx, q->part1, + "%s = '%s',", name, esc_value); + } else { + q->part1 = + talloc_asprintf_append(q->mem_ctx, q->part1, "%s,", name); + q->part2 = + talloc_asprintf_append(q->mem_ctx, q->part2, "'%s',", + esc_value); + } + + SAFE_FREE(esc_value); + + return NT_STATUS_OK; +} + +static char * config_value(pdb_mysql_data * data, char *name, char *default_value) +{ + if (lp_parm_string(NULL, data->location, name)) + return lp_parm_string(NULL, data->location, name); + + return default_value; +} + +static char * config_value_write(pdb_mysql_data * data, char *name, char *default_value) { + char *v = config_value(data, name, NULL); + char *swrite; + + if (!v) + return default_value; + + swrite = strchr(v, ':'); + + /* Default to the same field as read field */ + if (!swrite) + return v; + + swrite++; + + /* If the field is 0 chars long, we shouldn't write to it */ + if (!strlen(swrite) || !strcmp(swrite, "NULL")) + return NULL; + + /* Otherwise, use the additionally specified */ + return swrite; +} + +static const char * config_value_read(pdb_mysql_data * data, char *name, char *default_value) +{ + char *v = config_value(data, name, NULL); + char *swrite; + + if (!v) + return default_value; + + swrite = strchr(v, ':'); + + /* If no write is specified, there are no problems */ + if (!swrite) { + if (strlen(v) == 0) + return "NULL"; + return v; + } + + /* Otherwise, we have to cut the ':write_part' */ + *swrite = '\0'; + if (strlen(v) == 0) + return "NULL"; + + return v; +} + +/* Wrapper for atol that returns 0 if 'a' points to NULL */ +static long xatol(char *a) +{ + long ret = 0; + + if (a != NULL) + ret = atol(a); + + return ret; +} + +static NTSTATUS row_to_sam_account(MYSQL_RES * r, SAM_ACCOUNT * u) +{ + MYSQL_ROW row; + pstring temp; + unsigned int num_fields; + DOM_SID sid; + + num_fields = mysql_num_fields(r); + row = mysql_fetch_row(r); + if (!row) + return NT_STATUS_INVALID_PARAMETER; + + pdb_set_logon_time(u, xatol(row[0]), PDB_SET); + pdb_set_logoff_time(u, xatol(row[1]), PDB_SET); + pdb_set_kickoff_time(u, xatol(row[2]), PDB_SET); + pdb_set_pass_last_set_time(u, xatol(row[3]), PDB_SET); + pdb_set_pass_can_change_time(u, xatol(row[4]), PDB_SET); + pdb_set_pass_must_change_time(u, xatol(row[5]), PDB_SET); + pdb_set_username(u, row[6], PDB_SET); + pdb_set_domain(u, row[7], PDB_SET); + pdb_set_nt_username(u, row[8], PDB_SET); + pdb_set_fullname(u, row[9], PDB_SET); + pdb_set_homedir(u, row[10], PDB_SET); + pdb_set_dir_drive(u, row[11], PDB_SET); + pdb_set_logon_script(u, row[12], PDB_SET); + pdb_set_profile_path(u, row[13], PDB_SET); + pdb_set_acct_desc(u, row[14], PDB_SET); + pdb_set_workstations(u, row[15], PDB_SET); + pdb_set_unknown_str(u, row[16], PDB_SET); + pdb_set_munged_dial(u, row[17], PDB_SET); + + if (row[18]) + pdb_set_uid(u, xatol(row[18]), PDB_SET); + if (row[19]) + pdb_set_gid(u, xatol(row[19]), PDB_SET); + + string_to_sid(&sid, row[20]); + pdb_set_user_sid(u, &sid, PDB_SET); + string_to_sid(&sid, row[21]); + pdb_set_group_sid(u, &sid, PDB_SET); + + if (pdb_gethexpwd(row[22], temp), PDB_SET) + pdb_set_lanman_passwd(u, temp, PDB_SET); + if (pdb_gethexpwd(row[23], temp), PDB_SET) + pdb_set_nt_passwd(u, temp, PDB_SET); + + /* Only use plaintext password storage when lanman and nt are + * NOT used */ + if (!row[22] || !row[23]) + pdb_set_plaintext_passwd(u, row[24]); + + pdb_set_acct_ctrl(u, xatol(row[25]), PDB_SET); + pdb_set_unknown_3(u, xatol(row[26]), PDB_SET); + pdb_set_logon_divs(u, xatol(row[27]), PDB_SET); + pdb_set_hours_len(u, xatol(row[28]), PDB_SET); + pdb_set_unknown_5(u, xatol(row[29]), PDB_SET); + pdb_set_unknown_6(u, xatol(row[30]), PDB_SET); + + return NT_STATUS_OK; +} + +static NTSTATUS mysqlsam_setsampwent(struct pdb_methods *methods, BOOL update) +{ + struct pdb_mysql_data *data = + (struct pdb_mysql_data *) methods->private_data; + char *query; + int ret; + + if (!data || !(data->handle)) { + DEBUG(0, ("invalid handle!\n")); + return NT_STATUS_INVALID_HANDLE; + } + + asprintf(&query, + "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s", + config_value_read(data, "logon time column", + CONFIG_LOGON_TIME_DEFAULT), + config_value_read(data, "logoff time column", + CONFIG_LOGOFF_TIME_DEFAULT), + config_value_read(data, "kickoff time column", + CONFIG_KICKOFF_TIME_DEFAULT), + config_value_read(data, "pass last set time column", + CONFIG_PASS_LAST_SET_TIME_DEFAULT), + config_value_read(data, "pass can change time column", + CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT), + config_value_read(data, "pass must change time column", + CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT), + config_value_read(data, "username column", + CONFIG_USERNAME_DEFAULT), + config_value_read(data, "domain column", + CONFIG_DOMAIN_DEFAULT), + config_value_read(data, "nt username column", + CONFIG_NT_USERNAME_DEFAULT), + config_value_read(data, "fullname column", + CONFIG_FULLNAME_DEFAULT), + config_value_read(data, "home dir column", + CONFIG_HOME_DIR_DEFAULT), + config_value_read(data, "dir drive column", + CONFIG_DIR_DRIVE_DEFAULT), + config_value_read(data, "logon script column", + CONFIG_LOGON_SCRIPT_DEFAULT), + config_value_read(data, "profile path column", + CONFIG_PROFILE_PATH_DEFAULT), + config_value_read(data, "acct desc column", + CONFIG_ACCT_DESC_DEFAULT), + config_value_read(data, "workstations column", + CONFIG_WORKSTATIONS_DEFAULT), + config_value_read(data, "unknown string column", + CONFIG_UNKNOWN_STR_DEFAULT), + config_value_read(data, "munged dial column", + CONFIG_MUNGED_DIAL_DEFAULT), + config_value_read(data, "uid column", CONFIG_UID_DEFAULT), + config_value_read(data, "gid column", CONFIG_GID_DEFAULT), + config_value_read(data, "user sid column", + CONFIG_USER_SID_DEFAULT), + config_value_read(data, "group sid column", + CONFIG_GROUP_SID_DEFAULT), + config_value_read(data, "lanman pass column", + CONFIG_LM_PW_DEFAULT), + config_value_read(data, "nt pass column", + CONFIG_NT_PW_DEFAULT), + config_value_read(data, "plain pass column", + CONFIG_PLAIN_PW_DEFAULT), + config_value_read(data, "acct ctrl column", + CONFIG_ACCT_CTRL_DEFAULT), + config_value_read(data, "unknown 3 column", + CONFIG_UNKNOWN_3_DEFAULT), + config_value_read(data, "logon divs column", + CONFIG_LOGON_DIVS_DEFAULT), + config_value_read(data, "hours len column", + CONFIG_HOURS_LEN_DEFAULT), + config_value_read(data, "unknown 5 column", + CONFIG_UNKNOWN_5_DEFAULT), + config_value_read(data, "unknown 6 column", + CONFIG_UNKNOWN_6_DEFAULT), + config_value(data, "table", CONFIG_TABLE_DEFAULT) + ); + DEBUG(5, ("Executing query %s\n", query)); + + ret = mysql_query(data->handle, query); + SAFE_FREE(query); + + if (ret) { + DEBUG(0, + ("Error executing MySQL query %s\n", mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + data->pwent = mysql_store_result(data->handle); + + if (data->pwent == NULL) { + DEBUG(0, + ("Error storing results: %s\n", mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(5, + ("mysqlsam_setsampwent succeeded(%lu results)!\n", + mysql_num_rows(data->pwent))); + + return NT_STATUS_OK; +} + +/*************************************************************** + End enumeration of the passwd list. + ****************************************************************/ + +static void mysqlsam_endsampwent(struct pdb_methods *methods) +{ + struct pdb_mysql_data *data = + (struct pdb_mysql_data *) methods->private_data; + + if (data == NULL) { + DEBUG(0, ("invalid handle!\n")); + return; + } + + if (data->pwent != NULL) + mysql_free_result(data->pwent); + + data->pwent = NULL; + + DEBUG(5, ("mysql_endsampwent called\n")); +} + +/***************************************************************** + Get one SAM_ACCOUNT from the list (next in line) + *****************************************************************/ + +static NTSTATUS mysqlsam_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT * user) +{ + struct pdb_mysql_data *data; + + SET_DATA(data, methods); + + if (data->pwent == NULL) { + DEBUG(0, ("invalid pwent\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + return row_to_sam_account(data->pwent, user); +} + +static NTSTATUS mysqlsam_select_by_field(struct pdb_methods * methods, SAM_ACCOUNT * user, + const char *field, const char *sname) +{ + char *esc_sname; + char *query; + NTSTATUS ret; + MYSQL_RES *res; + int mysql_ret; + struct pdb_mysql_data *data; + char *tmp_sname; + + SET_DATA(data, methods); + + esc_sname = malloc(strlen(sname) * 2 + 1); + if (!esc_sname) { + return NT_STATUS_NO_MEMORY; + } + + DEBUG(5, + ("mysqlsam_select_by_field: getting data where %s = %s(nonescaped)\n", + field, sname)); + + tmp_sname = smb_xstrdup(sname); + + /* Escape sname */ + mysql_real_escape_string(data->handle, esc_sname, tmp_sname, + strlen(tmp_sname)); + + SAFE_FREE(tmp_sname); + + if (user == NULL) { + DEBUG(0, ("pdb_getsampwnam: SAM_ACCOUNT is NULL.\n")); + SAFE_FREE(esc_sname); + return NT_STATUS_INVALID_PARAMETER; + } + + asprintf(&query, + "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s WHERE %s = '%s'", + config_value_read(data, "logon time column", + CONFIG_LOGON_TIME_DEFAULT), + config_value_read(data, "logoff time column", + CONFIG_LOGOFF_TIME_DEFAULT), + config_value_read(data, "kickoff time column", + CONFIG_KICKOFF_TIME_DEFAULT), + config_value_read(data, "pass last set time column", + CONFIG_PASS_LAST_SET_TIME_DEFAULT), + config_value_read(data, "pass can change time column", + CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT), + config_value_read(data, "pass must change time column", + CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT), + config_value_read(data, "username column", + CONFIG_USERNAME_DEFAULT), + config_value_read(data, "domain column", + CONFIG_DOMAIN_DEFAULT), + config_value_read(data, "nt username column", + CONFIG_NT_USERNAME_DEFAULT), + config_value_read(data, "fullname column", + CONFIG_FULLNAME_DEFAULT), + config_value_read(data, "home dir column", + CONFIG_HOME_DIR_DEFAULT), + config_value_read(data, "dir drive column", + CONFIG_DIR_DRIVE_DEFAULT), + config_value_read(data, "logon script column", + CONFIG_LOGON_SCRIPT_DEFAULT), + config_value_read(data, "profile path column", + CONFIG_PROFILE_PATH_DEFAULT), + config_value_read(data, "acct desc column", + CONFIG_ACCT_DESC_DEFAULT), + config_value_read(data, "workstations column", + CONFIG_WORKSTATIONS_DEFAULT), + config_value_read(data, "unknown string column", + CONFIG_UNKNOWN_STR_DEFAULT), + config_value_read(data, "munged dial column", + CONFIG_MUNGED_DIAL_DEFAULT), + config_value_read(data, "uid column", CONFIG_UID_DEFAULT), + config_value_read(data, "gid column", CONFIG_GID_DEFAULT), + config_value_read(data, "user sid column", + CONFIG_USER_SID_DEFAULT), + config_value_read(data, "group sid column", + CONFIG_GROUP_SID_DEFAULT), + config_value_read(data, "lanman pass column", + CONFIG_LM_PW_DEFAULT), + config_value_read(data, "nt pass column", + CONFIG_NT_PW_DEFAULT), + config_value_read(data, "plain pass column", + CONFIG_PLAIN_PW_DEFAULT), + config_value_read(data, "acct ctrl column", + CONFIG_ACCT_CTRL_DEFAULT), + config_value_read(data, "unknown 3 column", + CONFIG_UNKNOWN_3_DEFAULT), + config_value_read(data, "logon divs column", + CONFIG_LOGON_DIVS_DEFAULT), + config_value_read(data, "hours len column", + CONFIG_HOURS_LEN_DEFAULT), + config_value_read(data, "unknown 5 column", + CONFIG_UNKNOWN_5_DEFAULT), + config_value_read(data, "unknown 6 column", + CONFIG_UNKNOWN_6_DEFAULT), + config_value(data, "table", CONFIG_TABLE_DEFAULT), field, + esc_sname); + + SAFE_FREE(esc_sname); + + DEBUG(5, ("Executing query %s\n", query)); + + mysql_ret = mysql_query(data->handle, query); + + SAFE_FREE(query); + + if (mysql_ret) { + DEBUG(0, + ("Error while executing MySQL query %s\n", + mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + res = mysql_store_result(data->handle); + if (res == NULL) { + DEBUG(0, + ("Error storing results: %s\n", mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + ret = row_to_sam_account(res, user); + mysql_free_result(res); + + return ret; +} + +/****************************************************************** + Lookup a name in the SAM database + ******************************************************************/ + +static NTSTATUS mysqlsam_getsampwnam(struct pdb_methods *methods, SAM_ACCOUNT * user, + const char *sname) +{ + struct pdb_mysql_data *data; + + SET_DATA(data, methods); + + if (!sname) { + DEBUG(0, ("invalid name specified")); + return NT_STATUS_INVALID_PARAMETER; + } + + return mysqlsam_select_by_field(methods, user, + config_value_read(data, "username column", + CONFIG_USERNAME_DEFAULT), sname); +} + + +/*************************************************************************** + Search by sid + **************************************************************************/ + +static NTSTATUS mysqlsam_getsampwsid(struct pdb_methods *methods, SAM_ACCOUNT * user, + const DOM_SID * sid) +{ + struct pdb_mysql_data *data; + fstring sid_str; + + SET_DATA(data, methods); + + sid_to_string(sid_str, sid); + + return mysqlsam_select_by_field(methods, user, + config_value_read(data, "user sid column", + CONFIG_USER_SID_DEFAULT), sid_str); +} + +/*************************************************************************** + Delete a SAM_ACCOUNT + ****************************************************************************/ + +static NTSTATUS mysqlsam_delete_sam_account(struct pdb_methods *methods, + SAM_ACCOUNT * sam_pass) +{ + const char *sname = pdb_get_username(sam_pass); + char *esc; + char *query; + int ret; + struct pdb_mysql_data *data; + char *tmp_sname; + + SET_DATA(data, methods); + + if (!methods) { + DEBUG(0, ("invalid methods!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + data = (struct pdb_mysql_data *) methods->private_data; + if (!data || !(data->handle)) { + DEBUG(0, ("invalid handle!\n")); + return NT_STATUS_INVALID_HANDLE; + } + + if (!sname) { + DEBUG(0, ("invalid name specified\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + /* Escape sname */ + esc = malloc(strlen(sname) * 2 + 1); + if (!esc) { + DEBUG(0, ("Can't allocate memory to store escaped name\n")); + return NT_STATUS_NO_MEMORY; + } + + tmp_sname = smb_xstrdup(sname); + + mysql_real_escape_string(data->handle, esc, tmp_sname, + strlen(tmp_sname)); + + SAFE_FREE(tmp_sname); + + asprintf(&query, "DELETE FROM %s WHERE %s = '%s'", + config_value(data, "table", CONFIG_TABLE_DEFAULT), + config_value_read(data, "username column", + CONFIG_USERNAME_DEFAULT), esc); + + SAFE_FREE(esc); + + ret = mysql_query(data->handle, query); + + SAFE_FREE(query); + + if (ret) { + DEBUG(0, + ("Error while executing query: %s\n", + mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(5, ("User '%s' deleted\n", sname)); + return NT_STATUS_OK; +} + +static NTSTATUS mysqlsam_replace_sam_account(struct pdb_methods *methods, + const SAM_ACCOUNT * newpwd, char isupdate) +{ + pstring temp; + struct pdb_mysql_data *data; + pdb_mysql_query query; + fstring sid_str; + + if (!methods) { + DEBUG(0, ("invalid methods!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + data = (struct pdb_mysql_data *) methods->private_data; + if (data == NULL || data->handle == NULL) { + DEBUG(0, ("invalid handle!\n")); + return NT_STATUS_INVALID_HANDLE; + } + query.update = isupdate; + + /* I know this is somewhat overkill but only the talloc + * functions have asprint_append and the 'normal' asprintf + * is a GNU extension */ + query.mem_ctx = talloc_init("mysqlsam_replace_sam_account"); + query.part2 = talloc_asprintf(query.mem_ctx, "%s", ""); + if (query.update) { + query.part1 = + talloc_asprintf(query.mem_ctx, "UPDATE %s SET ", + config_value(data, "table", + CONFIG_TABLE_DEFAULT)); + } else { + query.part1 = + talloc_asprintf(query.mem_ctx, "INSERT INTO %s (", + config_value(data, "table", + CONFIG_TABLE_DEFAULT)); + } + + pdb_mysql_int_field(methods, &query, + config_value_write(data, "acct ctrl column", + CONFIG_ACCT_CTRL_DEFAULT), + pdb_get_acct_ctrl(newpwd)); + + if (pdb_get_init_flags(newpwd, PDB_LOGONTIME) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "logon time column", + CONFIG_LOGON_TIME_DEFAULT), + pdb_get_logon_time(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_LOGOFFTIME) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "logoff time column", + CONFIG_LOGOFF_TIME_DEFAULT), + pdb_get_logoff_time(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_KICKOFFTIME) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "kickoff time column", + CONFIG_KICKOFF_TIME_DEFAULT), + pdb_get_kickoff_time(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_CANCHANGETIME) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "pass can change time column", + CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT), + pdb_get_pass_can_change_time(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_MUSTCHANGETIME) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "pass must change time column", + CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT), + pdb_get_pass_must_change_time(newpwd)); + } + + if (pdb_get_pass_last_set_time(newpwd)) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "pass last set time column", + CONFIG_PASS_LAST_SET_TIME_DEFAULT), + pdb_get_pass_last_set_time(newpwd)); + } + + if (pdb_get_hours_len(newpwd)) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "hours len column", + CONFIG_HOURS_LEN_DEFAULT), + pdb_get_hours_len(newpwd)); + } + + if (pdb_get_logon_divs(newpwd)) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, + "logon divs column", + CONFIG_LOGON_DIVS_DEFAULT), + pdb_get_logon_divs(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_UID) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, "uid column", + CONFIG_UID_DEFAULT), + pdb_get_uid(newpwd)); + } + + if (pdb_get_init_flags(newpwd, PDB_GID) != PDB_DEFAULT) { + pdb_mysql_int_field(methods, &query, + config_value_write(data, "gid column", + CONFIG_GID_DEFAULT), + pdb_get_gid(newpwd)); + } + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "user sid column", + CONFIG_USER_SID_DEFAULT), + sid_to_string(sid_str, + pdb_get_user_sid(newpwd))); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "group sid column", + CONFIG_GROUP_SID_DEFAULT), + sid_to_string(sid_str, + pdb_get_group_sid(newpwd))); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "username column", + CONFIG_USERNAME_DEFAULT), + pdb_get_username(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "domain column", + CONFIG_DOMAIN_DEFAULT), + pdb_get_domain(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "nt username column", + CONFIG_NT_USERNAME_DEFAULT), + pdb_get_nt_username(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "fullname column", + CONFIG_FULLNAME_DEFAULT), + pdb_get_fullname(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "logon script column", + CONFIG_LOGON_SCRIPT_DEFAULT), + pdb_get_logon_script(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "profile path column", + CONFIG_PROFILE_PATH_DEFAULT), + pdb_get_profile_path(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "dir drive column", + CONFIG_DIR_DRIVE_DEFAULT), + pdb_get_dir_drive(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, "home dir column", + CONFIG_HOME_DIR_DEFAULT), + pdb_get_homedir(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "workstations column", + CONFIG_WORKSTATIONS_DEFAULT), + pdb_get_workstations(newpwd)); + + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "unknown string column", + CONFIG_UNKNOWN_STR_DEFAULT), + pdb_get_workstations(newpwd)); + + pdb_sethexpwd(temp, pdb_get_lanman_passwd(newpwd), + pdb_get_acct_ctrl(newpwd)); + pdb_mysql_string_field(methods, &query, + config_value_write(data, + "lanman pass column", + CONFIG_LM_PW_DEFAULT), temp); + + pdb_sethexpwd(temp, pdb_get_nt_passwd(newpwd), + pdb_get_acct_ctrl(newpwd)); + pdb_mysql_string_field(methods, &query, + config_value_write(data, "nt pass column", + CONFIG_NT_PW_DEFAULT), temp); + + if (query.update) { + query.part1[strlen(query.part1) - 1] = '\0'; + query.part1 = + talloc_asprintf_append(query.mem_ctx, query.part1, + " WHERE %s = '%s'", + config_value_read(data, + "user sid column", + CONFIG_USER_SID_DEFAULT), + sid_to_string(sid_str, pdb_get_user_sid (newpwd))); + } else { + query.part2[strlen(query.part2) - 1] = ')'; + query.part1[strlen(query.part1) - 1] = ')'; + query.part1 = + talloc_asprintf_append(query.mem_ctx, query.part1, + " VALUES (%s", query.part2); + } + + DEBUG(0, ("%s\n", query.part1)); + /* Execute the query */ + if (mysql_query(data->handle, query.part1)) { + DEBUG(0, + ("Error executing %s, %s\n", query.part1, + mysql_error(data->handle))); + return NT_STATUS_INVALID_PARAMETER; + } + talloc_destroy(query.mem_ctx); + return NT_STATUS_OK; +} + +static NTSTATUS mysqlsam_add_sam_account(struct pdb_methods *methods, SAM_ACCOUNT * newpwd) +{ + return mysqlsam_replace_sam_account(methods, newpwd, 0); +} + +static NTSTATUS mysqlsam_update_sam_account(struct pdb_methods *methods, + SAM_ACCOUNT * newpwd) +{ + return mysqlsam_replace_sam_account(methods, newpwd, 1); +} + +static NTSTATUS mysqlsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, + DOM_SID sid, BOOL with_priv) +{ + return get_group_map_from_sid(sid, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, + gid_t gid, BOOL with_priv) +{ + return get_group_map_from_gid(gid, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, + char *name, BOOL with_priv) +{ + return get_group_map_from_ntname(name, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_add_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return add_mapping_entry(map, TDB_INSERT) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_update_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return add_mapping_entry(map, TDB_REPLACE) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_delete_group_mapping_entry(struct pdb_methods *methods, + DOM_SID sid) +{ + return group_map_remove(sid) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS mysqlsam_enum_group_mapping(struct pdb_methods *methods, + enum SID_NAME_USE sid_name_use, + GROUP_MAP **rmap, int *num_entries, + BOOL unix_only, BOOL with_priv) +{ + return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only, + with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + + +static NTSTATUS mysqlsam_init(struct pdb_context * pdb_context, struct pdb_methods ** pdb_method, + const char *location) +{ + NTSTATUS nt_status; + struct pdb_mysql_data *data; + + mysqlsam_debug_level = debug_add_class("mysqlsam"); + if (mysqlsam_debug_level == -1) { + mysqlsam_debug_level = DBGC_ALL; + DEBUG(0, + ("mysqlsam: Couldn't register custom debugging class!\n")); + } + + if (!pdb_context) { + DEBUG(0, ("invalid pdb_methods specified\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK + (nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { + return nt_status; + } + + (*pdb_method)->name = "mysqlsam"; + + (*pdb_method)->setsampwent = mysqlsam_setsampwent; + (*pdb_method)->endsampwent = mysqlsam_endsampwent; + (*pdb_method)->getsampwent = mysqlsam_getsampwent; + (*pdb_method)->getsampwnam = mysqlsam_getsampwnam; + (*pdb_method)->getsampwsid = mysqlsam_getsampwsid; + (*pdb_method)->add_sam_account = mysqlsam_add_sam_account; + (*pdb_method)->update_sam_account = mysqlsam_update_sam_account; + (*pdb_method)->delete_sam_account = mysqlsam_delete_sam_account; + (*pdb_method)->getgrsid = mysqlsam_getgrsid; + (*pdb_method)->getgrgid = mysqlsam_getgrgid; + (*pdb_method)->getgrnam = mysqlsam_getgrnam; + (*pdb_method)->add_group_mapping_entry = mysqlsam_add_group_mapping_entry; + (*pdb_method)->update_group_mapping_entry = mysqlsam_update_group_mapping_entry; + (*pdb_method)->delete_group_mapping_entry = mysqlsam_delete_group_mapping_entry; + (*pdb_method)->enum_group_mapping = mysqlsam_enum_group_mapping; + + data = talloc(pdb_context->mem_ctx, sizeof(struct pdb_mysql_data)); + (*pdb_method)->private_data = data; + data->handle = NULL; + data->pwent = NULL; + + if (!location) { + DEBUG(0, ("No identifier specified. See README for details\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + data->location = smb_xstrdup(location); + + DEBUG(1, + ("Connecting to database server, host: %s, user: %s, password: %s, database: %s, port: %ld\n", + config_value(data, "mysql host", CONFIG_HOST_DEFAULT), + config_value(data, "mysql user", CONFIG_USER_DEFAULT), + config_value(data, "mysql password", CONFIG_PASS_DEFAULT), + config_value(data, "mysql database", CONFIG_DB_DEFAULT), + xatol(config_value(data, "mysql port", CONFIG_PORT_DEFAULT)))); + + /* Do the mysql initialization */ + data->handle = mysql_init(NULL); + if (!data->handle) { + DEBUG(0, ("Failed to connect to server\n")); + return NT_STATUS_UNSUCCESSFUL; + } + /* Process correct entry in $HOME/.my.conf */ + if (!mysql_real_connect(data->handle, + config_value(data, "mysql host", CONFIG_HOST_DEFAULT), + config_value(data, "mysql user", CONFIG_USER_DEFAULT), + config_value(data, "mysql password", CONFIG_PASS_DEFAULT), + config_value(data, "mysql database", CONFIG_DB_DEFAULT), + xatol(config_value (data, "mysql port", CONFIG_PORT_DEFAULT)), + NULL, 0)) { + DEBUG(0, + ("Failed to connect to mysql database: error: %s\n", + mysql_error(data->handle))); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(5, ("Connected to mysql db\n")); + + return NT_STATUS_OK; +} + +int init_module(void); + +int init_module() +{ + if(smb_register_passdb("mysql", mysqlsam_init, PASSDB_INTERFACE_VERSION)) + return 0; + + return 1; +} diff --git a/source4/modules/vfs_audit.c b/source4/modules/vfs_audit.c new file mode 100644 index 0000000000..b99d93d0f0 --- /dev/null +++ b/source4/modules/vfs_audit.c @@ -0,0 +1,278 @@ +/* + * Auditing VFS module for samba. Log selected file operations to syslog + * facility. + * + * Copyright (C) Tim Potter, 1999-2000 + * Copyright (C) Alexander Bokovoy, 2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "config.h" +#include +#include +#ifdef HAVE_UTIME_H +#include +#endif +#ifdef HAVE_DIRENT_H +#include +#endif +#include +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#include +#include +#include + +#ifndef SYSLOG_FACILITY +#define SYSLOG_FACILITY LOG_USER +#endif + +#ifndef SYSLOG_PRIORITY +#define SYSLOG_PRIORITY LOG_NOTICE +#endif + +/* Function prototypes */ + +static int audit_connect(struct tcon_context *conn, const char *svc, const char *user); +static void audit_disconnect(struct tcon_context *conn); +static DIR *audit_opendir(struct tcon_context *conn, const char *fname); +static int audit_mkdir(struct tcon_context *conn, const char *path, mode_t mode); +static int audit_rmdir(struct tcon_context *conn, const char *path); +static int audit_open(struct tcon_context *conn, const char *fname, int flags, mode_t mode); +static int audit_close(struct files_struct *fsp, int fd); +static int audit_rename(struct tcon_context *conn, const char *old, const char *new); +static int audit_unlink(struct tcon_context *conn, const char *path); +static int audit_chmod(struct tcon_context *conn, const char *path, mode_t mode); +static int audit_chmod_acl(struct tcon_context *conn, const char *name, mode_t mode); +static int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode); +static int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode); + +/* VFS operations */ + +static struct vfs_ops default_vfs_ops; /* For passthrough operation */ +static struct smb_vfs_handle_struct *audit_handle; + +static vfs_op_tuple audit_ops[] = { + + /* Disk operations */ + + {audit_connect, SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_LOGGER}, + {audit_disconnect, SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_LOGGER}, + + /* Directory operations */ + + {audit_opendir, SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_LOGGER}, + {audit_mkdir, SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_LOGGER}, + {audit_rmdir, SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_LOGGER}, + + /* File operations */ + + {audit_open, SMB_VFS_OP_OPEN, SMB_VFS_LAYER_LOGGER}, + {audit_close, SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_LOGGER}, + {audit_rename, SMB_VFS_OP_RENAME, SMB_VFS_LAYER_LOGGER}, + {audit_unlink, SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_LOGGER}, + {audit_chmod, SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_LOGGER}, + {audit_fchmod, SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_LOGGER}, + {audit_chmod_acl, SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_LOGGER}, + {audit_fchmod_acl, SMB_VFS_OP_FCHMOD_ACL, SMB_VFS_LAYER_LOGGER}, + + /* Finish VFS operations definition */ + + {NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} +}; + +/* VFS initialisation function. Return vfs_op_tuple array back to SAMBA. */ + +vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops, + struct smb_vfs_handle_struct *vfs_handle) +{ + *vfs_version = SMB_VFS_INTERFACE_VERSION; + memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops)); + + audit_handle = vfs_handle; + + openlog("smbd_audit", LOG_PID, SYSLOG_FACILITY); + syslog(SYSLOG_PRIORITY, "VFS_INIT: vfs_ops loaded\n"); + return audit_ops; +} + +/* VFS finalization function. */ +void vfs_done(struct tcon_context *conn) +{ + syslog(SYSLOG_PRIORITY, "VFS_DONE: vfs module unloaded\n"); +} + +/* Implementation of vfs_ops. Pass everything on to the default + operation but log event first. */ + +static int audit_connect(struct tcon_context *conn, const char *svc, const char *user) +{ + syslog(SYSLOG_PRIORITY, "connect to service %s by user %s\n", + svc, user); + + return default_vfs_ops.connect(conn, svc, user); +} + +static void audit_disconnect(struct tcon_context *conn) +{ + syslog(SYSLOG_PRIORITY, "disconnected\n"); + default_vfs_ops.disconnect(conn); +} + +static DIR *audit_opendir(struct tcon_context *conn, const char *fname) +{ + DIR *result = default_vfs_ops.opendir(conn, fname); + + syslog(SYSLOG_PRIORITY, "opendir %s %s%s\n", + fname, + (result == NULL) ? "failed: " : "", + (result == NULL) ? strerror(errno) : ""); + + return result; +} + +static int audit_mkdir(struct tcon_context *conn, const char *path, mode_t mode) +{ + int result = default_vfs_ops.mkdir(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "mkdir %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_rmdir(struct tcon_context *conn, const char *path) +{ + int result = default_vfs_ops.rmdir(conn, path); + + syslog(SYSLOG_PRIORITY, "rmdir %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_open(struct tcon_context *conn, const char *fname, int flags, mode_t mode) +{ + int result = default_vfs_ops.open(conn, fname, flags, mode); + + syslog(SYSLOG_PRIORITY, "open %s (fd %d) %s%s%s\n", + fname, result, + ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "", + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_close(struct files_struct *fsp, int fd) +{ + int result = default_vfs_ops.close(fsp, fd); + + syslog(SYSLOG_PRIORITY, "close fd %d %s%s\n", + fd, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_rename(struct tcon_context *conn, const char *old, const char *new) +{ + int result = default_vfs_ops.rename(conn, old, new); + + syslog(SYSLOG_PRIORITY, "rename %s -> %s %s%s\n", + old, new, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_unlink(struct tcon_context *conn, const char *path) +{ + int result = default_vfs_ops.unlink(conn, path); + + syslog(SYSLOG_PRIORITY, "unlink %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_chmod(struct tcon_context *conn, const char *path, mode_t mode) +{ + int result = default_vfs_ops.chmod(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "chmod %s mode 0x%x %s%s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_chmod_acl(struct tcon_context *conn, const char *path, mode_t mode) +{ + int result; + + if ( !default_vfs_ops.chmod_acl ) + return 0; + + result = default_vfs_ops.chmod_acl(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "chmod_acl %s mode 0x%x %s%s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode) +{ + int result = default_vfs_ops.fchmod(fsp, fd, mode); + + syslog(SYSLOG_PRIORITY, "fchmod %s mode 0x%x %s%s\n", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode) +{ + int result; + + if ( !default_vfs_ops.fchmod_acl ) + return 0; + + result = default_vfs_ops.fchmod_acl(fsp, fd, mode); + + syslog(SYSLOG_PRIORITY, "fchmod_acl %s mode 0x%x %s%s\n", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} diff --git a/source4/modules/vfs_extd_audit.c b/source4/modules/vfs_extd_audit.c new file mode 100644 index 0000000000..e9b6ed5455 --- /dev/null +++ b/source4/modules/vfs_extd_audit.c @@ -0,0 +1,319 @@ +/* + * Auditing VFS module for samba. Log selected file operations to syslog + * facility. + * + * Copyright (C) Tim Potter, 1999-2000 + * Copyright (C) Alexander Bokovoy, 2002 + * Copyright (C) John H Terpstra, 2003 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "config.h" +#include +#include +#ifdef HAVE_UTIME_H +#include +#endif +#ifdef HAVE_DIRENT_H +#include +#endif +#include +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#include +#include +#include + +#ifndef SYSLOG_FACILITY +#define SYSLOG_FACILITY LOG_USER +#endif + +#ifndef SYSLOG_PRIORITY +#define SYSLOG_PRIORITY LOG_NOTICE +#endif + +/* Function prototypes */ + +static int audit_connect(struct tcon_context *conn, const char *svc, const char *user); +static void audit_disconnect(struct tcon_context *conn); +static DIR *audit_opendir(struct tcon_context *conn, const char *fname); +static int audit_mkdir(struct tcon_context *conn, const char *path, mode_t mode); +static int audit_rmdir(struct tcon_context *conn, const char *path); +static int audit_open(struct tcon_context *conn, const char *fname, int flags, mode_t mode); +static int audit_close(struct files_struct *fsp, int fd); +static int audit_rename(struct tcon_context *conn, const char *old, const char *new); +static int audit_unlink(struct tcon_context *conn, const char *path); +static int audit_chmod(struct tcon_context *conn, const char *path, mode_t mode); +static int audit_chmod_acl(struct tcon_context *conn, const char *name, mode_t mode); +static int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode); +static int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode); + +/* VFS operations */ + +static struct vfs_ops default_vfs_ops; /* For passthrough operation */ +static struct smb_vfs_handle_struct *audit_handle; + +static vfs_op_tuple audit_ops[] = { + + /* Disk operations */ + + {audit_connect, SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_LOGGER}, + {audit_disconnect, SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_LOGGER}, + + /* Directory operations */ + + {audit_opendir, SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_LOGGER}, + {audit_mkdir, SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_LOGGER}, + {audit_rmdir, SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_LOGGER}, + + /* File operations */ + + {audit_open, SMB_VFS_OP_OPEN, SMB_VFS_LAYER_LOGGER}, + {audit_close, SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_LOGGER}, + {audit_rename, SMB_VFS_OP_RENAME, SMB_VFS_LAYER_LOGGER}, + {audit_unlink, SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_LOGGER}, + {audit_chmod, SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_LOGGER}, + {audit_fchmod, SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_LOGGER}, + {audit_chmod_acl, SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_LOGGER}, + {audit_fchmod_acl, SMB_VFS_OP_FCHMOD_ACL, SMB_VFS_LAYER_LOGGER}, + + /* Finish VFS operations definition */ + + {NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} +}; + +/* VFS initialisation function. Return vfs_op_tuple array back to SAMBA. */ + +vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops, + struct smb_vfs_handle_struct *vfs_handle) +{ + *vfs_version = SMB_VFS_INTERFACE_VERSION; + memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops)); + + audit_handle = vfs_handle; + + openlog("smbd_audit", LOG_PID, SYSLOG_FACILITY); + syslog(SYSLOG_PRIORITY, "VFS_INIT: vfs_ops loaded\n"); + + return audit_ops; +} + +/* VFS finalization function. */ + +void vfs_done(struct tcon_context *conn) +{ + syslog(SYSLOG_PRIORITY, "VFS_DONE: vfs module unloaded\n"); +} + +/* Implementation of vfs_ops. Pass everything on to the default + operation but log event first. */ + +static int audit_connect(struct tcon_context *conn, const char *svc, const char *user) +{ + syslog(SYSLOG_PRIORITY, "connect to service %s by user %s\n", + svc, user); + DEBUG(10, ("Connected to service %s as user %s\n", + svc, user)); + + return default_vfs_ops.connect(conn, svc, user); +} + +static void audit_disconnect(struct tcon_context *conn) +{ + syslog(SYSLOG_PRIORITY, "disconnected\n"); + DEBUG(10, ("Disconnected from VFS module extd_audit\n")); + + default_vfs_ops.disconnect(conn); +} + +static DIR *audit_opendir(struct tcon_context *conn, const char *fname) +{ + DIR *result = default_vfs_ops.opendir(conn, fname); + + syslog(SYSLOG_PRIORITY, "opendir %s %s%s\n", + fname, + (result == NULL) ? "failed: " : "", + (result == NULL) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: opendir %s %s %s", + fname, + (result == NULL) ? "failed: " : "", + (result == NULL) ? strerror(errno) : "")); + + return result; +} + +static int audit_mkdir(struct tcon_context *conn, const char *path, mode_t mode) +{ + int result = default_vfs_ops.mkdir(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "mkdir %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(0, ("vfs_extd_audit: mkdir %s %s %s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + + return result; +} + +static int audit_rmdir(struct tcon_context *conn, const char *path) +{ + int result = default_vfs_ops.rmdir(conn, path); + + syslog(SYSLOG_PRIORITY, "rmdir %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(0, ("vfs_extd_audit: rmdir %s %s %s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + + return result; +} + +static int audit_open(struct tcon_context *conn, const char *fname, int flags, mode_t mode) +{ + int result = default_vfs_ops.open(conn, fname, flags, mode); + + syslog(SYSLOG_PRIORITY, "open %s (fd %d) %s%s%s\n", + fname, result, + ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "", + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(2, ("vfs_extd_audit: open %s %s %s\n", + fname, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + + return result; +} + +static int audit_close(struct files_struct *fsp, int fd) +{ + int result = default_vfs_ops.close(fsp, fd); + + syslog(SYSLOG_PRIORITY, "close fd %d %s%s\n", + fd, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(2, ("vfs_extd_audit: close fd %d %s %s\n", + fd, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + + return result; +} + +static int audit_rename(struct tcon_context *conn, const char *old, const char *new) +{ + int result = default_vfs_ops.rename(conn, old, new); + + syslog(SYSLOG_PRIORITY, "rename %s -> %s %s%s\n", + old, new, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: rename old: %s new: %s %s %s\n", + old, new, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + + return result; +} + +static int audit_unlink(struct tcon_context *conn, const char *path) +{ + int result = default_vfs_ops.unlink(conn, path); + + syslog(SYSLOG_PRIORITY, "unlink %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(0, ("vfs_extd_audit: unlink %s %s %s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + + return result; +} + +static int audit_chmod(struct tcon_context *conn, const char *path, mode_t mode) +{ + int result = default_vfs_ops.chmod(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "chmod %s mode 0x%x %s%s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + + return result; +} + +static int audit_chmod_acl(struct tcon_context *conn, const char *path, mode_t mode) +{ + int result = default_vfs_ops.chmod_acl(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "chmod_acl %s mode 0x%x %s%s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + + return result; +} + +static int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode) +{ + int result = default_vfs_ops.fchmod(fsp, fd, mode); + + syslog(SYSLOG_PRIORITY, "fchmod %s mode 0x%x %s%s\n", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: fchmod %s mode 0x%x %s %s", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + + return result; +} + +static int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode) +{ + int result = default_vfs_ops.fchmod_acl(fsp, fd, mode); + + syslog(SYSLOG_PRIORITY, "fchmod_acl %s mode 0x%x %s%s\n", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + + return result; +} diff --git a/source4/modules/vfs_fake_perms.c b/source4/modules/vfs_fake_perms.c new file mode 100644 index 0000000000..63ef66c591 --- /dev/null +++ b/source4/modules/vfs_fake_perms.c @@ -0,0 +1,471 @@ +/* + * Fake Perms VFS module. Implements passthrough operation of all VFS + * calls to disk functions, except for file permissions, which are now + * mode 0700 for the current uid/gid. + * + * Copyright (C) Tim Potter, 1999-2000 + * Copyright (C) Alexander Bokovoy, 2002 + * Copyright (C) Andrew Bartlett, 2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "config.h" + +#include +#include +#ifdef HAVE_UTIME_H +#include +#endif +#ifdef HAVE_DIRENT_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#include + +#include +#include + +static struct vfs_ops default_vfs_ops; /* For passthrough operation */ +static struct smb_vfs_handle_struct *fake_perms_handle; /* use fake_perms_handle->data for storing per-instance private data */ + +static int fake_perms_connect(struct tcon_context *conn, const char *service, const char *user) +{ + return default_vfs_ops.connect(conn, service, user); +} + +static void fake_perms_disconnect(struct tcon_context *conn) +{ + default_vfs_ops.disconnect(conn); +} + +static SMB_BIG_UINT fake_perms_disk_free(struct tcon_context *conn, const char *path, + BOOL small_query, SMB_BIG_UINT *bsize, + SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize) +{ + return default_vfs_ops.disk_free(conn, path, small_query, bsize, + dfree, dsize); +} + +static DIR *fake_perms_opendir(struct tcon_context *conn, const char *fname) +{ + return default_vfs_ops.opendir(conn, fname); +} + +static struct dirent *fake_perms_readdir(struct tcon_context *conn, DIR *dirp) +{ + return default_vfs_ops.readdir(conn, dirp); +} + +static int fake_perms_mkdir(struct tcon_context *conn, const char *path, mode_t mode) +{ + return default_vfs_ops.mkdir(conn, path, mode); +} + +static int fake_perms_rmdir(struct tcon_context *conn, const char *path) +{ + return default_vfs_ops.rmdir(conn, path); +} + +static int fake_perms_closedir(struct tcon_context *conn, DIR *dir) +{ + return default_vfs_ops.closedir(conn, dir); +} + +static int fake_perms_open(struct tcon_context *conn, const char *fname, int flags, mode_t mode) +{ + return default_vfs_ops.open(conn, fname, flags, mode); +} + +static int fake_perms_close(struct files_struct *fsp, int fd) +{ + return default_vfs_ops.close(fsp, fd); +} + +static ssize_t fake_perms_read(struct files_struct *fsp, int fd, void *data, size_t n) +{ + return default_vfs_ops.read(fsp, fd, data, n); +} + +static ssize_t fake_perms_write(struct files_struct *fsp, int fd, const void *data, size_t n) +{ + return default_vfs_ops.write(fsp, fd, data, n); +} + +static SMB_OFF_T fake_perms_lseek(struct files_struct *fsp, int filedes, SMB_OFF_T offset, int whence) +{ + return default_vfs_ops.lseek(fsp, filedes, offset, whence); +} + +static int fake_perms_rename(struct tcon_context *conn, const char *old, const char *new) +{ + return default_vfs_ops.rename(conn, old, new); +} + +static int fake_perms_fsync(struct files_struct *fsp, int fd) +{ + return default_vfs_ops.fsync(fsp, fd); +} + +static int fake_perms_stat(struct tcon_context *conn, const char *fname, SMB_STRUCT_STAT *sbuf) +{ + int ret = default_vfs_ops.stat(conn, fname, sbuf); + extern struct current_user current_user; + + if (S_ISDIR(sbuf->st_mode)) { + sbuf->st_mode = S_IFDIR | S_IRWXU; + } else { + sbuf->st_mode = S_IRWXU; + } + sbuf->st_uid = current_user.uid; + sbuf->st_gid = current_user.gid; + return ret; +} + +static int fake_perms_fstat(struct files_struct *fsp, int fd, SMB_STRUCT_STAT *sbuf) +{ + return default_vfs_ops.fstat(fsp, fd, sbuf); +} + +static int fake_perms_lstat(struct tcon_context *conn, const char *path, SMB_STRUCT_STAT *sbuf) +{ + return default_vfs_ops.lstat(conn, path, sbuf); +} + +static int fake_perms_unlink(struct tcon_context *conn, const char *path) +{ + return default_vfs_ops.unlink(conn, path); +} + +static int fake_perms_chmod(struct tcon_context *conn, const char *path, mode_t mode) +{ + return default_vfs_ops.chmod(conn, path, mode); +} + +static int fake_perms_fchmod(struct files_struct *fsp, int fd, mode_t mode) +{ + return default_vfs_ops.fchmod(fsp, fd, mode); +} + +static int fake_perms_chown(struct tcon_context *conn, const char *path, uid_t uid, gid_t gid) +{ + return default_vfs_ops.chown(conn, path, uid, gid); +} + +static int fake_perms_fchown(struct files_struct *fsp, int fd, uid_t uid, gid_t gid) +{ + return default_vfs_ops.fchown(fsp, fd, uid, gid); +} + +static int fake_perms_chdir(struct tcon_context *conn, const char *path) +{ + return default_vfs_ops.chdir(conn, path); +} + +static char *fake_perms_getwd(struct tcon_context *conn, char *buf) +{ + return default_vfs_ops.getwd(conn, buf); +} + +static int fake_perms_utime(struct tcon_context *conn, const char *path, struct utimbuf *times) +{ + return default_vfs_ops.utime(conn, path, times); +} + +static int fake_perms_ftruncate(struct files_struct *fsp, int fd, SMB_OFF_T offset) +{ + return default_vfs_ops.ftruncate(fsp, fd, offset); +} + +static BOOL fake_perms_lock(struct files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type) +{ + return default_vfs_ops.lock(fsp, fd, op, offset, count, type); +} + +static BOOL fake_perms_symlink(struct tcon_context *conn, const char *oldpath, const char *newpath) +{ + return default_vfs_ops.symlink(conn, oldpath, newpath); +} + +static BOOL fake_perms_readlink(struct tcon_context *conn, const char *path, char *buf, size_t bufsiz) +{ + return default_vfs_ops.readlink(conn, path, buf, bufsiz); +} + +static int fake_perms_link(struct tcon_context *conn, const char *oldpath, const char *newpath) +{ + return default_vfs_ops.link(conn, oldpath, newpath); +} + +static int fake_perms_mknod(struct tcon_context *conn, const char *path, mode_t mode, SMB_DEV_T dev) +{ + return default_vfs_ops.mknod(conn, path, mode, dev); +} + +static char *fake_perms_realpath(struct tcon_context *conn, const char *path, char *resolved_path) +{ + return default_vfs_ops.realpath(conn, path, resolved_path); +} + +static size_t fake_perms_fget_nt_acl(struct files_struct *fsp, int fd, struct security_descriptor_info **ppdesc) +{ + return default_vfs_ops.fget_nt_acl(fsp, fd, ppdesc); +} + +static size_t fake_perms_get_nt_acl(struct files_struct *fsp, const char *name, struct security_descriptor_info **ppdesc) +{ + return default_vfs_ops.get_nt_acl(fsp, name, ppdesc); +} + +static BOOL fake_perms_fset_nt_acl(struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor_info *psd) +{ + return default_vfs_ops.fset_nt_acl(fsp, fd, security_info_sent, psd); +} + +static BOOL fake_perms_set_nt_acl(struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor_info *psd) +{ + return default_vfs_ops.set_nt_acl(fsp, name, security_info_sent, psd); +} + +static BOOL fake_perms_chmod_acl(struct tcon_context *conn, const char *name, mode_t mode) +{ + return default_vfs_ops.chmod_acl(conn, name, mode); +} + +static BOOL fake_perms_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode) +{ + return default_vfs_ops.fchmod_acl(fsp, fd, mode); +} + +static int fake_perms_sys_acl_get_entry(struct tcon_context *conn, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + return default_vfs_ops.sys_acl_get_entry(conn, theacl, entry_id, entry_p); +} + +static int fake_perms_sys_acl_get_tag_type(struct tcon_context *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ + return default_vfs_ops.sys_acl_get_tag_type(conn, entry_d, tag_type_p); +} + +static int fake_perms_sys_acl_get_permset(struct tcon_context *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + return default_vfs_ops.sys_acl_get_permset(conn, entry_d, permset_p); +} + +static void *fake_perms_sys_acl_get_qualifier(struct tcon_context *conn, SMB_ACL_ENTRY_T entry_d) +{ + return default_vfs_ops.sys_acl_get_qualifier(conn, entry_d); +} + +static SMB_ACL_T fake_perms_sys_acl_get_file(struct tcon_context *conn, const char *path_p, SMB_ACL_TYPE_T type) +{ + return default_vfs_ops.sys_acl_get_file(conn, path_p, type); +} + +static SMB_ACL_T fake_perms_sys_acl_get_fd(struct files_struct *fsp, int fd) +{ + return default_vfs_ops.sys_acl_get_fd(fsp, fd); +} + +static int fake_perms_sys_acl_clear_perms(struct tcon_context *conn, SMB_ACL_PERMSET_T permset) +{ + return default_vfs_ops.sys_acl_clear_perms(conn, permset); +} + +static int fake_perms_sys_acl_add_perm(struct tcon_context *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return default_vfs_ops.sys_acl_add_perm(conn, permset, perm); +} + +static char *fake_perms_sys_acl_to_text(struct tcon_context *conn, SMB_ACL_T theacl, ssize_t *plen) +{ + return default_vfs_ops.sys_acl_to_text(conn, theacl, plen); +} + +static SMB_ACL_T fake_perms_sys_acl_init(struct tcon_context *conn, int count) +{ + return default_vfs_ops.sys_acl_init(conn, count); +} + +static int fake_perms_sys_acl_create_entry(struct tcon_context *conn, SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) +{ + return default_vfs_ops.sys_acl_create_entry(conn, pacl, pentry); +} + +static int fake_perms_sys_acl_set_tag_type(struct tcon_context *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) +{ + return default_vfs_ops.sys_acl_set_tag_type(conn, entry, tagtype); +} + +static int fake_perms_sys_acl_set_qualifier(struct tcon_context *conn, SMB_ACL_ENTRY_T entry, void *qual) +{ + return default_vfs_ops.sys_acl_set_qualifier(conn, entry, qual); +} + +static int fake_perms_sys_acl_set_permset(struct tcon_context *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) +{ + return default_vfs_ops.sys_acl_set_permset(conn, entry, permset); +} + +static int fake_perms_sys_acl_valid(struct tcon_context *conn, SMB_ACL_T theacl ) +{ + return default_vfs_ops.sys_acl_valid(conn, theacl ); +} + +static int fake_perms_sys_acl_set_file(struct tcon_context *conn, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + return default_vfs_ops.sys_acl_set_file(conn, name, acltype, theacl); +} + +static int fake_perms_sys_acl_set_fd(struct files_struct *fsp, int fd, SMB_ACL_T theacl) +{ + return default_vfs_ops.sys_acl_set_fd(fsp, fd, theacl); +} + +static int fake_perms_sys_acl_delete_def_file(struct tcon_context *conn, const char *path) +{ + return default_vfs_ops.sys_acl_delete_def_file(conn, path); +} + +static int fake_perms_sys_acl_get_perm(struct tcon_context *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return default_vfs_ops.sys_acl_get_perm(conn, permset, perm); +} + +static int fake_perms_sys_acl_free_text(struct tcon_context *conn, char *text) +{ + return default_vfs_ops.sys_acl_free_text(conn, text); +} + +static int fake_perms_sys_acl_free_acl(struct tcon_context *conn, SMB_ACL_T posix_acl) +{ + return default_vfs_ops.sys_acl_free_acl(conn, posix_acl); +} + +static int fake_perms_sys_acl_free_qualifier(struct tcon_context *conn, void *qualifier, SMB_ACL_TAG_T tagtype) +{ + return default_vfs_ops.sys_acl_free_qualifier(conn, qualifier, tagtype); +} + + +/* VFS operations structure */ + +static vfs_op_tuple fake_perms_ops[] = { + + /* Disk operations */ + + {fake_perms_connect, SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_disconnect, SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_disk_free, SMB_VFS_OP_DISK_FREE, SMB_VFS_LAYER_TRANSPARENT}, + + /* Directory operations */ + + {fake_perms_opendir, SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_readdir, SMB_VFS_OP_READDIR, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_mkdir, SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_rmdir, SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_closedir, SMB_VFS_OP_CLOSEDIR, SMB_VFS_LAYER_TRANSPARENT}, + + /* File operations */ + + {fake_perms_open, SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_close, SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_read, SMB_VFS_OP_READ, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_write, SMB_VFS_OP_WRITE, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_lseek, SMB_VFS_OP_LSEEK, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_rename, SMB_VFS_OP_RENAME, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_fsync, SMB_VFS_OP_FSYNC, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_stat, SMB_VFS_OP_STAT, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_fstat, SMB_VFS_OP_FSTAT, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_lstat, SMB_VFS_OP_LSTAT, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_unlink, SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_chmod, SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_fchmod, SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_chown, SMB_VFS_OP_CHOWN, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_fchown, SMB_VFS_OP_FCHOWN, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_chdir, SMB_VFS_OP_CHDIR, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_getwd, SMB_VFS_OP_GETWD, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_utime, SMB_VFS_OP_UTIME, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_ftruncate, SMB_VFS_OP_FTRUNCATE, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_lock, SMB_VFS_OP_LOCK, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_symlink, SMB_VFS_OP_SYMLINK, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_readlink, SMB_VFS_OP_READLINK, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_link, SMB_VFS_OP_LINK, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_mknod, SMB_VFS_OP_MKNOD, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_realpath, SMB_VFS_OP_REALPATH, SMB_VFS_LAYER_TRANSPARENT}, + + /* NT File ACL operations */ + + {fake_perms_fget_nt_acl, SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_get_nt_acl, SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_fset_nt_acl, SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_set_nt_acl, SMB_VFS_OP_SET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, + + /* POSIX ACL operations */ + + {fake_perms_chmod_acl, SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_fchmod_acl, SMB_VFS_OP_FCHMOD_ACL, SMB_VFS_LAYER_TRANSPARENT}, + + {fake_perms_sys_acl_get_entry, SMB_VFS_OP_SYS_ACL_GET_ENTRY, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_get_tag_type, SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_get_permset, SMB_VFS_OP_SYS_ACL_GET_PERMSET, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_get_qualifier, SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_get_file, SMB_VFS_OP_SYS_ACL_GET_FILE, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_get_fd, SMB_VFS_OP_SYS_ACL_GET_FD, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_clear_perms, SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_add_perm, SMB_VFS_OP_SYS_ACL_ADD_PERM, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_to_text, SMB_VFS_OP_SYS_ACL_TO_TEXT, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_init, SMB_VFS_OP_SYS_ACL_INIT, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_create_entry, SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_set_tag_type, SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_set_qualifier, SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_set_permset, SMB_VFS_OP_SYS_ACL_SET_PERMSET, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_valid, SMB_VFS_OP_SYS_ACL_VALID, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_set_file, SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_set_fd, SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_delete_def_file, SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_get_perm, SMB_VFS_OP_SYS_ACL_GET_PERM, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_free_text, SMB_VFS_OP_SYS_ACL_FREE_TEXT, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_free_acl, SMB_VFS_OP_SYS_ACL_FREE_ACL, SMB_VFS_LAYER_TRANSPARENT}, + {fake_perms_sys_acl_free_qualifier, SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, SMB_VFS_LAYER_TRANSPARENT}, + + {NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} +}; + +/* VFS initialisation - return initialized vfs_op_tuple array back to Samba */ + +vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops, + struct smb_vfs_handle_struct *vfs_handle) +{ + DEBUG(3, ("Initialising default vfs hooks\n")); + + *vfs_version = SMB_VFS_INTERFACE_VERSION; + memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops)); + + /* Remember vfs_handle for further allocation and referencing of private + information in vfs_handle->data + */ + fake_perms_handle = vfs_handle; + return fake_perms_ops; +} + +/* VFS finalization function */ +void vfs_done(struct tcon_context *conn) +{ + DEBUG(3, ("Finalizing default vfs hooks\n")); +} diff --git a/source4/modules/vfs_netatalk.c b/source4/modules/vfs_netatalk.c new file mode 100644 index 0000000000..0c1eb8d15e --- /dev/null +++ b/source4/modules/vfs_netatalk.c @@ -0,0 +1,429 @@ +/* + * AppleTalk VFS module for Samba-3.x + * + * Copyright (C) Alexei Kotovich, 2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "config.h" +#include +#include +#ifdef HAVE_UTIME_H +#include +#endif +#ifdef HAVE_DIRENT_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#include +#include +#include + +#define APPLEDOUBLE ".AppleDouble" +#define ADOUBLEMODE 0777 + +/* atalk functions */ + +static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, + const char *fname, char **adbl_path, char **orig_path, + SMB_STRUCT_STAT *adbl_info, SMB_STRUCT_STAT *orig_info); + +static int atalk_unlink_file(const char *path); + +static struct vfs_ops default_vfs_ops; /* For passthrough operation */ +static struct smb_vfs_handle_struct *atalk_handle; + +static int atalk_get_path_ptr(char *path) +{ + int i = 0; + int ptr = 0; + + for (i = 0; path[i]; i ++) { + if (path[i] == '/') + ptr = i; + /* get out some 'spam';) from win32's file name */ + else if (path[i] == ':') { + path[i] = '\0'; + break; + } + } + + return ptr; +} + +static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, const char *fname, + char **adbl_path, char **orig_path, + SMB_STRUCT_STAT *adbl_info, SMB_STRUCT_STAT *orig_info) +{ + int ptr0 = 0; + int ptr1 = 0; + char *dname = 0; + char *name = 0; + + if (!ctx || !path || !fname || !adbl_path || !orig_path || + !adbl_info || !orig_info) + return -1; +#if 0 + DEBUG(3, ("ATALK: PATH: %s[%s]\n", path, fname)); +#endif + if (strstr(path, APPLEDOUBLE) || strstr(fname, APPLEDOUBLE)) { + DEBUG(3, ("ATALK: path %s[%s] already contains %s\n", path, fname, APPLEDOUBLE)); + return -1; + } + + if (fname[0] == '.') ptr0 ++; + if (fname[1] == '/') ptr0 ++; + + *orig_path = talloc_asprintf(ctx, "%s/%s", path, &fname[ptr0]); + + /* get pointer to last '/' */ + ptr1 = atalk_get_path_ptr(*orig_path); + + sys_lstat(*orig_path, orig_info); + + if (S_ISDIR(orig_info->st_mode)) { + *adbl_path = talloc_asprintf(ctx, "%s/%s/%s/", + path, &fname[ptr0], APPLEDOUBLE); + } else { + dname = talloc_strdup(ctx, *orig_path); + dname[ptr1] = '\0'; + name = *orig_path; + *adbl_path = talloc_asprintf(ctx, "%s/%s/%s", + dname, APPLEDOUBLE, &name[ptr1 + 1]); + } +#if 0 + DEBUG(3, ("ATALK: DEBUG:\n%s\n%s\n", *orig_path, *adbl_path)); +#endif + sys_lstat(*adbl_path, adbl_info); + return 0; +} + +static int atalk_unlink_file(const char *path) +{ + int ret = 0; + + become_root(); + ret = unlink(path); + unbecome_root(); + + return ret; +} + +static void atalk_add_to_list(name_compare_entry **list) +{ + int i, count = 0; + name_compare_entry *new_list = 0; + name_compare_entry *cur_list = 0; + + cur_list = *list; + + if (cur_list) { + for (i = 0, count = 0; cur_list[i].name; i ++, count ++) { + if (strstr(cur_list[i].name, APPLEDOUBLE)) + return; + } + } + + if (!(new_list = calloc(1, + (count == 0 ? 1 : count + 1) * sizeof(name_compare_entry)))) + return; + + for (i = 0; i < count; i ++) { + new_list[i].name = strdup(cur_list[i].name); + new_list[i].is_wild = cur_list[i].is_wild; + } + + new_list[i].name = strdup(APPLEDOUBLE); + new_list[i].is_wild = False; + + free_namearray(*list); + + *list = new_list; + new_list = 0; + cur_list = 0; +} + +static void atalk_rrmdir(TALLOC_CTX *ctx, char *path) +{ + char *dpath; + struct dirent *dent = 0; + DIR *dir; + + if (!path) return; + + dir = opendir(path); + if (!dir) return; + + while (NULL != (dent = readdir(dir))) { + if (strcmp(dent->d_name, ".") == 0 || + strcmp(dent->d_name, "..") == 0) + continue; + if (!(dpath = talloc_asprintf(ctx, "%s/%s", + path, dent->d_name))) + continue; + atalk_unlink_file(dpath); + } + + closedir(dir); +} + +/* Disk operations */ + +/* Directory operations */ + +DIR *atalk_opendir(struct tcon_context *conn, const char *fname) +{ + DIR *ret = 0; + + ret = default_vfs_ops.opendir(conn, fname); + + /* + * when we try to perform delete operation upon file which has fork + * in ./.AppleDouble and this directory wasn't hidden by Samba, + * MS Windows explorer causes the error: "Cannot find the specified file" + * There is some workaround to avoid this situation, i.e. if + * connection has not .AppleDouble entry in either veto or hide + * list then it would be nice to add one. + */ + + atalk_add_to_list(&conn->hide_list); + atalk_add_to_list(&conn->veto_list); + + return ret; +} + +static int atalk_rmdir(struct tcon_context *conn, const char *path) +{ + BOOL add = False; + TALLOC_CTX *ctx = 0; + char *dpath; + + if (!conn || !conn->origpath || !path) goto exit_rmdir; + + /* due to there is no way to change bDeleteVetoFiles variable + * from this module, gotta use talloc stuff.. + */ + + strstr(path, APPLEDOUBLE) ? (add = False) : (add = True); + + if (!(ctx = talloc_init("remove_directory"))) + goto exit_rmdir; + + if (!(dpath = talloc_asprintf(ctx, "%s/%s%s", + conn->origpath, path, add ? "/"APPLEDOUBLE : ""))) + goto exit_rmdir; + + atalk_rrmdir(ctx, dpath); + +exit_rmdir: + talloc_destroy(ctx); + return default_vfs_ops.rmdir(conn, path); +} + +/* File operations */ + +static int atalk_rename(struct tcon_context *conn, const char *old, const char *new) +{ + int ret = 0; + char *adbl_path = 0; + char *orig_path = 0; + SMB_STRUCT_STAT adbl_info; + SMB_STRUCT_STAT orig_info; + TALLOC_CTX *ctx; + + ret = default_vfs_ops.rename(conn, old, new); + + if (!conn || !old) return ret; + + if (!(ctx = talloc_init("rename_file"))) + return ret; + + if (atalk_build_paths(ctx, conn->origpath, old, &adbl_path, &orig_path, + &adbl_info, &orig_info) != 0) + return ret; + + if (S_ISDIR(orig_info.st_mode) || S_ISREG(orig_info.st_mode)) { + DEBUG(3, ("ATALK: %s has passed..\n", adbl_path)); + goto exit_rename; + } + + atalk_unlink_file(adbl_path); + +exit_rename: + talloc_destroy(ctx); + return ret; +} + +static int atalk_unlink(struct tcon_context *conn, const char *path) +{ + int ret = 0, i; + char *adbl_path = 0; + char *orig_path = 0; + SMB_STRUCT_STAT adbl_info; + SMB_STRUCT_STAT orig_info; + TALLOC_CTX *ctx; + + ret = default_vfs_ops.unlink(conn, path); + + if (!conn || !path) return ret; + + /* no .AppleDouble sync if veto or hide list is empty, + * otherwise "Cannot find the specified file" error will be caused + */ + + if (!conn->veto_list) return ret; + if (!conn->hide_list) return ret; + + for (i = 0; conn->veto_list[i].name; i ++) { + if (strstr(conn->veto_list[i].name, APPLEDOUBLE)) + break; + } + + if (!conn->veto_list[i].name) { + for (i = 0; conn->hide_list[i].name; i ++) { + if (strstr(conn->hide_list[i].name, APPLEDOUBLE)) + break; + else { + DEBUG(3, ("ATALK: %s is not hidden, skipped..\n", + APPLEDOUBLE)); + return ret; + } + } + } + + if (!(ctx = talloc_init("unlink_file"))) + return ret; + + if (atalk_build_paths(ctx, conn->origpath, path, &adbl_path, &orig_path, + &adbl_info, &orig_info) != 0) + return ret; + + if (S_ISDIR(orig_info.st_mode) || S_ISREG(orig_info.st_mode)) { + DEBUG(3, ("ATALK: %s has passed..\n", adbl_path)); + goto exit_unlink; + } + + atalk_unlink_file(adbl_path); + +exit_unlink: + talloc_destroy(ctx); + return ret; +} + +static int atalk_chmod(struct tcon_context *conn, const char *path, mode_t mode) +{ + int ret = 0; + char *adbl_path = 0; + char *orig_path = 0; + SMB_STRUCT_STAT adbl_info; + SMB_STRUCT_STAT orig_info; + TALLOC_CTX *ctx; + + ret = default_vfs_ops.chmod(conn, path, mode); + + if (!conn || !path) return ret; + + if (!(ctx = talloc_init("chmod_file"))) + return ret; + + if (atalk_build_paths(ctx, conn->origpath, path, &adbl_path, &orig_path, + &adbl_info, &orig_info) != 0) + return ret; + + if (!S_ISDIR(orig_info.st_mode) && !S_ISREG(orig_info.st_mode)) { + DEBUG(3, ("ATALK: %s has passed..\n", orig_path)); + goto exit_chmod; + } + + chmod(adbl_path, ADOUBLEMODE); + +exit_chmod: + talloc_destroy(ctx); + return ret; +} + +static int atalk_chown(struct tcon_context *conn, const char *path, uid_t uid, gid_t gid) +{ + int ret = 0; + char *adbl_path = 0; + char *orig_path = 0; + SMB_STRUCT_STAT adbl_info; + SMB_STRUCT_STAT orig_info; + TALLOC_CTX *ctx; + + ret = default_vfs_ops.chown(conn, path, uid, gid); + + if (!conn || !path) return ret; + + if (!(ctx = talloc_init("chown_file"))) + return ret; + + if (atalk_build_paths(ctx, conn->origpath, path, &adbl_path, &orig_path, + &adbl_info, &orig_info) != 0) + return ret; + + if (!S_ISDIR(orig_info.st_mode) && !S_ISREG(orig_info.st_mode)) { + DEBUG(3, ("ATALK: %s has passed..\n", orig_path)); + goto exit_chown; + } + + chown(adbl_path, uid, gid); + +exit_chown: + talloc_destroy(ctx); + return ret; +} + +static vfs_op_tuple atalk_ops[] = { + + /* Directory operations */ + + {atalk_opendir, SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_TRANSPARENT}, + {atalk_rmdir, SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT}, + + /* File operations */ + + {atalk_rename, SMB_VFS_OP_RENAME, SMB_VFS_LAYER_TRANSPARENT}, + {atalk_unlink, SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + {atalk_chmod, SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_TRANSPARENT}, + {atalk_chown, SMB_VFS_OP_CHOWN, SMB_VFS_LAYER_TRANSPARENT}, + + /* Finish VFS operations definition */ + + {NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} +}; + +/* VFS initialisation function. Return vfs_op_tuple array back to SAMBA. */ +vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops, + struct smb_vfs_handle_struct *vfs_handle) +{ + *vfs_version = SMB_VFS_INTERFACE_VERSION; + memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops)); + + atalk_handle = vfs_handle; + + DEBUG(3, ("ATALK: vfs module loaded\n")); + return atalk_ops; +} + +/* VFS finalization function. */ +void vfs_done(struct tcon_context *conn) +{ + DEBUG(3, ("ATALK: vfs module unloaded\n")); +} diff --git a/source4/modules/vfs_recycle.c b/source4/modules/vfs_recycle.c new file mode 100644 index 0000000000..2a017aca04 --- /dev/null +++ b/source4/modules/vfs_recycle.c @@ -0,0 +1,648 @@ +/* + * Recycle bin VFS module for Samba. + * + * Copyright (C) 2001, Brandon Stone, Amherst College, . + * Copyright (C) 2002, Jeremy Allison - modified to make a VFS module. + * Copyright (C) 2002, Alexander Bokovoy - cascaded VFS adoption, + * Copyright (C) 2002, Juergen Hasch - added some options. + * Copyright (C) 2002, Simo Sorce + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#define ALLOC_CHECK(ptr, label) do { if ((ptr) == NULL) { DEBUG(0, ("recycle.bin: out of memory!\n")); errno = ENOMEM; goto label; } } while(0) + +static int vfs_recycle_debug_level = DBGC_VFS; + +#undef DBGC_CLASS +#define DBGC_CLASS vfs_recycle_debug_level + +static const char *delimiter = "|"; /* delimiter for options */ + +/* One per connection */ + +typedef struct recycle_bin_struct +{ + TALLOC_CTX *mem_ctx; + char *repository; /* name of the recycle bin directory */ + BOOL keep_dir_tree; /* keep directory structure of deleted file in recycle bin */ + BOOL versions; /* create versions of deleted files with identical name */ + BOOL touch; /* touch access date of deleted file */ + char *exclude; /* which files to exclude */ + char *exclude_dir; /* which directories to exclude */ + char *noversions; /* which files to exclude from versioning */ + SMB_OFF_T maxsize; /* maximum file size to be saved */ +} recycle_bin_struct; + +typedef struct recycle_bin_connections { + int conn; + recycle_bin_struct *data; + struct recycle_bin_connections *next; +} recycle_bin_connections; + +typedef struct recycle_bin_private_data { + TALLOC_CTX *mem_ctx; + recycle_bin_connections *conns; +} recycle_bin_private_data; + +struct smb_vfs_handle_struct *recycle_bin_private_handle; + +/* VFS operations */ +static struct vfs_ops default_vfs_ops; /* For passthrough operation */ + +static int recycle_connect(struct tcon_context *conn, const char *service, const char *user); +static void recycle_disconnect(struct tcon_context *conn); +static int recycle_unlink(struct tcon_context *, const char *); + +#define VFS_OP(x) ((void *) x) + +static vfs_op_tuple recycle_ops[] = { + + /* Disk operations */ + {VFS_OP(recycle_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, + {VFS_OP(recycle_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT}, + + /* File operations */ + {VFS_OP(recycle_unlink), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + + {NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} +}; + +/** + * VFS initialisation function. + * + * @retval initialised vfs_op_tuple array + **/ +vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops, + struct smb_vfs_handle_struct *vfs_handle) +{ + TALLOC_CTX *mem_ctx = NULL; + + DEBUG(10, ("Initializing VFS module recycle\n")); + *vfs_version = SMB_VFS_INTERFACE_VERSION; + memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops)); + vfs_recycle_debug_level = debug_add_class("vfs_recycle_bin"); + if (vfs_recycle_debug_level == -1) { + vfs_recycle_debug_level = DBGC_VFS; + DEBUG(0, ("vfs_recycle: Couldn't register custom debugging class!\n")); + } else { + DEBUG(0, ("vfs_recycle: Debug class number of 'vfs_recycle': %d\n", vfs_recycle_debug_level)); + } + + recycle_bin_private_handle = vfs_handle; + if (!(mem_ctx = talloc_init("recycle bin data"))) { + DEBUG(0, ("Failed to allocate memory in VFS module recycle_bin\n")); + return NULL; + } + + recycle_bin_private_handle->data = talloc(mem_ctx, sizeof(recycle_bin_private_data)); + if (recycle_bin_private_handle->data == NULL) { + DEBUG(0, ("Failed to allocate memory in VFS module recycle_bin\n")); + return NULL; + } + ((recycle_bin_private_data *)(recycle_bin_private_handle->data))->mem_ctx = mem_ctx; + ((recycle_bin_private_data *)(recycle_bin_private_handle->data))->conns = NULL; + + return recycle_ops; +} + +/** + * VFS finalization function. + * + **/ +void vfs_done(void) +{ + recycle_bin_private_data *recdata; + recycle_bin_connections *recconn; + + DEBUG(10, ("Unloading/Cleaning VFS module recycle bin\n")); + + if (recycle_bin_private_handle) + recdata = (recycle_bin_private_data *)(recycle_bin_private_handle->data); + else { + DEBUG(0, ("Recycle bin not initialized!\n")); + return; + } + + if (recdata) { + if (recdata->conns) { + recconn = recdata->conns; + while (recconn) { + talloc_destroy(recconn->data->mem_ctx); + recconn = recconn->next; + } + } + if (recdata->mem_ctx) { + talloc_destroy(recdata->mem_ctx); + } + recdata = NULL; + } +} + +static int recycle_connect(struct tcon_context *conn, const char *service, const char *user) +{ + TALLOC_CTX *ctx = NULL; + recycle_bin_struct *recbin; + recycle_bin_connections *recconn; + recycle_bin_connections *recconnbase; + recycle_bin_private_data *recdata; + char *tmp_str; + + DEBUG(10, ("Called for service %s (%d) as user %s\n", service, SNUM(conn), user)); + + if (recycle_bin_private_handle) + recdata = (recycle_bin_private_data *)(recycle_bin_private_handle->data); + else { + DEBUG(0, ("Recycle bin not initialized!\n")); + return -1; + } + + if (!(ctx = talloc_init("recycle bin connection"))) { + DEBUG(0, ("Failed to allocate memory in VFS module recycle_bin\n")); + return -1; + } + + recbin = talloc(ctx, sizeof(recycle_bin_struct)); + if (recbin == NULL) { + DEBUG(0, ("Failed to allocate memory in VFS module recycle_bin\n")); + return -1; + } + recbin->mem_ctx = ctx; + + /* Set defaults */ + recbin->repository = talloc_strdup(recbin->mem_ctx, ".recycle"); + ALLOC_CHECK(recbin->repository, error); + recbin->keep_dir_tree = False; + recbin->versions = False; + recbin->touch = False; + recbin->exclude = ""; + recbin->exclude_dir = ""; + recbin->noversions = ""; + recbin->maxsize = 0; + + /* parse configuration options */ + if ((tmp_str = lp_parm_string(SNUM(conn), "vfs_recycle_bin", "repository")) != NULL) { + recbin->repository = talloc_sub_conn(recbin->mem_ctx, conn, tmp_str); + ALLOC_CHECK(recbin->repository, error); + trim_string(recbin->repository, "/", "/"); + DEBUG(5, ("recycle.bin: repository = %s\n", recbin->repository)); + } + + recbin->keep_dir_tree = lp_parm_bool(SNUM(conn), "vfs_recycle_bin", "keeptree", False); + DEBUG(5, ("recycle.bin: keeptree = %d\n", recbin->keep_dir_tree)); + + recbin->versions = lp_parm_bool(SNUM(conn), "vfs_recycle_bin", "versions", False); + DEBUG(5, ("recycle.bin: versions = %d\n", recbin->versions)); + + recbin->touch = lp_parm_bool(SNUM(conn), "vfs_recycle_bin", "touch", False); + DEBUG(5, ("recycle.bin: touch = %d\n", recbin->touch)); + + recbin->maxsize = lp_parm_ulong(SNUM(conn), "vfs_recycle_bin", "maxsize"); + if (recbin->maxsize == 0) { + recbin->maxsize = -1; + DEBUG(5, ("recycle.bin: maxsize = -infinite-\n")); + } else { + DEBUG(5, ("recycle.bin: maxsize = %ld\n", (long int)recbin->maxsize)); + } + + if ((tmp_str = lp_parm_string(SNUM(conn), "vfs_recycle_bin", "exclude")) != NULL) { + recbin->exclude = talloc_strdup(recbin->mem_ctx, tmp_str); + ALLOC_CHECK(recbin->exclude, error); + DEBUG(5, ("recycle.bin: exclude = %s\n", recbin->exclude)); + } + if ((tmp_str = lp_parm_string(SNUM(conn), "vfs_recycle_bin", "exclude_dir")) != NULL) { + recbin->exclude_dir = talloc_strdup(recbin->mem_ctx, tmp_str); + ALLOC_CHECK(recbin->exclude_dir, error); + DEBUG(5, ("recycle.bin: exclude_dir = %s\n", recbin->exclude_dir)); + } + if ((tmp_str = lp_parm_string(SNUM(conn), "vfs_recycle_bin", "noversions")) != NULL) { + recbin->noversions = talloc_strdup(recbin->mem_ctx, tmp_str); + ALLOC_CHECK(recbin->noversions, error); + DEBUG(5, ("recycle.bin: noversions = %s\n", recbin->noversions)); + } + + recconn = talloc(recdata->mem_ctx, sizeof(recycle_bin_connections)); + if (recconn == NULL) { + DEBUG(0, ("Failed to allocate memory in VFS module recycle_bin\n")); + goto error; + } + recconn->conn = SNUM(conn); + recconn->data = recbin; + recconn->next = NULL; + if (recdata->conns) { + recconnbase = recdata->conns; + while (recconnbase->next != NULL) recconnbase = recconnbase->next; + recconnbase->next = recconn; + } else { + recdata->conns = recconn; + } + return default_vfs_ops.connect(conn, service, user); + +error: + talloc_destroy(ctx); + return -1; +} + +static void recycle_disconnect(struct tcon_context *conn) +{ + recycle_bin_private_data *recdata; + recycle_bin_connections *recconn; + + DEBUG(10, ("Disconnecting VFS module recycle bin\n")); + + if (recycle_bin_private_handle) + recdata = (recycle_bin_private_data *)(recycle_bin_private_handle->data); + else { + DEBUG(0, ("Recycle bin not initialized!\n")); + return; + } + + if (recdata) { + if (recdata->conns) { + if (recdata->conns->conn == SNUM(conn)) { + talloc_destroy(recdata->conns->data->mem_ctx); + recdata->conns = recdata->conns->next; + } else { + recconn = recdata->conns; + while (recconn->next) { + if (recconn->next->conn == SNUM(conn)) { + talloc_destroy(recconn->next->data->mem_ctx); + recconn->next = recconn->next->next; + break; + } + recconn = recconn->next; + } + } + } + } + default_vfs_ops.disconnect(conn); +} + +static BOOL recycle_directory_exist(struct tcon_context *conn, const char *dname) +{ + SMB_STRUCT_STAT st; + + if (default_vfs_ops.stat(conn, dname, &st) == 0) { + if (S_ISDIR(st.st_mode)) { + return True; + } + } + + return False; +} + +static BOOL recycle_file_exist(struct tcon_context *conn, const char *fname) +{ + SMB_STRUCT_STAT st; + + if (default_vfs_ops.stat(conn, fname, &st) == 0) { + if (S_ISREG(st.st_mode)) { + return True; + } + } + + return False; +} + +/** + * Return file size + * @param conn connection + * @param fname file name + * @return size in bytes + **/ +static SMB_OFF_T recycle_get_file_size(struct tcon_context *conn, const char *fname) +{ + SMB_STRUCT_STAT st; + if (default_vfs_ops.stat(conn, fname, &st) != 0) { + DEBUG(0,("recycle.bin: stat for %s returned %s\n", fname, strerror(errno))); + return (SMB_OFF_T)0; + } + return(st.st_size); +} + +/** + * Create directory tree + * @param conn connection + * @param dname Directory tree to be created + * @return Returns True for success + **/ +static BOOL recycle_create_dir(struct tcon_context *conn, const char *dname) +{ + int len; + mode_t mode; + char *new_dir = NULL; + char *tmp_str = NULL; + char *token; + char *tok_str; + BOOL ret = False; + + mode = S_IREAD | S_IWRITE | S_IEXEC; + + tmp_str = strdup(dname); + ALLOC_CHECK(tmp_str, done); + tok_str = tmp_str; + + len = strlen(dname); + new_dir = (char *)malloc(len + 1); + ALLOC_CHECK(new_dir, done); + *new_dir = '\0'; + + /* Create directory tree if neccessary */ + for(token = strtok(tok_str, "/"); token; token = strtok(NULL, "/")) { + safe_strcat(new_dir, token, len); + if (recycle_directory_exist(conn, new_dir)) + DEBUG(10, ("recycle.bin: dir %s already exists\n", new_dir)); + else { + DEBUG(5, ("recycle.bin: creating new dir %s\n", new_dir)); + if (default_vfs_ops.mkdir(conn, new_dir, mode) != 0) { + DEBUG(1,("recycle.bin: mkdir failed for %s with error: %s\n", new_dir, strerror(errno))); + ret = False; + goto done; + } + } + safe_strcat(new_dir, "/", len); + } + + ret = True; +done: + SAFE_FREE(tmp_str); + SAFE_FREE(new_dir); + return ret; +} + +/** + * Check if needle is contained exactly in haystack + * @param haystack list of parameters separated by delimimiter character + * @param needle string to be matched exactly to haystack + * @return True if found + **/ +static BOOL checkparam(const char *haystack, const char *needle) +{ + char *token; + char *tok_str; + char *tmp_str; + BOOL ret = False; + + if (haystack == NULL || strlen(haystack) == 0 || needle == NULL || strlen(needle) == 0) { + return False; + } + + tmp_str = strdup(haystack); + ALLOC_CHECK(tmp_str, done); + token = tok_str = tmp_str; + + for(token = strtok(tok_str, delimiter); token; token = strtok(NULL, delimiter)) { + if(strcmp(token, needle) == 0) { + ret = True; + goto done; + } + } +done: + SAFE_FREE(tmp_str); + return ret; +} + +/** + * Check if needle is contained in haystack, * and ? patterns are resolved + * @param haystack list of parameters separated by delimimiter character + * @param needle string to be matched exectly to haystack including pattern matching + * @return True if found + **/ +static BOOL matchparam(const char *haystack, const char *needle) +{ + char *token; + char *tok_str; + char *tmp_str; + BOOL ret = False; + + if (haystack == NULL || strlen(haystack) == 0 || needle == NULL || strlen(needle) == 0) { + return False; + } + + tmp_str = strdup(haystack); + ALLOC_CHECK(tmp_str, done); + token = tok_str = tmp_str; + + for(token = strtok(tok_str, delimiter); token; token = strtok(NULL, delimiter)) { + if (!unix_wild_match(token, needle)) { + ret = True; + goto done; + } + } +done: + SAFE_FREE(tmp_str); + return ret; +} + +/** + * Touch access date + **/ +static void recycle_touch(struct tcon_context *conn, const char *fname) +{ + SMB_STRUCT_STAT st; + struct utimbuf tb; + time_t currtime; + + if (default_vfs_ops.stat(conn, fname, &st) != 0) { + DEBUG(0,("recycle.bin: stat for %s returned %s\n", fname, strerror(errno))); + return; + } + currtime = time(&currtime); + tb.actime = currtime; + tb.modtime = st.st_mtime; + + if (default_vfs_ops.utime(conn, fname, &tb) == -1 ) + DEBUG(0, ("recycle.bin: touching %s failed, reason = %s\n", fname, strerror(errno))); + } + +/** + * Check if file should be recycled + **/ +static int recycle_unlink(struct tcon_context *conn, const char *file_name) +{ + recycle_bin_private_data *recdata; + recycle_bin_connections *recconn; + recycle_bin_struct *recbin; + char *path_name = NULL; + char *temp_name = NULL; + char *final_name = NULL; + const char *base; + int i; +/* SMB_BIG_UINT dfree, dsize, bsize; */ + SMB_OFF_T file_size; /* space_avail; */ + BOOL exist; + int rc = -1; + + recbin = NULL; + if (recycle_bin_private_handle) { + recdata = (recycle_bin_private_data *)(recycle_bin_private_handle->data); + if (recdata) { + if (recdata->conns) { + recconn = recdata->conns; + while (recconn && recconn->conn != SNUM(conn)) recconn = recconn->next; + if (recconn != NULL) { + recbin = recconn->data; + } + } + } + } + if (recbin == NULL) { + DEBUG(0, ("Recycle bin not initialized!\n")); + rc = default_vfs_ops.unlink(conn, file_name); + goto done; + } + + if(!recbin->repository || *(recbin->repository) == '\0') { + DEBUG(3, ("Recycle path not set, purging %s...\n", file_name)); + rc = default_vfs_ops.unlink(conn, file_name); + goto done; + } + + /* we don't recycle the recycle bin... */ + if (strncmp(file_name, recbin->repository, strlen(recbin->repository)) == 0) { + DEBUG(3, ("File is within recycling bin, unlinking ...\n")); + rc = default_vfs_ops.unlink(conn, file_name); + goto done; + } + + file_size = recycle_get_file_size(conn, file_name); + /* it is wrong to purge filenames only because they are empty imho + * --- simo + * + if(fsize == 0) { + DEBUG(3, ("File %s is empty, purging...\n", file_name)); + rc = default_vfs_ops.unlink(conn,file_name); + goto done; + } + */ + + /* FIXME: this is wrong, we should check the hole size of the recycle bin is + * not greater then maxsize, not the size of the single file, also it is better + * to remove older files + */ + if(recbin->maxsize > 0 && file_size > recbin->maxsize) { + DEBUG(3, ("File %s exceeds maximum recycle size, purging... \n", file_name)); + rc = default_vfs_ops.unlink(conn, file_name); + goto done; + } + + /* FIXME: this is wrong: moving files with rename does not change the disk space + * allocation + * + space_avail = default_vfs_ops.disk_free(conn, ".", True, &bsize, &dfree, &dsize) * 1024L; + DEBUG(5, ("space_avail = %Lu, file_size = %Lu\n", space_avail, file_size)); + if(space_avail < file_size) { + DEBUG(3, ("Not enough diskspace, purging file %s\n", file_name)); + rc = default_vfs_ops.unlink(conn, file_name); + goto done; + } + */ + + /* extract filename and path */ + path_name = (char *)malloc(PATH_MAX); + ALLOC_CHECK(path_name, done); + *path_name = '\0'; + safe_strcpy(path_name, file_name, PATH_MAX - 1); + base = strrchr(path_name, '/'); + if (base == NULL) { + base = file_name; + safe_strcpy(path_name, "/", PATH_MAX - 1); + } + else { + base++; + } + + DEBUG(10, ("recycle.bin: fname = %s\n", file_name)); /* original filename with path */ + DEBUG(10, ("recycle.bin: fpath = %s\n", path_name)); /* original path */ + DEBUG(10, ("recycle.bin: base = %s\n", base)); /* filename without path */ + + if (matchparam(recbin->exclude, base)) { + DEBUG(3, ("recycle.bin: file %s is excluded \n", base)); + rc = default_vfs_ops.unlink(conn, file_name); + goto done; + } + + /* FIXME: this check will fail if we have more than one level of directories, + * we shoud check for every level 1, 1/2, 1/2/3, 1/2/3/4 .... + * ---simo + */ + if (checkparam(recbin->exclude_dir, path_name)) { + DEBUG(3, ("recycle.bin: directory %s is excluded \n", path_name)); + rc = default_vfs_ops.unlink(conn, file_name); + goto done; + } + + temp_name = (char *)strdup(recbin->repository); + ALLOC_CHECK(temp_name, done); + + /* see if we need to recreate the original directory structure in the recycle bin */ + if (recbin->keep_dir_tree == True) { + safe_strcat(temp_name, "/", PATH_MAX - 1); + safe_strcat(temp_name, path_name, PATH_MAX - 1); + } + + exist = recycle_directory_exist(conn, temp_name); + if (exist) { + DEBUG(10, ("recycle.bin: Directory already exists\n")); + } else { + DEBUG(10, ("recycle.bin: Creating directory %s\n", temp_name)); + if (recycle_create_dir(conn, temp_name) == False) { + DEBUG(3, ("Could not create directory, purging %s...\n", file_name)); + rc = default_vfs_ops.unlink(conn, file_name); + goto done; + } + } + + final_name = NULL; + asprintf(&final_name, "%s/%s", temp_name, base); + ALLOC_CHECK(final_name, done); + DEBUG(10, ("recycle.bin: recycled file name%s\n", temp_name)); /* new filename with path */ + + /* check if we should delete file from recycle bin */ + if (recycle_file_exist(conn, final_name)) { + if (recbin->versions == False || matchparam(recbin->noversions, base) == True) { + DEBUG(3, ("recycle.bin: Removing old file %s from recycle bin\n", final_name)); + if (default_vfs_ops.unlink(conn, final_name) != 0) { + DEBUG(1, ("recycle.bin: Error deleting old file: %s\n", strerror(errno))); + } + } + } + + /* rename file we move to recycle bin */ + i = 1; + while (recycle_file_exist(conn, final_name)) { + snprintf(final_name, PATH_MAX, "%s/Copy #%d of %s", temp_name, i++, base); + } + + DEBUG(10, ("recycle.bin: Moving %s to %s\n", file_name, final_name)); + rc = default_vfs_ops.rename(conn, file_name, final_name); + if (rc != 0) { + DEBUG(3, ("recycle.bin: Move error %d (%s), purging file %s (%s)\n", errno, strerror(errno), file_name, final_name)); + rc = default_vfs_ops.unlink(conn, file_name); + goto done; + } + + /* touch access date of moved file */ + if (recbin->touch == True ) + recycle_touch(conn, final_name); + +done: + SAFE_FREE(path_name); + SAFE_FREE(temp_name); + SAFE_FREE(final_name); + return rc; +} diff --git a/source4/modules/xml.c b/source4/modules/xml.c new file mode 100644 index 0000000000..ead3e3a874 --- /dev/null +++ b/source4/modules/xml.c @@ -0,0 +1,575 @@ + +/* + * XML password backend for samba + * Copyright (C) Jelmer Vernooij 2002 + * Some parts based on the libxml gjobread example by Daniel Veillard + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +/* FIXME: + * - Support stdin input by using '-' + * - Be faster. Don't rewrite the whole file when adding a user, but store it in the memory and save it when exiting. Requires changes to samba source. + * - Gives the ability to read/write to standard input/output + * - Do locking! + * - Better names! + */ + + +#define XML_URL "http://www.samba.org/ns" + +#include "includes.h" + +#include +#include + +static int xmlsam_debug_level = DBGC_ALL; + +#undef DBGC_CLASS +#define DBGC_CLASS xmlsam_debug_level + +static char * iota(int a) { + static char tmp[10]; + + snprintf(tmp, 9, "%d", a); + return tmp; +} + +BOOL parsePass(xmlDocPtr doc, xmlNsPtr ns, xmlNodePtr cur, SAM_ACCOUNT * u) +{ + pstring temp; + + cur = cur->xmlChildrenNode; + while (cur != NULL) { + if (strcmp(cur->name, "crypt")) + DEBUG(0, ("Unknown element %s\n", cur->name)); + else { + if (!strcmp(xmlGetProp(cur, "type"), "nt") + && + pdb_gethexpwd(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1), temp)) + pdb_set_nt_passwd(u, temp, PDB_SET); + else if (!strcmp(xmlGetProp(cur, "type"), "lanman") + && + pdb_gethexpwd(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1), temp)) + pdb_set_lanman_passwd(u, temp, PDB_SET); + else + DEBUG(0, + ("Unknown crypt type: %s\n", + xmlGetProp(cur, "type"))); + } + cur = cur->next; + } + return True; +} + +BOOL parseUser(xmlDocPtr doc, xmlNsPtr ns, xmlNodePtr cur, SAM_ACCOUNT * u) +{ + char *tmp; + DOM_SID sid; + + tmp = xmlGetProp(cur, "sid"); + if (tmp){ + string_to_sid(&sid, tmp); + pdb_set_user_sid(u, &sid, PDB_SET); + } + tmp = xmlGetProp(cur, "uid"); + if (tmp) + pdb_set_uid(u, atol(tmp), PDB_SET); + pdb_set_username(u, xmlGetProp(cur, "name"), PDB_SET); + /* We don't care what the top level element name is */ + cur = cur->xmlChildrenNode; + while (cur != NULL) { + if ((!strcmp(cur->name, "group")) && (cur->ns == ns)) { + tmp = xmlGetProp(cur, "gid"); + if (tmp) + pdb_set_gid(u, atol(tmp), PDB_SET); + tmp = xmlGetProp(cur, "sid"); + if (tmp){ + string_to_sid(&sid, tmp); + pdb_set_group_sid(u, &sid, PDB_SET); + } + } + + else if ((!strcmp(cur->name, "domain")) && (cur->ns == ns)) + pdb_set_domain(u, + xmlNodeListGetString(doc, cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "fullname") && cur->ns == ns) + pdb_set_fullname(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "nt_username") && cur->ns == ns) + pdb_set_nt_username(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "logon_script") && cur->ns == ns) + pdb_set_logon_script(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "profile_path") && cur->ns == ns) + pdb_set_profile_path(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "logon_time") && cur->ns == ns) + pdb_set_logon_time(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "logoff_time") && cur->ns == ns) + pdb_set_logoff_time(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), + PDB_SET); + + else if (!strcmp(cur->name, "kickoff_time") && cur->ns == ns) + pdb_set_kickoff_time(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), + PDB_SET); + + else if (!strcmp(cur->name, "logon_divs") && cur->ns == ns) + pdb_set_logon_divs(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "hours_len") && cur->ns == ns) + pdb_set_hours_len(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "unknown_3") && cur->ns == ns) + pdb_set_unknown_3(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "unknown_5") && cur->ns == ns) + pdb_set_unknown_5(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "unknown_6") && cur->ns == ns) + pdb_set_unknown_6(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "homedir") && cur->ns == ns) + pdb_set_homedir(u, + xmlNodeListGetString(doc, cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "unknown_str") && cur->ns == ns) + pdb_set_unknown_str(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "dir_drive") && cur->ns == ns) + pdb_set_dir_drive(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "munged_dial") && cur->ns == ns) + pdb_set_munged_dial(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "acct_desc") && cur->ns == ns) + pdb_set_acct_desc(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if (!strcmp(cur->name, "acct_ctrl") && cur->ns == ns) + pdb_set_acct_ctrl(u, + atol(xmlNodeListGetString + (doc, cur->xmlChildrenNode, 1)), PDB_SET); + + else if (!strcmp(cur->name, "workstations") && cur->ns == ns) + pdb_set_workstations(u, + xmlNodeListGetString(doc, + cur->xmlChildrenNode, + 1), PDB_SET); + + else if ((!strcmp(cur->name, "password")) && (cur->ns == ns)) { + tmp = xmlGetProp(cur, "last_set"); + if (tmp) + pdb_set_pass_last_set_time(u, atol(tmp), PDB_SET); + tmp = xmlGetProp(cur, "must_change"); + if (tmp) + pdb_set_pass_must_change_time(u, atol(tmp), PDB_SET); + tmp = xmlGetProp(cur, "can_change"); + if (tmp) + pdb_set_pass_can_change_time(u, atol(tmp), PDB_SET); + parsePass(doc, ns, cur, u); + } + + else + DEBUG(0, ("Unknown element %s\n", cur->name)); + cur = cur->next; + } + + return True; +} + +typedef struct pdb_xml { + char *location; + char written; + xmlDocPtr doc; + xmlNodePtr users; + xmlNodePtr pwent; + xmlNsPtr ns; +} pdb_xml; + +xmlNodePtr parseSambaXMLFile(struct pdb_xml *data) +{ + xmlNodePtr cur; + + data->doc = xmlParseFile(data->location); + if (data->doc == NULL) + return NULL; + + cur = xmlDocGetRootElement(data->doc); + if (!cur) { + DEBUG(0, ("empty document\n")); + xmlFreeDoc(data->doc); + return NULL; + } + data->ns = xmlSearchNsByHref(data->doc, cur, XML_URL); + if (!data->ns) { + DEBUG(0, + ("document of the wrong type, samba user namespace not found\n")); + xmlFreeDoc(data->doc); + return NULL; + } + if (strcmp(cur->name, "samba")) { + DEBUG(0, ("document of the wrong type, root node != samba")); + xmlFreeDoc(data->doc); + return NULL; + } + + cur = cur->xmlChildrenNode; + while (cur && xmlIsBlankNode(cur)) { + cur = cur->next; + } + if (!cur) + return NULL; + if ((strcmp(cur->name, "users")) || (cur->ns != data->ns)) { + DEBUG(0, ("document of the wrong type, was '%s', users expected", + cur->name)); + DEBUG(0, ("xmlDocDump follows\n")); + xmlDocDump(stderr, data->doc); + DEBUG(0, ("xmlDocDump finished\n")); + xmlFreeDoc(data->doc); + return NULL; + } + data->users = cur; + cur = cur->xmlChildrenNode; + return cur; +} + +static NTSTATUS xmlsam_setsampwent(struct pdb_methods *methods, BOOL update) +{ + pdb_xml *data; + + if (!methods) { + DEBUG(0, ("Invalid methods\n")); + return NT_STATUS_INVALID_PARAMETER; + } + data = (pdb_xml *) methods->private_data; + if (!data) { + DEBUG(0, ("Invalid pdb_xml_data\n")); + return NT_STATUS_INVALID_PARAMETER; + } + data->pwent = parseSambaXMLFile(data); + if (!data->pwent) + return NT_STATUS_UNSUCCESSFUL; + + return NT_STATUS_OK; +} + +/*************************************************************** + End enumeration of the passwd list. + ****************************************************************/ + +static void xmlsam_endsampwent(struct pdb_methods *methods) +{ + pdb_xml *data; + + if (!methods) { + DEBUG(0, ("Invalid methods\n")); + return; + } + + data = (pdb_xml *) methods->private_data; + + if (!data) { + DEBUG(0, ("Invalid pdb_xml_data\n")); + return; + } + + xmlFreeDoc(data->doc); + data->doc = NULL; + data->pwent = NULL; +} + +/***************************************************************** + Get one SAM_ACCOUNT from the list (next in line) + *****************************************************************/ + +static NTSTATUS xmlsam_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT * user) +{ + pdb_xml *data; + + if (!methods) { + DEBUG(0, ("Invalid methods\n")); + return NT_STATUS_INVALID_PARAMETER; + } + data = (pdb_xml *) methods->private_data; + + if (!data) { + DEBUG(0, ("Invalid pdb_xml_data\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + while (data->pwent) { + if ((!strcmp(data->pwent->name, "user")) && + (data->pwent->ns == data->ns)) { + + parseUser(data->doc, data->ns, data->pwent, user); + data->pwent = data->pwent->next; + return NT_STATUS_OK; + } + data->pwent = data->pwent->next; + } + return NT_STATUS_UNSUCCESSFUL; +} + +/*************************************************************************** + Adds an existing SAM_ACCOUNT + ****************************************************************************/ + +static NTSTATUS xmlsam_add_sam_account(struct pdb_methods *methods, SAM_ACCOUNT * u) +{ + pstring temp; + fstring sid_str; + xmlNodePtr cur, user, pass, root; + pdb_xml *data; + + DEBUG(10, ("xmlsam_add_sam_account called!\n")); + + if (!methods) { + DEBUG(0, ("Invalid methods\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + data = (pdb_xml *) methods->private_data; + if (!data) { + DEBUG(0, ("Invalid pdb_xml_data\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + /* Create a new document if we can't open the current one */ + if (!parseSambaXMLFile(data)) { + DEBUG(0, ("Can't load current XML file, creating a new one\n")); + data->doc = xmlNewDoc(XML_DEFAULT_VERSION); + root = xmlNewDocNode(data->doc, NULL, "samba", NULL); + cur = xmlDocSetRootElement(data->doc, root); + data->ns = xmlNewNs(root, XML_URL, "samba"); + data->users = xmlNewChild(root, data->ns, "users", NULL); + } + + user = xmlNewChild(data->users, data->ns, "user", NULL); + xmlNewProp(user, "sid", + sid_to_string(sid_str, pdb_get_user_sid(u))); + if (pdb_get_init_flags(u, PDB_UID) != PDB_DEFAULT) + xmlNewProp(user, "uid", iota(pdb_get_uid(u))); + + if (pdb_get_username(u) && strcmp(pdb_get_username(u), "")) + xmlNewProp(user, "name", pdb_get_username(u)); + + cur = xmlNewChild(user, data->ns, "group", NULL); + + xmlNewProp(cur, "sid", + sid_to_string(sid_str, pdb_get_group_sid(u))); + if (pdb_get_init_flags(u, PDB_GID) != PDB_DEFAULT) + xmlNewProp(cur, "gid", iota(pdb_get_gid(u))); + + if (pdb_get_init_flags(u, PDB_LOGONTIME) != PDB_DEFAULT) + xmlNewChild(user, data->ns, "login_time", + iota(pdb_get_logon_time(u))); + + if (pdb_get_init_flags(u, PDB_LOGOFFTIME) != PDB_DEFAULT) + xmlNewChild(user, data->ns, "logoff_time", + iota(pdb_get_logoff_time(u))); + + if (pdb_get_init_flags(u, PDB_KICKOFFTIME) != PDB_DEFAULT) + xmlNewChild(user, data->ns, "kickoff_time", + iota(pdb_get_kickoff_time(u))); + + if (pdb_get_domain(u) && strcmp(pdb_get_domain(u), "")) + xmlNewChild(user, data->ns, "domain", pdb_get_domain(u)); + + if (pdb_get_nt_username(u) && strcmp(pdb_get_nt_username(u), "")) + xmlNewChild(user, data->ns, "nt_username", pdb_get_nt_username(u)); + + if (pdb_get_fullname(u) && strcmp(pdb_get_fullname(u), "")) + xmlNewChild(user, data->ns, "fullname", pdb_get_fullname(u)); + + if (pdb_get_homedir(u) && strcmp(pdb_get_homedir(u), "")) + xmlNewChild(user, data->ns, "homedir", pdb_get_homedir(u)); + + if (pdb_get_dir_drive(u) && strcmp(pdb_get_dir_drive(u), "")) + xmlNewChild(user, data->ns, "dir_drive", pdb_get_dir_drive(u)); + + if (pdb_get_logon_script(u) && strcmp(pdb_get_logon_script(u), "")) + xmlNewChild(user, data->ns, "logon_script", + pdb_get_logon_script(u)); + + if (pdb_get_profile_path(u) && strcmp(pdb_get_profile_path(u), "")) + xmlNewChild(user, data->ns, "profile_path", + pdb_get_profile_path(u)); + + if (pdb_get_acct_desc(u) && strcmp(pdb_get_acct_desc(u), "")) + xmlNewChild(user, data->ns, "acct_desc", pdb_get_acct_desc(u)); + + if (pdb_get_workstations(u) && strcmp(pdb_get_workstations(u), "")) + xmlNewChild(user, data->ns, "workstations", + pdb_get_workstations(u)); + + if (pdb_get_unknown_str(u) && strcmp(pdb_get_unknown_str(u), "")) + xmlNewChild(user, data->ns, "unknown_str", pdb_get_unknown_str(u)); + + if (pdb_get_munged_dial(u) && strcmp(pdb_get_munged_dial(u), "")) + xmlNewChild(user, data->ns, "munged_dial", pdb_get_munged_dial(u)); + + + /* Password stuff */ + pass = xmlNewChild(user, data->ns, "password", NULL); + if (pdb_get_pass_last_set_time(u)) + xmlNewProp(pass, "last_set", iota(pdb_get_pass_last_set_time(u))); + if (pdb_get_init_flags(u, PDB_CANCHANGETIME) != PDB_DEFAULT) + xmlNewProp(pass, "can_change", + iota(pdb_get_pass_can_change_time(u))); + + if (pdb_get_init_flags(u, PDB_MUSTCHANGETIME) != PDB_DEFAULT) + xmlNewProp(pass, "must_change", + iota(pdb_get_pass_must_change_time(u))); + + + if (pdb_get_lanman_passwd(u)) { + pdb_sethexpwd(temp, pdb_get_lanman_passwd(u), + pdb_get_acct_ctrl(u)); + cur = xmlNewChild(pass, data->ns, "crypt", temp); + xmlNewProp(cur, "type", "lanman"); + } + + if (pdb_get_nt_passwd(u)) { + pdb_sethexpwd(temp, pdb_get_nt_passwd(u), pdb_get_acct_ctrl(u)); + cur = xmlNewChild(pass, data->ns, "crypt", temp); + xmlNewProp(cur, "type", "nt"); + } + + xmlNewChild(user, data->ns, "acct_ctrl", iota(pdb_get_acct_ctrl(u))); + xmlNewChild(user, data->ns, "unknown_3", iota(pdb_get_unknown_3(u))); + + if (pdb_get_logon_divs(u)) + xmlNewChild(user, data->ns, "logon_divs", + iota(pdb_get_logon_divs(u))); + + if (pdb_get_hours_len(u)) + xmlNewChild(user, data->ns, "hours_len", + iota(pdb_get_hours_len(u))); + + xmlNewChild(user, data->ns, "unknown_5", iota(pdb_get_unknown_5(u))); + xmlNewChild(user, data->ns, "unknown_6", iota(pdb_get_unknown_6(u))); + xmlSaveFile(data->location, data->doc); + + return NT_STATUS_OK; +} + +NTSTATUS xmlsam_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method, + const char *location) +{ + NTSTATUS nt_status; + pdb_xml *data; + + xmlsam_debug_level = debug_add_class("xmlsam"); + if (xmlsam_debug_level == -1) { + xmlsam_debug_level = DBGC_ALL; + DEBUG(0, ("xmlsam: Couldn't register custom debugging class!\n")); + } + + if (!pdb_context) { + DEBUG(0, ("invalid pdb_methods specified\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK + (nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { + return nt_status; + } + + (*pdb_method)->name = "xmlsam"; + + (*pdb_method)->setsampwent = xmlsam_setsampwent; + (*pdb_method)->endsampwent = xmlsam_endsampwent; + (*pdb_method)->getsampwent = xmlsam_getsampwent; + (*pdb_method)->add_sam_account = xmlsam_add_sam_account; + (*pdb_method)->getsampwnam = NULL; + (*pdb_method)->getsampwsid = NULL; + (*pdb_method)->update_sam_account = NULL; + (*pdb_method)->delete_sam_account = NULL; + (*pdb_method)->getgrsid = NULL; + (*pdb_method)->getgrgid = NULL; + (*pdb_method)->getgrnam = NULL; + (*pdb_method)->add_group_mapping_entry = NULL; + (*pdb_method)->update_group_mapping_entry = NULL; + (*pdb_method)->delete_group_mapping_entry = NULL; + (*pdb_method)->enum_group_mapping = NULL; + + data = talloc(pdb_context->mem_ctx, sizeof(pdb_xml)); + data->location = + (location ? talloc_strdup(pdb_context->mem_ctx, location) : "-"); + data->pwent = NULL; + data->written = 0; + (*pdb_method)->private_data = data; + + LIBXML_TEST_VERSION xmlKeepBlanksDefault(0); + + return NT_STATUS_OK; +} + +int init_module(void); + +int init_module() +{ + if(smb_register_passdb("xml", xmlsam_init, PASSDB_INTERFACE_VERSION)) + return 0; + + return 1; +} -- cgit