source: branches/samba-3.3.x/source/smbd/service.c@ 285

Last change on this file since 285 was 281, checked in by Silvan Scherrer, 16 years ago

fix to prevent sharing of the complete drive
File size: 37.3 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 service (connection) opening and closing
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18*/
19
20#include "includes.h"
21
22extern userdom_struct current_user_info;
23
24static bool canonicalize_connect_path(connection_struct *conn)
25{
26#ifdef REALPATH_TAKES_NULL
27 bool ret;
28 char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath,NULL);
29 if (!resolved_name) {
30 return false;
31 }
32 ret = set_conn_connectpath(conn,resolved_name);
33 SAFE_FREE(resolved_name);
34 return ret;
35#else
36 char resolved_name_buf[PATH_MAX+1];
37 char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath,resolved_name_buf);
38 if (!resolved_name) {
39 return false;
40 }
41 return set_conn_connectpath(conn,resolved_name);
42#endif /* REALPATH_TAKES_NULL */
43}
44
45/****************************************************************************
46 Ensure when setting connectpath it is a canonicalized (no ./ // or ../)
47 absolute path stating in / and not ending in /.
48 Observent people will notice a similarity between this and check_path_syntax :-).
49****************************************************************************/
50
51bool set_conn_connectpath(connection_struct *conn, const char *connectpath)
52{
53 char *destname;
54 char *d;
55 const char *s = connectpath;
56 bool start_of_name_component = true;
57
58 destname = SMB_STRDUP(connectpath);
59 if (!destname) {
60 return false;
61 }
62 d = destname;
63
64#ifndef __OS2__
65 *d++ = '/'; /* Always start with root. */
66
67 while (*s) {
68 if (*s == '/') {
69 /* Eat multiple '/' */
70 while (*s == '/') {
71 s++;
72 }
73 if ((d > destname + 1) && (*s != '\0')) {
74 *d++ = '/';
75 }
76 start_of_name_component = True;
77 continue;
78 }
79
80 if (start_of_name_component) {
81 if ((s[0] == '.') && (s[1] == '.') && (s[2] == '/' || s[2] == '\0')) {
82 /* Uh oh - "/../" or "/..\0" ! */
83
84 /* Go past the ../ or .. */
85 if (s[2] == '/') {
86 s += 3;
87 } else {
88 s += 2; /* Go past the .. */
89 }
90
91 /* If we just added a '/' - delete it */
92 if ((d > destname) && (*(d-1) == '/')) {
93 *(d-1) = '\0';
94 d--;
95 }
96
97 /* Are we at the start ? Can't go back further if so. */
98 if (d <= destname) {
99 *d++ = '/'; /* Can't delete root */
100 continue;
101 }
102 /* Go back one level... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > destname; d--) {
105 if (*d == '/') {
106 break;
107 }
108 }
109 /* We're still at the start of a name component, just the previous one. */
110 continue;
111 } else if ((s[0] == '.') && ((s[1] == '\0') || s[1] == '/')) {
112 /* Component of pathname can't be "." only - skip the '.' . */
113 if (s[1] == '/') {
114 s += 2;
115 } else {
116 s++;
117 }
118 continue;
119 }
120 }
121
122 if (!(*s & 0x80)) {
123 *d++ = *s++;
124 } else {
125 size_t siz;
126 /* Get the size of the next MB character. */
127 next_codepoint(s,&siz);
128 switch(siz) {
129 case 5:
130 *d++ = *s++;
131 /*fall through*/
132 case 4:
133 *d++ = *s++;
134 /*fall through*/
135 case 3:
136 *d++ = *s++;
137 /*fall through*/
138 case 2:
139 *d++ = *s++;
140 /*fall through*/
141 case 1:
142 *d++ = *s++;
143 break;
144 default:
145 break;
146 }
147 }
148 start_of_name_component = false;
149 }
150 *d = '\0';
151
152 /* And must not end in '/' */
153 if (d > destname + 1 && (*(d-1) == '/')) {
154 *(d-1) = '\0';
155 }
156#else
157 /* Assume OS/2 users are smart enough to put a correct path in smb.conf, and simply copy the string */
158 safe_strcpy(destname, connectpath, strlen(connectpath));
159#endif
160
161 DEBUG(10,("set_conn_connectpath: service %s, connectpath = %s\n",
162 lp_servicename(SNUM(conn)), destname ));
163 string_set(&conn->connectpath, destname);
164 SAFE_FREE(destname);
165 return true;
166}
167
168/****************************************************************************
169 Load parameters specific to a connection/service.
170****************************************************************************/
171
172bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir)
173{
174 static connection_struct *last_conn;
175 static uint16 last_flags;
176 int snum;
177
178 if (!conn) {
179 last_conn = NULL;
180 return(False);
181 }
182
183 conn->lastused_count++;
184
185 snum = SNUM(conn);
186
187 if (do_chdir &&
188 vfs_ChDir(conn,conn->connectpath) != 0 &&
189 vfs_ChDir(conn,conn->origpath) != 0) {
190 DEBUG(0,("chdir (%s) failed\n",
191 conn->connectpath));
192 return(False);
193 }
194
195 if ((conn == last_conn) && (last_flags == flags)) {
196 return(True);
197 }
198
199 last_conn = conn;
200 last_flags = flags;
201
202 /* Obey the client case sensitivity requests - only for clients that support it. */
203 switch (lp_casesensitive(snum)) {
204 case Auto:
205 {
206 /* We need this uglyness due to DOS/Win9x clients that lie about case insensitivity. */
207 enum remote_arch_types ra_type = get_remote_arch();
208 if ((ra_type != RA_SAMBA) && (ra_type != RA_CIFSFS)) {
209 /* Client can't support per-packet case sensitive pathnames. */
210 conn->case_sensitive = False;
211 } else {
212 conn->case_sensitive = !(flags & FLAG_CASELESS_PATHNAMES);
213 }
214 }
215 break;
216 case True:
217 conn->case_sensitive = True;
218 break;
219 default:
220 conn->case_sensitive = False;
221 break;
222 }
223 return(True);
224}
225
226static int load_registry_service(const char *servicename)
227{
228 struct registry_key *key;
229 char *path;
230 WERROR err;
231
232 uint32 i;
233 char *value_name;
234 struct registry_value *value;
235
236 int res = -1;
237
238 if (!lp_registry_shares()) {
239 return -1;
240 }
241
242 if ((servicename == NULL) || (*servicename == '\0')) {
243 return -1;
244 }
245
246 if (strequal(servicename, GLOBAL_NAME)) {
247 return -2;
248 }
249
250 if (asprintf(&path, "%s\\%s", KEY_SMBCONF, servicename) == -1) {
251 return -1;
252 }
253
254 err = reg_open_path(NULL, path, REG_KEY_READ, get_root_nt_token(),
255 &key);
256 SAFE_FREE(path);
257
258 if (!W_ERROR_IS_OK(err)) {
259 return -1;
260 }
261
262 res = lp_add_service(servicename, -1);
263 if (res == -1) {
264 goto error;
265 }
266
267 for (i=0;
268 W_ERROR_IS_OK(reg_enumvalue(key, key, i, &value_name, &value));
269 i++) {
270 switch (value->type) {
271 case REG_DWORD: {
272 char *tmp;
273 if (asprintf(&tmp, "%d", value->v.dword) == -1) {
274 continue;
275 }
276 lp_do_parameter(res, value_name, tmp);
277 SAFE_FREE(tmp);
278 break;
279 }
280 case REG_SZ: {
281 lp_do_parameter(res, value_name, value->v.sz.str);
282 break;
283 }
284 default:
285 /* Ignore all the rest */
286 break;
287 }
288
289 TALLOC_FREE(value_name);
290 TALLOC_FREE(value);
291 }
292
293 if (!service_ok(res)) {
294 res = -1;
295 }
296
297 error:
298
299 TALLOC_FREE(key);
300 return res;
301}
302
303void load_registry_shares(void)
304{
305 struct registry_key *key;
306 char *name;
307 WERROR err;
308 int i;
309
310 DEBUG(8, ("load_registry_shares()\n"));
311 if (!lp_registry_shares()) {
312 return;
313 }
314
315 err = reg_open_path(NULL, KEY_SMBCONF, REG_KEY_READ,
316 get_root_nt_token(), &key);
317 if (!(W_ERROR_IS_OK(err))) {
318 return;
319 }
320
321 for (i=0; W_ERROR_IS_OK(reg_enumkey(key, key, i, &name, NULL)); i++) {
322 load_registry_service(name);
323 TALLOC_FREE(name);
324 }
325
326 TALLOC_FREE(key);
327 return;
328}
329
330/****************************************************************************
331 Add a home service. Returns the new service number or -1 if fail.
332****************************************************************************/
333
334int add_home_service(const char *service, const char *username, const char *homedir)
335{
336 int iHomeService;
337
338 if (!service || !homedir)
339 return -1;
340
341 if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) {
342 if ((iHomeService = load_registry_service(HOMES_NAME)) < 0) {
343 return -1;
344 }
345 }
346
347 /*
348 * If this is a winbindd provided username, remove
349 * the domain component before adding the service.
350 * Log a warning if the "path=" parameter does not
351 * include any macros.
352 */
353
354 {
355 const char *p = strchr(service,*lp_winbind_separator());
356
357 /* We only want the 'user' part of the string */
358 if (p) {
359 service = p + 1;
360 }
361 }
362
363 if (!lp_add_home(service, iHomeService, username, homedir)) {
364 return -1;
365 }
366
367 return lp_servicenumber(service);
368
369}
370
371/**
372 * Find a service entry.
373 *
374 * @param service is modified (to canonical form??)
375 **/
376
377int find_service(fstring service)
378{
379 int iService;
380
381 all_string_sub(service,"\\","/",0);
382
383 iService = lp_servicenumber(service);
384
385 /* now handle the special case of a home directory */
386 if (iService < 0) {
387 char *phome_dir = get_user_home_dir(talloc_tos(), service);
388
389 if(!phome_dir) {
390 /*
391 * Try mapping the servicename, it may
392 * be a Windows to unix mapped user name.
393 */
394 if(map_username(service))
395 phome_dir = get_user_home_dir(
396 talloc_tos(), service);
397 }
398
399 DEBUG(3,("checking for home directory %s gave %s\n",service,
400 phome_dir?phome_dir:"(NULL)"));
401
402 iService = add_home_service(service,service /* 'username' */, phome_dir);
403 }
404
405 /* If we still don't have a service, attempt to add it as a printer. */
406 if (iService < 0) {
407 int iPrinterService;
408
409 if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) < 0) {
410 iPrinterService = load_registry_service(PRINTERS_NAME);
411 }
412 if (iPrinterService) {
413 DEBUG(3,("checking whether %s is a valid printer name...\n", service));
414 if (pcap_printername_ok(service)) {
415 DEBUG(3,("%s is a valid printer name\n", service));
416 DEBUG(3,("adding %s as a printer service\n", service));
417 lp_add_printer(service, iPrinterService);
418 iService = lp_servicenumber(service);
419 if (iService < 0) {
420 DEBUG(0,("failed to add %s as a printer service!\n", service));
421 }
422 } else {
423 DEBUG(3,("%s is not a valid printer name\n", service));
424 }
425 }
426 }
427
428 /* Check for default vfs service? Unsure whether to implement this */
429 if (iService < 0) {
430 }
431
432 if (iService < 0) {
433 iService = load_registry_service(service);
434 }
435
436 /* Is it a usershare service ? */
437 if (iService < 0 && *lp_usershare_path()) {
438 /* Ensure the name is canonicalized. */
439 strlower_m(service);
440 iService = load_usershare_service(service);
441 }
442
443 /* just possibly it's a default service? */
444 if (iService < 0) {
445 char *pdefservice = lp_defaultservice();
446 if (pdefservice && *pdefservice && !strequal(pdefservice,service) && !strstr_m(service,"..")) {
447 /*
448 * We need to do a local copy here as lp_defaultservice()
449 * returns one of the rotating lp_string buffers that
450 * could get overwritten by the recursive find_service() call
451 * below. Fix from Josef Hinteregger <joehtg@joehtg.co.at>.
452 */
453 char *defservice = SMB_STRDUP(pdefservice);
454
455 if (!defservice) {
456 goto fail;
457 }
458
459 /* Disallow anything except explicit share names. */
460 if (strequal(defservice,HOMES_NAME) ||
461 strequal(defservice, PRINTERS_NAME) ||
462 strequal(defservice, "IPC$")) {
463 SAFE_FREE(defservice);
464 goto fail;
465 }
466
467 iService = find_service(defservice);
468 if (iService >= 0) {
469 all_string_sub(service, "_","/",0);
470 iService = lp_add_service(service, iService);
471 }
472 SAFE_FREE(defservice);
473 }
474 }
475
476 if (iService >= 0) {
477 if (!VALID_SNUM(iService)) {
478 DEBUG(0,("Invalid snum %d for %s\n",iService, service));
479 iService = -1;
480 }
481 }
482
483 fail:
484
485 if (iService < 0)
486 DEBUG(3,("find_service() failed to find service %s\n", service));
487
488 return (iService);
489}
490
491
492/****************************************************************************
493 do some basic sainity checks on the share.
494 This function modifies dev, ecode.
495****************************************************************************/
496
497static NTSTATUS share_sanity_checks(int snum, fstring dev)
498{
499
500 if (!lp_snum_ok(snum) ||
501 !check_access(smbd_server_fd(),
502 lp_hostsallow(snum), lp_hostsdeny(snum))) {
503 return NT_STATUS_ACCESS_DENIED;
504 }
505
506 if (dev[0] == '?' || !dev[0]) {
507 if (lp_print_ok(snum)) {
508 fstrcpy(dev,"LPT1:");
509 } else if (strequal(lp_fstype(snum), "IPC")) {
510 fstrcpy(dev, "IPC");
511 } else {
512 fstrcpy(dev,"A:");
513 }
514 }
515
516 strupper_m(dev);
517
518 if (lp_print_ok(snum)) {
519 if (!strequal(dev, "LPT1:")) {
520 return NT_STATUS_BAD_DEVICE_TYPE;
521 }
522 } else if (strequal(lp_fstype(snum), "IPC")) {
523 if (!strequal(dev, "IPC")) {
524 return NT_STATUS_BAD_DEVICE_TYPE;
525 }
526 } else if (!strequal(dev, "A:")) {
527 return NT_STATUS_BAD_DEVICE_TYPE;
528 }
529
530 /* Behave as a printer if we are supposed to */
531 if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) {
532 fstrcpy(dev, "LPT1:");
533 }
534
535 return NT_STATUS_OK;
536}
537
538/*
539 * Go through lookup_name etc to find the force'd group.
540 *
541 * Create a new token from src_token, replacing the primary group sid with the
542 * one found.
543 */
544
545static NTSTATUS find_forced_group(bool force_user,
546 int snum, const char *username,
547 DOM_SID *pgroup_sid,
548 gid_t *pgid)
549{
550 NTSTATUS result = NT_STATUS_NO_SUCH_GROUP;
551 TALLOC_CTX *frame = talloc_stackframe();
552 DOM_SID group_sid;
553 enum lsa_SidType type;
554 char *groupname;
555 bool user_must_be_member = False;
556 gid_t gid;
557
558 groupname = talloc_strdup(talloc_tos(), lp_force_group(snum));
559 if (groupname == NULL) {
560 DEBUG(1, ("talloc_strdup failed\n"));
561 result = NT_STATUS_NO_MEMORY;
562 goto done;
563 }
564
565 if (groupname[0] == '+') {
566 user_must_be_member = True;
567 groupname += 1;
568 }
569
570 groupname = talloc_string_sub(talloc_tos(), groupname,
571 "%S", lp_servicename(snum));
572 if (groupname == NULL) {
573 DEBUG(1, ("talloc_string_sub failed\n"));
574 result = NT_STATUS_NO_MEMORY;
575 goto done;
576 }
577
578 if (!lookup_name_smbconf(talloc_tos(), groupname,
579 LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
580 NULL, NULL, &group_sid, &type)) {
581 DEBUG(10, ("lookup_name_smbconf(%s) failed\n",
582 groupname));
583 goto done;
584 }
585
586 if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
587 (type != SID_NAME_WKN_GRP)) {
588 DEBUG(10, ("%s is a %s, not a group\n", groupname,
589 sid_type_lookup(type)));
590 goto done;
591 }
592
593 if (!sid_to_gid(&group_sid, &gid)) {
594 DEBUG(10, ("sid_to_gid(%s) for %s failed\n",
595 sid_string_dbg(&group_sid), groupname));
596 goto done;
597 }
598
599 /*
600 * If the user has been forced and the forced group starts with a '+',
601 * then we only set the group to be the forced group if the forced
602 * user is a member of that group. Otherwise, the meaning of the '+'
603 * would be ignored.
604 */
605
606 if (force_user && user_must_be_member) {
607 if (user_in_group_sid(username, &group_sid)) {
608 sid_copy(pgroup_sid, &group_sid);
609 *pgid = gid;
610 DEBUG(3,("Forced group %s for member %s\n",
611 groupname, username));
612 } else {
613 DEBUG(0,("find_forced_group: forced user %s is not a member "
614 "of forced group %s. Disallowing access.\n",
615 username, groupname ));
616 result = NT_STATUS_MEMBER_NOT_IN_GROUP;
617 goto done;
618 }
619 } else {
620 sid_copy(pgroup_sid, &group_sid);
621 *pgid = gid;
622 DEBUG(3,("Forced group %s\n", groupname));
623 }
624
625 result = NT_STATUS_OK;
626 done:
627 TALLOC_FREE(frame);
628 return result;
629}
630
631/****************************************************************************
632 Create an auth_serversupplied_info structure for a connection_struct
633****************************************************************************/
634
635static NTSTATUS create_connection_server_info(TALLOC_CTX *mem_ctx, int snum,
636 struct auth_serversupplied_info *vuid_serverinfo,
637 DATA_BLOB password,
638 struct auth_serversupplied_info **presult)
639{
640 if (lp_guest_only(snum)) {
641 return make_server_info_guest(mem_ctx, presult);
642 }
643
644 if (vuid_serverinfo != NULL) {
645
646 struct auth_serversupplied_info *result;
647
648 /*
649 * This is the normal security != share case where we have a
650 * valid vuid from the session setup. */
651
652 if (vuid_serverinfo->guest) {
653 if (!lp_guest_ok(snum)) {
654 DEBUG(2, ("guest user (from session setup) "
655 "not permitted to access this share "
656 "(%s)\n", lp_servicename(snum)));
657 return NT_STATUS_ACCESS_DENIED;
658 }
659 } else {
660 if (!user_ok_token(vuid_serverinfo->unix_name,
661 pdb_get_domain(vuid_serverinfo->sam_account),
662 vuid_serverinfo->ptok, snum)) {
663 DEBUG(2, ("user '%s' (from session setup) not "
664 "permitted to access this share "
665 "(%s)\n",
666 vuid_serverinfo->unix_name,
667 lp_servicename(snum)));
668 return NT_STATUS_ACCESS_DENIED;
669 }
670 }
671
672 result = copy_serverinfo(mem_ctx, vuid_serverinfo);
673 if (result == NULL) {
674 return NT_STATUS_NO_MEMORY;
675 }
676
677 *presult = result;
678 return NT_STATUS_OK;
679 }
680
681 if (lp_security() == SEC_SHARE) {
682
683 fstring user;
684 bool guest;
685
686 /* add the sharename as a possible user name if we
687 are in share mode security */
688
689 add_session_user(lp_servicename(snum));
690
691 /* shall we let them in? */
692
693 if (!authorise_login(snum,user,password,&guest)) {
694 DEBUG( 2, ( "Invalid username/password for [%s]\n",
695 lp_servicename(snum)) );
696 return NT_STATUS_WRONG_PASSWORD;
697 }
698
699 return make_serverinfo_from_username(mem_ctx, user, guest,
700 presult);
701 }
702
703 DEBUG(0, ("invalid VUID (vuser) but not in security=share\n"));
704 return NT_STATUS_ACCESS_DENIED;
705}
706
707
708/****************************************************************************
709 Make a connection, given the snum to connect to, and the vuser of the
710 connecting user if appropriate.
711****************************************************************************/
712
713static connection_struct *make_connection_snum(int snum, user_struct *vuser,
714 DATA_BLOB password,
715 const char *pdev,
716 NTSTATUS *pstatus)
717{
718 connection_struct *conn;
719 SMB_STRUCT_STAT st;
720 fstring dev;
721 int ret;
722 char addr[INET6_ADDRSTRLEN];
723 bool on_err_call_dis_hook = false;
724 NTSTATUS status;
725
726 fstrcpy(dev, pdev);
727 SET_STAT_INVALID(st);
728
729 if (NT_STATUS_IS_ERR(*pstatus = share_sanity_checks(snum, dev))) {
730 return NULL;
731 }
732
733 conn = conn_new();
734 if (!conn) {
735 DEBUG(0,("Couldn't find free connection.\n"));
736 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES;
737 return NULL;
738 }
739
740 conn->params->service = snum;
741
742 status = create_connection_server_info(
743 conn, snum, vuser ? vuser->server_info : NULL, password,
744 &conn->server_info);
745
746 if (!NT_STATUS_IS_OK(status)) {
747 DEBUG(1, ("create_connection_server_info failed: %s\n",
748 nt_errstr(status)));
749 *pstatus = status;
750 conn_free(conn);
751 return NULL;
752 }
753
754 if ((lp_guest_only(snum)) || (lp_security() == SEC_SHARE)) {
755 conn->force_user = true;
756 }
757
758 add_session_user(conn->server_info->unix_name);
759
760 safe_strcpy(conn->client_address,
761 client_addr(get_client_fd(),addr,sizeof(addr)),
762 sizeof(conn->client_address)-1);
763 conn->num_files_open = 0;
764 conn->lastused = conn->lastused_count = time(NULL);
765 conn->used = True;
766 conn->printer = (strncmp(dev,"LPT",3) == 0);
767 conn->ipc = ( (strncmp(dev,"IPC",3) == 0) ||
768 ( lp_enable_asu_support() && strequal(dev,"ADMIN$")) );
769 conn->dirptr = NULL;
770
771 /* Case options for the share. */
772 if (lp_casesensitive(snum) == Auto) {
773 /* We will be setting this per packet. Set to be case
774 * insensitive for now. */
775 conn->case_sensitive = False;
776 } else {
777 conn->case_sensitive = (bool)lp_casesensitive(snum);
778 }
779
780 conn->case_preserve = lp_preservecase(snum);
781 conn->short_case_preserve = lp_shortpreservecase(snum);
782
783 conn->encrypt_level = lp_smb_encrypt(snum);
784
785 conn->veto_list = NULL;
786 conn->hide_list = NULL;
787 conn->veto_oplock_list = NULL;
788 conn->aio_write_behind_list = NULL;
789 string_set(&conn->dirpath,"");
790
791 conn->read_only = lp_readonly(SNUM(conn));
792 conn->admin_user = False;
793
794 if (*lp_force_user(snum)) {
795
796 /*
797 * Replace conn->server_info with a completely faked up one
798 * from the username we are forced into :-)
799 */
800
801 char *fuser;
802 struct auth_serversupplied_info *forced_serverinfo;
803
804 fuser = talloc_string_sub(conn, lp_force_user(snum), "%S",
805 lp_servicename(snum));
806 if (fuser == NULL) {
807 conn_free(conn);
808 *pstatus = NT_STATUS_NO_MEMORY;
809 return NULL;
810 }
811
812 status = make_serverinfo_from_username(
813 conn, fuser, conn->server_info->guest,
814 &forced_serverinfo);
815 if (!NT_STATUS_IS_OK(status)) {
816 conn_free(conn);
817 *pstatus = status;
818 return NULL;
819 }
820
821 TALLOC_FREE(conn->server_info);
822 conn->server_info = forced_serverinfo;
823
824 conn->force_user = True;
825 DEBUG(3,("Forced user %s\n", fuser));
826 }
827
828 /*
829 * If force group is true, then override
830 * any groupid stored for the connecting user.
831 */
832
833 if (*lp_force_group(snum)) {
834
835 status = find_forced_group(
836 conn->force_user, snum, conn->server_info->unix_name,
837 &conn->server_info->ptok->user_sids[1],
838 &conn->server_info->utok.gid);
839
840 if (!NT_STATUS_IS_OK(status)) {
841 conn_free(conn);
842 *pstatus = status;
843 return NULL;
844 }
845
846 /*
847 * We need to cache this gid, to use within
848 * change_to_user() separately from the conn->server_info
849 * struct. We only use conn->server_info directly if
850 * "force_user" was set.
851 */
852 conn->force_group_gid = conn->server_info->utok.gid;
853 }
854
855 conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID;
856
857 {
858 char *s = talloc_sub_advanced(talloc_tos(),
859 lp_servicename(SNUM(conn)),
860 conn->server_info->unix_name,
861 conn->connectpath,
862 conn->server_info->utok.gid,
863 conn->server_info->sanitized_username,
864 pdb_get_domain(conn->server_info->sam_account),
865 lp_pathname(snum));
866 if (!s) {
867 conn_free(conn);
868 *pstatus = NT_STATUS_NO_MEMORY;
869 return NULL;
870 }
871
872 if (!set_conn_connectpath(conn,s)) {
873 TALLOC_FREE(s);
874 conn_free(conn);
875 *pstatus = NT_STATUS_NO_MEMORY;
876 return NULL;
877 }
878 DEBUG(3,("Connect path is '%s' for service [%s]\n",s,
879 lp_servicename(snum)));
880 TALLOC_FREE(s);
881 }
882
883 /*
884 * New code to check if there's a share security descripter
885 * added from NT server manager. This is done after the
886 * smb.conf checks are done as we need a uid and token. JRA.
887 *
888 */
889
890 {
891 bool can_write = False;
892
893 can_write = share_access_check(conn->server_info->ptok,
894 lp_servicename(snum),
895 FILE_WRITE_DATA);
896
897 if (!can_write) {
898 if (!share_access_check(conn->server_info->ptok,
899 lp_servicename(snum),
900 FILE_READ_DATA)) {
901 /* No access, read or write. */
902 DEBUG(0,("make_connection: connection to %s "
903 "denied due to security "
904 "descriptor.\n",
905 lp_servicename(snum)));
906 conn_free(conn);
907 *pstatus = NT_STATUS_ACCESS_DENIED;
908 return NULL;
909 } else {
910 conn->read_only = True;
911 }
912 }
913 }
914 /* Initialise VFS function pointers */
915
916 if (!smbd_vfs_init(conn)) {
917 DEBUG(0, ("vfs_init failed for service %s\n",
918 lp_servicename(snum)));
919 conn_free(conn);
920 *pstatus = NT_STATUS_BAD_NETWORK_NAME;
921 return NULL;
922 }
923
924 /*
925 * If widelinks are disallowed we need to canonicalise the connect
926 * path here to ensure we don't have any symlinks in the
927 * connectpath. We will be checking all paths on this connection are
928 * below this directory. We must do this after the VFS init as we
929 * depend on the realpath() pointer in the vfs table. JRA.
930 */
931 if (!lp_widelinks(snum)) {
932 if (!canonicalize_connect_path(conn)) {
933 DEBUG(0, ("canonicalize_connect_path failed "
934 "for service %s, path %s\n",
935 lp_servicename(snum),
936 conn->connectpath));
937 conn_free(conn);
938 *pstatus = NT_STATUS_BAD_NETWORK_NAME;
939 return NULL;
940 }
941 }
942
943 if ((!conn->printer) && (!conn->ipc)) {
944 conn->notify_ctx = notify_init(conn, server_id_self(),
945 smbd_messaging_context(),
946 smbd_event_context(),
947 conn);
948 }
949
950/* ROOT Activities: */
951 /*
952 * Enforce the max connections parameter.
953 */
954
955 if ((lp_max_connections(snum) > 0)
956 && (count_current_connections(lp_servicename(SNUM(conn)), True) >=
957 lp_max_connections(snum))) {
958
959 DEBUG(1, ("Max connections (%d) exceeded for %s\n",
960 lp_max_connections(snum), lp_servicename(snum)));
961 conn_free(conn);
962 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES;
963 return NULL;
964 }
965
966 /*
967 * Get us an entry in the connections db
968 */
969 if (!claim_connection(conn, lp_servicename(snum), 0)) {
970 DEBUG(1, ("Could not store connections entry\n"));
971 conn_free(conn);
972 *pstatus = NT_STATUS_INTERNAL_DB_ERROR;
973 return NULL;
974 }
975
976 /* Preexecs are done here as they might make the dir we are to ChDir
977 * to below */
978 /* execute any "root preexec = " line */
979 if (*lp_rootpreexec(snum)) {
980 char *cmd = talloc_sub_advanced(talloc_tos(),
981 lp_servicename(SNUM(conn)),
982 conn->server_info->unix_name,
983 conn->connectpath,
984 conn->server_info->utok.gid,
985 conn->server_info->sanitized_username,
986 pdb_get_domain(conn->server_info->sam_account),
987 lp_rootpreexec(snum));
988 DEBUG(5,("cmd=%s\n",cmd));
989 ret = smbrun(cmd,NULL);
990 TALLOC_FREE(cmd);
991 if (ret != 0 && lp_rootpreexec_close(snum)) {
992 DEBUG(1,("root preexec gave %d - failing "
993 "connection\n", ret));
994 yield_connection(conn, lp_servicename(snum));
995 conn_free(conn);
996 *pstatus = NT_STATUS_ACCESS_DENIED;
997 return NULL;
998 }
999 }
1000
1001/* USER Activites: */
1002 if (!change_to_user(conn, conn->vuid)) {
1003 /* No point continuing if they fail the basic checks */
1004 DEBUG(0,("Can't become connected user!\n"));
1005 yield_connection(conn, lp_servicename(snum));
1006 conn_free(conn);
1007 *pstatus = NT_STATUS_LOGON_FAILURE;
1008 return NULL;
1009 }
1010
1011 /* Remember that a different vuid can connect later without these
1012 * checks... */
1013
1014 /* Preexecs are done here as they might make the dir we are to ChDir
1015 * to below */
1016
1017 /* execute any "preexec = " line */
1018 if (*lp_preexec(snum)) {
1019 char *cmd = talloc_sub_advanced(talloc_tos(),
1020 lp_servicename(SNUM(conn)),
1021 conn->server_info->unix_name,
1022 conn->connectpath,
1023 conn->server_info->utok.gid,
1024 conn->server_info->sanitized_username,
1025 pdb_get_domain(conn->server_info->sam_account),
1026 lp_preexec(snum));
1027 ret = smbrun(cmd,NULL);
1028 TALLOC_FREE(cmd);
1029 if (ret != 0 && lp_preexec_close(snum)) {
1030 DEBUG(1,("preexec gave %d - failing connection\n",
1031 ret));
1032 *pstatus = NT_STATUS_ACCESS_DENIED;
1033 goto err_root_exit;
1034 }
1035 }
1036
1037#ifdef WITH_FAKE_KASERVER
1038 if (lp_afs_share(snum)) {
1039 afs_login(conn);
1040 }
1041#endif
1042
1043 /* Add veto/hide lists */
1044 if (!IS_IPC(conn) && !IS_PRINT(conn)) {
1045 set_namearray( &conn->veto_list, lp_veto_files(snum));
1046 set_namearray( &conn->hide_list, lp_hide_files(snum));
1047 set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(snum));
1048 set_namearray( &conn->aio_write_behind_list,
1049 lp_aio_write_behind(snum));
1050 }
1051
1052 /* Invoke VFS make connection hook - do this before the VFS_STAT call
1053 to allow any filesystems needing user credentials to initialize
1054 themselves. */
1055
1056 if (SMB_VFS_CONNECT(conn, lp_servicename(snum),
1057 conn->server_info->unix_name) < 0) {
1058 DEBUG(0,("make_connection: VFS make connection failed!\n"));
1059 *pstatus = NT_STATUS_UNSUCCESSFUL;
1060 goto err_root_exit;
1061 }
1062
1063 /* Any error exit after here needs to call the disconnect hook. */
1064 on_err_call_dis_hook = true;
1065
1066 /* win2000 does not check the permissions on the directory
1067 during the tree connect, instead relying on permission
1068 check during individual operations. To match this behaviour
1069 I have disabled this chdir check (tridge) */
1070 /* the alternative is just to check the directory exists */
1071 if ((ret = SMB_VFS_STAT(conn, conn->connectpath, &st)) != 0 ||
1072 !S_ISDIR(st.st_mode)) {
1073 if (ret == 0 && !S_ISDIR(st.st_mode)) {
1074 DEBUG(0,("'%s' is not a directory, when connecting to "
1075 "[%s]\n", conn->connectpath,
1076 lp_servicename(snum)));
1077 } else {
1078 DEBUG(0,("'%s' does not exist or permission denied "
1079 "when connecting to [%s] Error was %s\n",
1080 conn->connectpath, lp_servicename(snum),
1081 strerror(errno) ));
1082 }
1083 *pstatus = NT_STATUS_BAD_NETWORK_NAME;
1084 goto err_root_exit;
1085 }
1086
1087 string_set(&conn->origpath,conn->connectpath);
1088
1089#if SOFTLINK_OPTIMISATION
1090 /* resolve any soft links early if possible */
1091 if (vfs_ChDir(conn,conn->connectpath) == 0) {
1092 TALLOC_CTX *ctx = talloc_tos();
1093 char *s = vfs_GetWd(ctx,s);
1094 if (!s) {
1095 *status = map_nt_error_from_unix(errno);
1096 goto err_root_exit;
1097 }
1098 if (!set_conn_connectpath(conn,s)) {
1099 *status = NT_STATUS_NO_MEMORY;
1100 goto err_root_exit;
1101 }
1102 vfs_ChDir(conn,conn->connectpath);
1103 }
1104#endif
1105
1106 /* Figure out the characteristics of the underlying filesystem. This
1107 * assumes that all the filesystem mounted withing a share path have
1108 * the same characteristics, which is likely but not guaranteed.
1109 */
1110
1111 conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn);
1112
1113 /*
1114 * Print out the 'connected as' stuff here as we need
1115 * to know the effective uid and gid we will be using
1116 * (at least initially).
1117 */
1118
1119 if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) {
1120 dbgtext( "%s (%s) ", get_remote_machine_name(),
1121 conn->client_address );
1122 dbgtext( "%s", srv_is_signing_active() ? "signed " : "");
1123 dbgtext( "connect to service %s ", lp_servicename(snum) );
1124 dbgtext( "initially as user %s ",
1125 conn->server_info->unix_name );
1126 dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() );
1127 dbgtext( "(pid %d)\n", (int)sys_getpid() );
1128 }
1129
1130 /* we've finished with the user stuff - go back to root */
1131 change_to_root_user();
1132 return(conn);
1133
1134 err_root_exit:
1135
1136 change_to_root_user();
1137 if (on_err_call_dis_hook) {
1138 /* Call VFS disconnect hook */
1139 SMB_VFS_DISCONNECT(conn);
1140 }
1141 yield_connection(conn, lp_servicename(snum));
1142 conn_free(conn);
1143 return NULL;
1144}
1145
1146/***************************************************************************************
1147 Simple wrapper function for make_connection() to include a call to
1148 vfs_chdir()
1149 **************************************************************************************/
1150
1151connection_struct *make_connection_with_chdir(const char *service_in,
1152 DATA_BLOB password,
1153 const char *dev, uint16 vuid,
1154 NTSTATUS *status)
1155{
1156 connection_struct *conn = NULL;
1157
1158 conn = make_connection(service_in, password, dev, vuid, status);
1159
1160 /*
1161 * make_connection() does not change the directory for us any more
1162 * so we have to do it as a separate step --jerry
1163 */
1164
1165 if ( conn && vfs_ChDir(conn,conn->connectpath) != 0 ) {
1166 DEBUG(0,("make_connection_with_chdir: Can't change "
1167 "directory to %s for [print$] (%s)\n",
1168 conn->connectpath,strerror(errno)));
1169 yield_connection(conn, lp_servicename(SNUM(conn)));
1170 conn_free(conn);
1171 *status = NT_STATUS_UNSUCCESSFUL;
1172 return NULL;
1173 }
1174
1175 return conn;
1176}
1177
1178/****************************************************************************
1179 Make a connection to a service.
1180 *
1181 * @param service
1182****************************************************************************/
1183
1184connection_struct *make_connection(const char *service_in, DATA_BLOB password,
1185 const char *pdev, uint16 vuid,
1186 NTSTATUS *status)
1187{
1188 uid_t euid;
1189 user_struct *vuser = NULL;
1190 fstring service;
1191 fstring dev;
1192 int snum = -1;
1193 char addr[INET6_ADDRSTRLEN];
1194
1195 fstrcpy(dev, pdev);
1196
1197 /* This must ONLY BE CALLED AS ROOT. As it exits this function as
1198 * root. */
1199 if (!non_root_mode() && (euid = geteuid()) != 0) {
1200 DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot "
1201 "(%u)\n", (unsigned int)euid ));
1202 smb_panic("make_connection: PANIC ERROR. Called as nonroot\n");
1203 }
1204
1205 if (conn_num_open() > 2047) {
1206 *status = NT_STATUS_INSUFF_SERVER_RESOURCES;
1207 return NULL;
1208 }
1209
1210 if(lp_security() != SEC_SHARE) {
1211 vuser = get_valid_user_struct(vuid);
1212 if (!vuser) {
1213 DEBUG(1,("make_connection: refusing to connect with "
1214 "no session setup\n"));
1215 *status = NT_STATUS_ACCESS_DENIED;
1216 return NULL;
1217 }
1218 }
1219
1220 /* Logic to try and connect to the correct [homes] share, preferably
1221 without too many getpwnam() lookups. This is particulary nasty for
1222 winbind usernames, where the share name isn't the same as unix
1223 username.
1224
1225 The snum of the homes share is stored on the vuser at session setup
1226 time.
1227 */
1228
1229 if (strequal(service_in,HOMES_NAME)) {
1230 if(lp_security() != SEC_SHARE) {
1231 DATA_BLOB no_pw = data_blob_null;
1232 if (vuser->homes_snum == -1) {
1233 DEBUG(2, ("[homes] share not available for "
1234 "this user because it was not found "
1235 "or created at session setup "
1236 "time\n"));
1237 *status = NT_STATUS_BAD_NETWORK_NAME;
1238 return NULL;
1239 }
1240 DEBUG(5, ("making a connection to [homes] service "
1241 "created at session setup time\n"));
1242 return make_connection_snum(vuser->homes_snum,
1243 vuser, no_pw,
1244 dev, status);
1245 } else {
1246 /* Security = share. Try with
1247 * current_user_info.smb_name as the username. */
1248 if (*current_user_info.smb_name) {
1249 fstring unix_username;
1250 fstrcpy(unix_username,
1251 current_user_info.smb_name);
1252 map_username(unix_username);
1253 snum = find_service(unix_username);
1254 }
1255 if (snum != -1) {
1256 DEBUG(5, ("making a connection to 'homes' "
1257 "service %s based on "
1258 "security=share\n", service_in));
1259 return make_connection_snum(snum, NULL,
1260 password,
1261 dev, status);
1262 }
1263 }
1264 } else if ((lp_security() != SEC_SHARE) && (vuser->homes_snum != -1)
1265 && strequal(service_in,
1266 lp_servicename(vuser->homes_snum))) {
1267 DATA_BLOB no_pw = data_blob_null;
1268 DEBUG(5, ("making a connection to 'homes' service [%s] "
1269 "created at session setup time\n", service_in));
1270 return make_connection_snum(vuser->homes_snum,
1271 vuser, no_pw,
1272 dev, status);
1273 }
1274
1275 fstrcpy(service, service_in);
1276
1277 strlower_m(service);
1278
1279 snum = find_service(service);
1280
1281 if (snum < 0) {
1282 if (strequal(service,"IPC$") ||
1283 (lp_enable_asu_support() && strequal(service,"ADMIN$"))) {
1284 DEBUG(3,("refusing IPC connection to %s\n", service));
1285 *status = NT_STATUS_ACCESS_DENIED;
1286 return NULL;
1287 }
1288
1289 DEBUG(0,("%s (%s) couldn't find service %s\n",
1290 get_remote_machine_name(),
1291 client_addr(get_client_fd(),addr,sizeof(addr)),
1292 service));
1293 *status = NT_STATUS_BAD_NETWORK_NAME;
1294 return NULL;
1295 }
1296
1297 /* Handle non-Dfs clients attempting connections to msdfs proxy */
1298 if (lp_host_msdfs() && (*lp_msdfs_proxy(snum) != '\0')) {
1299 DEBUG(3, ("refusing connection to dfs proxy share '%s' "
1300 "(pointing to %s)\n",
1301 service, lp_msdfs_proxy(snum)));
1302 *status = NT_STATUS_BAD_NETWORK_NAME;
1303 return NULL;
1304 }
1305
1306 DEBUG(5, ("making a connection to 'normal' service %s\n", service));
1307
1308 return make_connection_snum(snum, vuser,
1309 password,
1310 dev, status);
1311}
1312
1313/****************************************************************************
1314 Close a cnum.
1315****************************************************************************/
1316
1317void close_cnum(connection_struct *conn, uint16 vuid)
1318{
1319 if (IS_IPC(conn)) {
1320 pipe_close_conn(conn);
1321 } else {
1322 file_close_conn(conn);
1323 dptr_closecnum(conn);
1324 }
1325
1326 change_to_root_user();
1327
1328 DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n",
1329 get_remote_machine_name(),
1330 conn->client_address,
1331 lp_servicename(SNUM(conn))));
1332
1333 /* Call VFS disconnect hook */
1334 SMB_VFS_DISCONNECT(conn);
1335
1336 yield_connection(conn, lp_servicename(SNUM(conn)));
1337
1338 /* make sure we leave the directory available for unmount */
1339 vfs_ChDir(conn, "/");
1340
1341 /* execute any "postexec = " line */
1342 if (*lp_postexec(SNUM(conn)) &&
1343 change_to_user(conn, vuid)) {
1344 char *cmd = talloc_sub_advanced(talloc_tos(),
1345 lp_servicename(SNUM(conn)),
1346 conn->server_info->unix_name,
1347 conn->connectpath,
1348 conn->server_info->utok.gid,
1349 conn->server_info->sanitized_username,
1350 pdb_get_domain(conn->server_info->sam_account),
1351 lp_postexec(SNUM(conn)));
1352 smbrun(cmd,NULL);
1353 TALLOC_FREE(cmd);
1354 change_to_root_user();
1355 }
1356
1357 change_to_root_user();
1358 /* execute any "root postexec = " line */
1359 if (*lp_rootpostexec(SNUM(conn))) {
1360 char *cmd = talloc_sub_advanced(talloc_tos(),
1361 lp_servicename(SNUM(conn)),
1362 conn->server_info->unix_name,
1363 conn->connectpath,
1364 conn->server_info->utok.gid,
1365 conn->server_info->sanitized_username,
1366 pdb_get_domain(conn->server_info->sam_account),
1367 lp_rootpostexec(SNUM(conn)));
1368 smbrun(cmd,NULL);
1369 TALLOC_FREE(cmd);
1370 }
1371
1372 conn_free(conn);
1373}
Note: See TracBrowser for help on using the repository browser.