From d685e56a772973d74a53421aa118ecc49d74fab0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 3 Nov 2004 01:50:49 +0000 Subject: r3500: cleaned up the AS_USER/AS_GUEST stuff in the core smb packet processing (This used to be commit 8fa456afc9be113f292a1952119b533e4dc04fc1) --- source4/smb_server/smb_server.c | 132 +++++++++++----------------------------- 1 file changed, 36 insertions(+), 96 deletions(-) (limited to 'source4/smb_server') diff --git a/source4/smb_server/smb_server.c b/source4/smb_server/smb_server.c index 39dc73096c..e1eb4e3179 100644 --- a/source4/smb_server/smb_server.c +++ b/source4/smb_server/smb_server.c @@ -170,18 +170,10 @@ static NTSTATUS receive_smb_request(struct smbsrv_connection *smb_conn) } /* -These flags determine some of the permissions required to do an operation - -Note that I don't set NEED_WRITE on some write operations because they -are used by some brain-dead clients when printing, and I don't want to -force write permissions on print services. + These flags determine some of the permissions required to do an operation */ #define AS_USER (1<<0) -#define NEED_WRITE (1<<1) -#define TIME_INIT (1<<2) -#define CAN_IPC (1<<3) -#define AS_GUEST (1<<5) -#define USE_MUTEX (1<<7) +#define USE_MUTEX (1<<1) /* define a list of possible SMB messages and their corresponding @@ -195,18 +187,18 @@ static const struct smb_message_struct int flags; } smb_messages[256] = { -/* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE}, -/* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE}, -/* 0x02 */ { "SMBopen",reply_open,AS_USER }, +/* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER}, +/* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER}, +/* 0x02 */ { "SMBopen",reply_open,AS_USER}, /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER}, -/* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC }, +/* 0x04 */ { "SMBclose",reply_close,AS_USER}, /* 0x05 */ { "SMBflush",reply_flush,AS_USER}, -/* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE }, -/* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE }, +/* 0x06 */ { "SMBunlink",reply_unlink,AS_USER}, +/* 0x07 */ { "SMBmv",reply_mv,AS_USER}, /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER}, -/* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE}, +/* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER}, /* 0x0a */ { "SMBread",reply_read,AS_USER}, -/* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC }, +/* 0x0b */ { "SMBwrite",reply_write,AS_USER}, /* 0x0c */ { "SMBlock",reply_lock,AS_USER}, /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER}, /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER }, @@ -229,23 +221,23 @@ static const struct smb_message_struct /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER}, /* 0x20 */ { "SMBwritec",NULL,0}, /* 0x21 */ { NULL, NULL, 0 }, -/* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE }, -/* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER }, -/* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER }, -/* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC }, -/* 0x26 */ { "SMBtranss",NULL,AS_USER | CAN_IPC}, +/* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER}, +/* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER}, +/* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER}, +/* 0x25 */ { "SMBtrans",reply_trans,AS_USER}, +/* 0x26 */ { "SMBtranss",NULL,AS_USER}, /* 0x27 */ { "SMBioctl",reply_ioctl,0}, /* 0x28 */ { "SMBioctls",NULL,AS_USER}, -/* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE }, -/* 0x2a */ { "SMBmove",NULL,AS_USER | NEED_WRITE }, +/* 0x29 */ { "SMBcopy",reply_copy,AS_USER}, +/* 0x2a */ { "SMBmove",NULL,AS_USER}, /* 0x2b */ { "SMBecho",reply_echo,0}, /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER}, -/* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC }, -/* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC }, -/* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC }, +/* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER}, +/* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER}, +/* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER}, /* 0x30 */ { NULL, NULL, 0 }, /* 0x31 */ { NULL, NULL, 0 }, -/* 0x32 */ { "SMBtrans2", reply_trans2, AS_USER | CAN_IPC }, +/* 0x32 */ { "SMBtrans2", reply_trans2, AS_USER}, /* 0x33 */ { "SMBtranss2", reply_transs2, AS_USER}, /* 0x34 */ { "SMBfindclose", reply_findclose,AS_USER}, /* 0x35 */ { "SMBfindnclose", reply_findnclose, AS_USER}, @@ -355,9 +347,9 @@ static const struct smb_message_struct /* 0x9d */ { NULL, NULL, 0 }, /* 0x9e */ { NULL, NULL, 0 }, /* 0x9f */ { NULL, NULL, 0 }, -/* 0xa0 */ { "SMBnttrans", reply_nttrans, AS_USER | CAN_IPC }, -/* 0xa1 */ { "SMBnttranss", reply_nttranss, AS_USER | CAN_IPC }, -/* 0xa2 */ { "SMBntcreateX", reply_ntcreate_and_X, AS_USER | CAN_IPC }, +/* 0xa0 */ { "SMBnttrans", reply_nttrans, AS_USER}, +/* 0xa1 */ { "SMBnttranss", reply_nttranss, AS_USER}, +/* 0xa2 */ { "SMBntcreateX", reply_ntcreate_and_X, AS_USER}, /* 0xa3 */ { NULL, NULL, 0 }, /* 0xa4 */ { "SMBntcancel", reply_ntcancel, 0 }, /* 0xa5 */ { "SMBntrename", reply_ntrename, 0 }, @@ -403,14 +395,14 @@ static const struct smb_message_struct /* 0xcd */ { NULL, NULL, 0 }, /* 0xce */ { NULL, NULL, 0 }, /* 0xcf */ { NULL, NULL, 0 }, -/* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST}, -/* 0xd1 */ { "SMBsendb",NULL,AS_GUEST}, -/* 0xd2 */ { "SMBfwdname",NULL,AS_GUEST}, -/* 0xd3 */ { "SMBcancelf",NULL,AS_GUEST}, -/* 0xd4 */ { "SMBgetmac",NULL,AS_GUEST}, -/* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST}, -/* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST}, -/* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST}, +/* 0xd0 */ { "SMBsends",reply_sends,0}, +/* 0xd1 */ { "SMBsendb",NULL,0}, +/* 0xd2 */ { "SMBfwdname",NULL,0}, +/* 0xd3 */ { "SMBcancelf",NULL,0}, +/* 0xd4 */ { "SMBgetmac",NULL,0}, +/* 0xd5 */ { "SMBsendstrt",reply_sendstrt,0}, +/* 0xd6 */ { "SMBsendend",reply_sendend,0}, +/* 0xd7 */ { "SMBsendtxt",reply_sendtxt,0}, /* 0xd8 */ { NULL, NULL, 0 }, /* 0xd9 */ { NULL, NULL, 0 }, /* 0xda */ { NULL, NULL, 0 }, @@ -516,11 +508,6 @@ static void switch_message(int type, struct smbsrv_request *req) DEBUG(3,("switch message %s (task_id %d)\n",smb_fn_name(type), smb_conn->connection->service->model_ops->get_id(req))); - /* does this protocol need to be run as root? */ - if (!(flags & AS_USER)) { - change_to_root_user(); - } - /* does this protocol need a valid tree connection? */ if ((flags & AS_USER) && !req->tcon) { req_reply_error(req, NT_STATUS_INVALID_HANDLE); @@ -529,59 +516,12 @@ static void switch_message(int type, struct smbsrv_request *req) /* see if the vuid is valid */ if ((flags & AS_USER) && !req->session) { - if (!(flags & AS_GUEST)) { - req_reply_error(req, NT_STATUS_DOS(ERRSRV, ERRbaduid)); - return; - } - } - - /* does this protocol need to be run as the connected user? */ -#if HACK_REWRITE - if ((flags & AS_USER) && !change_to_user(req->tcon,session_tag)) { - if (!(flags & AS_GUEST)) { - req_reply_error(req, NT_STATUS_ACCESS_DENIED); - return; - } - - /* we'll run it as guest */ - flags &= ~AS_USER; - } -#endif - - /* this code is to work around a bug is MS client 3 without - introducing a security hole - it needs to be able to do - print queue checks as guest if it isn't logged in properly */ - if (flags & AS_USER) { - flags &= ~AS_GUEST; - } - - /* does it need write permission? */ - if ((flags & NEED_WRITE) && !CAN_WRITE(req->tcon)) { - req_reply_error(req, NT_STATUS_ACCESS_DENIED); - return; - } - - /* ipc services are limited */ - if (req->tcon && req->tcon->ntvfs_ctx->type == NTVFS_IPC && (flags & AS_USER) && !(flags & CAN_IPC)) { - req_reply_error(req, NT_STATUS_ACCESS_DENIED); - return; - } - - /* load service specific parameters */ - if (req->tcon && !set_current_service(req->tcon,(flags & AS_USER)?True:False)) { - req_reply_error(req, NT_STATUS_ACCESS_DENIED); + req_reply_error(req, NT_STATUS_DOS(ERRSRV, ERRbaduid)); return; } - - /* does this protocol need to be run as guest? */ -#if HACK_REWRITE - if ((flags & AS_GUEST) && - !change_to_guest()) { - req_reply_error(req, NT_STATUS_ACCESS_DENIED); - return; - } -#endif - /* THREAD TESTING: use mutex to serialize calls to critical functions with global state */ + + /* THREAD TESTING: use mutex to serialize calls to critical + functions with global state */ if (flags & USE_MUTEX) { MUTEX_LOCK_BY_ID(MUTEX_SMBD); } -- cgit