Context Navigation

source: vendor/3.6.9/source3/utils/net_usershare.c

Visit:

Last change on this file was 740, checked in by Silvan Scherrer, 13 years ago
Samba Server: update vendor to 3.6.0
File size: 28.7 KB

Line
1	/*
2	Samba Unix/Linux SMB client library
3	Distributed SMB/CIFS Server Management Utility
4
5	Copyright (C) Jeremy Allison (jra@samba.org) 2005
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 3 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program. If not, see <http://www.gnu.org/licenses/>.
19	*/
20
21	#include "includes.h"
22	#include "system/passwd.h"
23	#include "system/filesys.h"
24	#include "utils/net.h"
25	#include "../libcli/security/security.h"
26
27	struct {
28	const char *us_errstr;
29	enum usershare_err us_err;
30	} us_errs [] = {
31	{"",USERSHARE_OK},
32	{N_("Malformed usershare file"), USERSHARE_MALFORMED_FILE},
33	{N_("Bad version number"), USERSHARE_BAD_VERSION},
34	{N_("Malformed path entry"), USERSHARE_MALFORMED_PATH},
35	{N_("Malformed comment entryfile"), USERSHARE_MALFORMED_COMMENT_DEF},
36	{N_("Malformed acl definition"), USERSHARE_MALFORMED_ACL_DEF},
37	{N_("Acl parse error"), USERSHARE_ACL_ERR},
38	{N_("Path not absolute"), USERSHARE_PATH_NOT_ABSOLUTE},
39	{N_("Path is denied"), USERSHARE_PATH_IS_DENIED},
40	{N_("Path not allowed"), USERSHARE_PATH_NOT_ALLOWED},
41	{N_("Path is not a directory"), USERSHARE_PATH_NOT_DIRECTORY},
42	{N_("System error"), USERSHARE_POSIX_ERR},
43	{N_("Malformed sharename definition"), USERSHARE_MALFORMED_SHARENAME_DEF},
44	{N_("Bad sharename (doesn't match filename)"), USERSHARE_BAD_SHARENAME},
45	{NULL,(enum usershare_err)-1}
46	};
47
48	static const char *get_us_error_code(enum usershare_err us_err)
49	{
50	char *result;
51	int idx = 0;
52
53	while (us_errs[idx].us_errstr != NULL) {
54	if (us_errs[idx].us_err == us_err) {
55	return us_errs[idx].us_errstr;
56	}
57	idx++;
58	}
59
60	result = talloc_asprintf(talloc_tos(), _("Usershare error code (0x%x)"),
61	(unsigned int)us_err);
62	SMB_ASSERT(result != NULL);
63	return result;
64	}
65
66	/* The help subsystem for the USERSHARE subcommand */
67
68	static int net_usershare_add_usage(struct net_context c, int argc, const char *argv)
69	{
70	char chr = *lp_winbind_separator();
71	d_printf(_(
72	"net usershare add [-l\|--long] <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y\|n]>]\n"
73	"\tAdds the specified share name for this user.\n"
74	"\t<sharename> is the new share name.\n"
75	"\t<path> is the path on the filesystem to export.\n"
76	"\t<comment> is the optional comment for the new share.\n"
77	"\t<acl> is an optional share acl in the format \"DOMAIN%cname:X,DOMAIN%cname:X,....\"\n"
78	"\t<guest_ok=y> if present sets \"guest ok = yes\" on this usershare.\n"
79	"\t\t\"X\" represents a permission and can be any one of the characters f, r or d\n"
80	"\t\twhere \"f\" means full control, \"r\" means read-only, \"d\" means deny access.\n"
81	"\t\tname may be a domain user or group. For local users use the local server name "
82	"instead of \"DOMAIN\"\n"
83	"\t\tThe default acl is \"Everyone:r\" which allows everyone read-only access.\n"
84	"\tAdd -l or --long to print the info on the newly added share.\n"),
85	chr, chr );
86	return -1;
87	}
88
89	static int net_usershare_delete_usage(struct net_context c, int argc, const char *argv)
90	{
91	d_printf(_(
92	"net usershare delete <sharename>\n"
93	"\tdeletes the specified share name for this user.\n"));
94	return -1;
95	}
96
97	static int net_usershare_info_usage(struct net_context c, int argc, const char *argv)
98	{
99	d_printf(_(
100	"net usershare info [-l\|--long] [wildcard sharename]\n"
101	"\tPrints out the path, comment and acl elements of shares that match the wildcard.\n"
102	"\tBy default only gives info on shares owned by the current user\n"
103	"\tAdd -l or --long to apply this to all shares\n"
104	"\tOmit the sharename or use a wildcard of '*' to see all shares\n"));
105	return -1;
106	}
107
108	static int net_usershare_list_usage(struct net_context c, int argc, const char *argv)
109	{
110	d_printf(_(
111	"net usershare list [-l\|--long] [wildcard sharename]\n"
112	"\tLists the names of all shares that match the wildcard.\n"
113	"\tBy default only lists shares owned by the current user\n"
114	"\tAdd -l or --long to apply this to all shares\n"
115	"\tOmit the sharename or use a wildcard of '*' to see all shares\n"));
116	return -1;
117	}
118
119	int net_usershare_usage(struct net_context c, int argc, const char *argv)
120	{
121	d_printf(_("net usershare add <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y\|n]>] to "
122	"add or change a user defined share.\n"
123	"net usershare delete <sharename> to delete a user defined share.\n"
124	"net usershare info [-l\|--long] [wildcard sharename] to print info about a user defined share.\n"
125	"net usershare list [-l\|--long] [wildcard sharename] to list user defined shares.\n"
126	"net usershare help\n"
127	"\nType \"net usershare help <option>\" to get more information on that option\n\n"));
128
129	net_common_flags_usage(c, argc, argv);
130	return -1;
131	}
132
133	/***************************************************************************
134	***************************************************************************/
135
136	static char get_basepath(TALLOC_CTX ctx)
137	{
138	char *basepath = talloc_strdup(ctx, lp_usershare_path());
139
140	if (!basepath) {
141	return NULL;
142	}
143	if ((basepath[0] != '\0') && (basepath[strlen(basepath)-1] == '/')) {
144	basepath[strlen(basepath)-1] = '\0';
145	}
146	return basepath;
147	}
148
149	/***************************************************************************
150	Delete a single userlevel share.
151	***************************************************************************/
152
153	static int net_usershare_delete(struct net_context c, int argc, const char *argv)
154	{
155	char *us_path;
156	char *sharename;
157
158	if (argc != 1 \|\| c->display_usage) {
159	return net_usershare_delete_usage(c, argc, argv);
160	}
161
162	if ((sharename = strlower_talloc(talloc_tos(), argv[0])) == NULL) {
163	d_fprintf(stderr, _("strlower_talloc failed\n"));
164	return -1;
165	}
166
167	if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
168	d_fprintf(stderr, _("net usershare delete: share name %s contains "
169	"invalid characters (any of %s)\n"),
170	sharename, INVALID_SHARENAME_CHARS);
171	TALLOC_FREE(sharename);
172	return -1;
173	}
174
175	us_path = talloc_asprintf(talloc_tos(),
176	"%s/%s",
177	lp_usershare_path(),
178	sharename);
179	if (!us_path) {
180	TALLOC_FREE(sharename);
181	return -1;
182	}
183
184	if (unlink(us_path) != 0) {
185	d_fprintf(stderr, _("net usershare delete: unable to remove usershare %s. "
186	"Error was %s\n"),
187	us_path, strerror(errno));
188	TALLOC_FREE(sharename);
189	return -1;
190	}
191	TALLOC_FREE(sharename);
192	return 0;
193	}
194
195	/***************************************************************************
196	Data structures to handle a list of usershare files.
197	***************************************************************************/
198
199	struct file_list {
200	struct file_list next, prev;
201	const char *pathname;
202	};
203
204	static struct file_list *flist;
205
206	/***************************************************************************
207	***************************************************************************/
208
209	static int get_share_list(TALLOC_CTX ctx, const char wcard, bool only_ours)
210	{
211	SMB_STRUCT_DIR *dp;
212	SMB_STRUCT_DIRENT *de;
213	uid_t myuid = geteuid();
214	struct file_list *fl = NULL;
215	char *basepath = get_basepath(ctx);
216
217	if (!basepath) {
218	return -1;
219	}
220	dp = sys_opendir(basepath);
221	if (!dp) {
222	d_fprintf(stderr,
223	_("get_share_list: cannot open usershare directory %s. "
224	"Error %s\n"),
225	basepath, strerror(errno) );
226	return -1;
227	}
228
229	while((de = sys_readdir(dp)) != 0) {
230	SMB_STRUCT_STAT sbuf;
231	char *path;
232	const char *n = de->d_name;
233
234	/* Ignore . and .. */
235	if (*n == '.') {
236	if ((n[1] == '\0') \|\| (n[1] == '.' && n[2] == '\0')) {
237	continue;
238	}
239	}
240
241	if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
242	d_fprintf(stderr,
243	_("get_share_list: ignoring bad share "
244	"name %s\n"), n);
245	continue;
246	}
247	path = talloc_asprintf(ctx,
248	"%s/%s",
249	basepath,
250	n);
251	if (!path) {
252	sys_closedir(dp);
253	return -1;
254	}
255
256	if (sys_lstat(path, &sbuf, false) != 0) {
257	d_fprintf(stderr,
258	_("get_share_list: can't lstat file %s. Error "
259	"was %s\n"),
260	path, strerror(errno) );
261	continue;
262	}
263
264	if (!S_ISREG(sbuf.st_ex_mode)) {
265	d_fprintf(stderr,
266	_("get_share_list: file %s is not a regular "
267	"file. Ignoring.\n"),
268	path );
269	continue;
270	}
271
272	if (only_ours && sbuf.st_ex_uid != myuid) {
273	continue;
274	}
275
276	if (!unix_wild_match(wcard, n)) {
277	continue;
278	}
279
280	/* (Finally) - add to list. */
281	fl = TALLOC_P(ctx, struct file_list);
282	if (!fl) {
283	sys_closedir(dp);
284	return -1;
285	}
286	fl->pathname = talloc_strdup(ctx, n);
287	if (!fl->pathname) {
288	sys_closedir(dp);
289	return -1;
290	}
291
292	DLIST_ADD(flist, fl);
293	}
294
295	sys_closedir(dp);
296	return 0;
297	}
298
299	enum us_priv_op { US_LIST_OP, US_INFO_OP};
300
301	struct us_priv_info {
302	TALLOC_CTX *ctx;
303	enum us_priv_op op;
304	struct net_context *c;
305	};
306
307	/***************************************************************************
308	Call a function for every share on the list.
309	***************************************************************************/
310
311	static int process_share_list(int (fn)(struct file_list , void ), void priv)
312	{
313	struct file_list *fl;
314	int ret = 0;
315
316	for (fl = flist; fl; fl = fl->next) {
317	ret = (*fn)(fl, priv);
318	}
319
320	return ret;
321	}
322
323	/***************************************************************************
324	Info function.
325	***************************************************************************/
326
327	static int info_fn(struct file_list fl, void priv)
328	{
329	SMB_STRUCT_STAT sbuf;
330	char **lines = NULL;
331	struct us_priv_info pi = (struct us_priv_info )priv;
332	TALLOC_CTX *ctx = pi->ctx;
333	struct net_context *c = pi->c;
334	int fd = -1;
335	int numlines = 0;
336	struct security_descriptor *psd = NULL;
337	char *basepath;
338	char *sharepath = NULL;
339	char *comment = NULL;
340	char *cp_sharename = NULL;
341	char *acl_str;
342	int num_aces;
343	char sep_str[2];
344	enum usershare_err us_err;
345	bool guest_ok = false;
346
347	sep_str[0] = *lp_winbind_separator();
348	sep_str[1] = '\0';
349
350	basepath = get_basepath(ctx);
351	if (!basepath) {
352	return -1;
353	}
354	basepath = talloc_asprintf_append(basepath,
355	"/%s",
356	fl->pathname);
357	if (!basepath) {
358	return -1;
359	}
360
361	#ifdef O_NOFOLLOW
362	fd = sys_open(basepath, O_RDONLY\|O_NOFOLLOW, 0);
363	#else
364	fd = sys_open(basepath, O_RDONLY, 0);
365	#endif
366
367	if (fd == -1) {
368	d_fprintf(stderr, _("info_fn: unable to open %s. %s\n"),
369	basepath, strerror(errno) );
370	return -1;
371	}
372
373	/* Paranoia... */
374	if (sys_fstat(fd, &sbuf, false) != 0) {
375	d_fprintf(stderr,
376	_("info_fn: can't fstat file %s. Error was %s\n"),
377	basepath, strerror(errno) );
378	close(fd);
379	return -1;
380	}
381
382	if (!S_ISREG(sbuf.st_ex_mode)) {
383	d_fprintf(stderr,
384	_("info_fn: file %s is not a regular file. Ignoring.\n"),
385	basepath );
386	close(fd);
387	return -1;
388	}
389
390	lines = fd_lines_load(fd, &numlines, 10240, NULL);
391	close(fd);
392
393	if (lines == NULL) {
394	return -1;
395	}
396
397	/* Ensure it's well formed. */
398	us_err = parse_usershare_file(ctx, &sbuf, fl->pathname, -1, lines, numlines,
399	&sharepath,
400	&comment,
401	&cp_sharename,
402	&psd,
403	&guest_ok);
404
405	TALLOC_FREE(lines);
406
407	if (us_err != USERSHARE_OK) {
408	d_fprintf(stderr,
409	_("info_fn: file %s is not a well formed usershare "
410	"file.\n"),
411	basepath );
412	d_fprintf(stderr, _("info_fn: Error was %s.\n"),
413	get_us_error_code(us_err) );
414	return -1;
415	}
416
417	acl_str = talloc_strdup(ctx, "usershare_acl=");
418	if (!acl_str) {
419	return -1;
420	}
421
422	for (num_aces = 0; num_aces < psd->dacl->num_aces; num_aces++) {
423	const char *domain;
424	const char *name;
425	NTSTATUS ntstatus;
426
427	ntstatus = net_lookup_name_from_sid(c, ctx,
428	&psd->dacl->aces[num_aces].trustee,
429	&domain, &name);
430
431	if (NT_STATUS_IS_OK(ntstatus)) {
432	if (domain && *domain) {
433	acl_str = talloc_asprintf_append(acl_str,
434	"%s%s",
435	domain,
436	sep_str);
437	if (!acl_str) {
438	return -1;
439	}
440	}
441	acl_str = talloc_asprintf_append(acl_str,
442	"%s",
443	name);
444	if (!acl_str) {
445	return -1;
446	}
447
448	} else {
449	fstring sidstr;
450	sid_to_fstring(sidstr,
451	&psd->dacl->aces[num_aces].trustee);
452	acl_str = talloc_asprintf_append(acl_str,
453	"%s",
454	sidstr);
455	if (!acl_str) {
456	return -1;
457	}
458	}
459	acl_str = talloc_asprintf_append(acl_str, ":");
460	if (!acl_str) {
461	return -1;
462	}
463
464	if (psd->dacl->aces[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) {
465	acl_str = talloc_asprintf_append(acl_str, "D,");
466	if (!acl_str) {
467	return -1;
468	}
469	} else {
470	if (psd->dacl->aces[num_aces].access_mask & GENERIC_ALL_ACCESS) {
471	acl_str = talloc_asprintf_append(acl_str, "F,");
472	} else {
473	acl_str = talloc_asprintf_append(acl_str, "R,");
474	}
475	if (!acl_str) {
476	return -1;
477	}
478	}
479	}
480
481	/* NOTE: This is smb.conf-like output. Do not translate. */
482	if (pi->op == US_INFO_OP) {
483	d_printf("[%s]\n", cp_sharename );
484	d_printf("path=%s\n", sharepath );
485	d_printf("comment=%s\n", comment);
486	d_printf("%s\n", acl_str);
487	d_printf("guest_ok=%c\n\n", guest_ok ? 'y' : 'n');
488	} else if (pi->op == US_LIST_OP) {
489	d_printf("%s\n", cp_sharename);
490	}
491
492	return 0;
493	}
494
495	/***************************************************************************
496	Print out info (internal detail) on userlevel shares.
497	***************************************************************************/
498
499	static int net_usershare_info(struct net_context c, int argc, const char *argv)
500	{
501	fstring wcard;
502	bool only_ours = true;
503	int ret = -1;
504	struct us_priv_info pi;
505	TALLOC_CTX *ctx;
506
507	fstrcpy(wcard, "*");
508
509	if (c->display_usage)
510	return net_usershare_info_usage(c, argc, argv);
511
512	if (c->opt_long_list_entries) {
513	only_ours = false;
514	}
515
516	switch (argc) {
517	case 0:
518	break;
519	case 1:
520	fstrcpy(wcard, argv[0]);
521	break;
522	default:
523	return net_usershare_info_usage(c, argc, argv);
524	}
525
526	strlower_m(wcard);
527
528	ctx = talloc_init("share_info");
529	ret = get_share_list(ctx, wcard, only_ours);
530	if (ret) {
531	return ret;
532	}
533
534	pi.ctx = ctx;
535	pi.op = US_INFO_OP;
536	pi.c = c;
537
538	ret = process_share_list(info_fn, &pi);
539	talloc_destroy(ctx);
540	return ret;
541	}
542
543	/***************************************************************************
544	Count the current total number of usershares.
545	***************************************************************************/
546
547	static int count_num_usershares(void)
548	{
549	SMB_STRUCT_DIR *dp;
550	SMB_STRUCT_DIRENT *de;
551	int num_usershares = 0;
552	TALLOC_CTX *ctx = talloc_tos();
553	char *basepath = get_basepath(ctx);
554
555	if (!basepath) {
556	return -1;
557	}
558
559	dp = sys_opendir(basepath);
560	if (!dp) {
561	d_fprintf(stderr,
562	_("count_num_usershares: cannot open usershare "
563	"directory %s. Error %s\n"),
564	basepath, strerror(errno) );
565	return -1;
566	}
567
568	while((de = sys_readdir(dp)) != 0) {
569	SMB_STRUCT_STAT sbuf;
570	char *path;
571	const char *n = de->d_name;
572
573	/* Ignore . and .. */
574	if (*n == '.') {
575	if ((n[1] == '\0') \|\| (n[1] == '.' && n[2] == '\0')) {
576	continue;
577	}
578	}
579
580	if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
581	d_fprintf(stderr,
582	_("count_num_usershares: ignoring bad share "
583	"name %s\n"), n);
584	continue;
585	}
586	path = talloc_asprintf(ctx,
587	"%s/%s",
588	basepath,
589	n);
590	if (!path) {
591	sys_closedir(dp);
592	return -1;
593	}
594
595	if (sys_lstat(path, &sbuf, false) != 0) {
596	d_fprintf(stderr,
597	_("count_num_usershares: can't lstat file %s. "
598	"Error was %s\n"),
599	path, strerror(errno) );
600	continue;
601	}
602
603	if (!S_ISREG(sbuf.st_ex_mode)) {
604	d_fprintf(stderr,
605	_("count_num_usershares: file %s is not a "
606	"regular file. Ignoring.\n"),
607	path );
608	continue;
609	}
610	num_usershares++;
611	}
612
613	sys_closedir(dp);
614	return num_usershares;
615	}
616
617	/***************************************************************************
618	Add a single userlevel share.
619	***************************************************************************/
620
621	static int net_usershare_add(struct net_context c, int argc, const char *argv)
622	{
623	TALLOC_CTX *ctx = talloc_stackframe();
624	SMB_STRUCT_STAT sbuf;
625	SMB_STRUCT_STAT lsbuf;
626	char *sharename;
627	const char *cp_sharename;
628	char *full_path;
629	char *full_path_tmp;
630	const char *us_path;
631	const char *us_comment;
632	const char *arg_acl;
633	char *us_acl;
634	char *file_img;
635	int num_aces = 0;
636	int i;
637	int tmpfd;
638	const char *pacl;
639	size_t to_write;
640	uid_t myeuid = geteuid();
641	bool guest_ok = false;
642	int num_usershares;
643
644	us_comment = "";
645	arg_acl = "S-1-1-0:R";
646
647	if (c->display_usage)
648	return net_usershare_add_usage(c, argc, argv);
649
650	switch (argc) {
651	case 0:
652	case 1:
653	default:
654	return net_usershare_add_usage(c, argc, argv);
655	case 2:
656	cp_sharename = argv[0];
657	sharename = strlower_talloc(ctx, argv[0]);
658	us_path = argv[1];
659	break;
660	case 3:
661	cp_sharename = argv[0];
662	sharename = strlower_talloc(ctx, argv[0]);
663	us_path = argv[1];
664	us_comment = argv[2];
665	break;
666	case 4:
667	cp_sharename = argv[0];
668	sharename = strlower_talloc(ctx, argv[0]);
669	us_path = argv[1];
670	us_comment = argv[2];
671	arg_acl = argv[3];
672	break;
673	case 5:
674	cp_sharename = argv[0];
675	sharename = strlower_talloc(ctx, argv[0]);
676	us_path = argv[1];
677	us_comment = argv[2];
678	arg_acl = argv[3];
679	if (strlen(arg_acl) == 0) {
680	arg_acl = "S-1-1-0:R";
681	}
682	if (!strnequal(argv[4], "guest_ok=", 9)) {
683	TALLOC_FREE(ctx);
684	return net_usershare_add_usage(c, argc, argv);
685	}
686	switch (argv[4][9]) {
687	case 'y':
688	case 'Y':
689	guest_ok = true;
690	break;
691	case 'n':
692	case 'N':
693	guest_ok = false;
694	break;
695	default:
696	TALLOC_FREE(ctx);
697	return net_usershare_add_usage(c, argc, argv);
698	}
699	break;
700	}
701
702	/* Ensure we're under the "usershare max shares" number. Advisory only. */
703	num_usershares = count_num_usershares();
704	if (num_usershares >= lp_usershare_max_shares()) {
705	d_fprintf(stderr,
706	_("net usershare add: maximum number of allowed "
707	"usershares (%d) reached\n"),
708	lp_usershare_max_shares() );
709	TALLOC_FREE(ctx);
710	return -1;
711	}
712
713	if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
714	d_fprintf(stderr, _("net usershare add: share name %s contains "
715	"invalid characters (any of %s)\n"),
716	sharename, INVALID_SHARENAME_CHARS);
717	TALLOC_FREE(ctx);
718	return -1;
719	}
720
721	/* Disallow shares the same as users. */
722	if (getpwnam(sharename)) {
723	d_fprintf(stderr,
724	_("net usershare add: share name %s is already a valid "
725	"system user name\n"),
726	sharename );
727	TALLOC_FREE(ctx);
728	return -1;
729	}
730
731	/* Construct the full path for the usershare file. */
732	full_path = get_basepath(ctx);
733	if (!full_path) {
734	TALLOC_FREE(ctx);
735	return -1;
736	}
737	full_path_tmp = talloc_asprintf(ctx,
738	"%s/:tmpXXXXXX",
739	full_path);
740	if (!full_path_tmp) {
741	TALLOC_FREE(ctx);
742	return -1;
743	}
744
745	full_path = talloc_asprintf_append(full_path,
746	"/%s",
747	sharename);
748	if (!full_path) {
749	TALLOC_FREE(ctx);
750	return -1;
751	}
752
753	/* The path must be absolute. */
754	if (us_path[0] != '/') {
755	d_fprintf(stderr,
756	_("net usershare add: path %s is not an absolute "
757	"path.\n"),
758	us_path);
759	TALLOC_FREE(ctx);
760	return -1;
761	}
762
763	/* Check the directory to be shared exists. */
764	if (sys_stat(us_path, &sbuf, false) != 0) {
765	d_fprintf(stderr,
766	_("net usershare add: cannot stat path %s to ensure "
767	"this is a directory. Error was %s\n"),
768	us_path, strerror(errno) );
769	TALLOC_FREE(ctx);
770	return -1;
771	}
772
773	if (!S_ISDIR(sbuf.st_ex_mode)) {
774	d_fprintf(stderr,
775	_("net usershare add: path %s is not a directory.\n"),
776	us_path );
777	TALLOC_FREE(ctx);
778	return -1;
779	}
780
781	/* If we're not root, check if we're restricted to sharing out directories
782	that we own only. */
783
784	if ((myeuid != 0) && lp_usershare_owner_only() && (myeuid != sbuf.st_ex_uid)) {
785	d_fprintf(stderr, _("net usershare add: cannot share path %s as "
786	"we are restricted to only sharing directories we own.\n"
787	"\tAsk the administrator to add the line \"usershare owner only = false\" \n"
788	"\tto the [global] section of the smb.conf to allow this.\n"),
789	us_path );
790	TALLOC_FREE(ctx);
791	return -1;
792	}
793
794	/* No validation needed on comment. Now go through and validate the
795	acl string. Convert names to SID's as needed. Then run it through
796	parse_usershare_acl to ensure it's valid. */
797
798	/* Start off the string we'll append to. */
799	us_acl = talloc_strdup(ctx, "");
800	if (!us_acl) {
801	TALLOC_FREE(ctx);
802	return -1;
803	}
804
805	pacl = arg_acl;
806	num_aces = 1;
807
808	/* Add the number of ',' characters to get the number of aces. */
809	num_aces += count_chars(pacl,',');
810
811	for (i = 0; i < num_aces; i++) {
812	struct dom_sid sid;
813	const char *pcolon = strchr_m(pacl, ':');
814	const char *name;
815
816	if (pcolon == NULL) {
817	d_fprintf(stderr,
818	_("net usershare add: malformed acl %s "
819	"(missing ':').\n"),
820	pacl );
821	TALLOC_FREE(ctx);
822	return -1;
823	}
824
825	switch(pcolon[1]) {
826	case 'f':
827	case 'F':
828	case 'd':
829	case 'r':
830	case 'R':
831	break;
832	default:
833	d_fprintf(stderr,
834	_("net usershare add: malformed acl %s "
835	"(access control must be 'r', 'f', "
836	"or 'd')\n"),
837	pacl );
838	TALLOC_FREE(ctx);
839	return -1;
840	}
841
842	if (pcolon[2] != ',' && pcolon[2] != '\0') {
843	d_fprintf(stderr,
844	_("net usershare add: malformed terminating "
845	"character for acl %s\n"),
846	pacl );
847	TALLOC_FREE(ctx);
848	return -1;
849	}
850
851	/* Get the name */
852	if ((name = talloc_strndup(ctx, pacl, pcolon - pacl)) == NULL) {
853	d_fprintf(stderr, _("talloc_strndup failed\n"));
854	TALLOC_FREE(ctx);
855	return -1;
856	}
857	if (!string_to_sid(&sid, name)) {
858	/* Convert to a SID */
859	NTSTATUS ntstatus = net_lookup_sid_from_name(c, ctx, name, &sid);
860	if (!NT_STATUS_IS_OK(ntstatus)) {
861	d_fprintf(stderr,
862	_("net usershare add: cannot convert "
863	"name \"%s\" to a SID. %s."),
864	name, get_friendly_nt_error_msg(ntstatus) );
865	if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_CONNECTION_REFUSED)) {
866	d_fprintf(stderr,
867	_(" Maybe smbd is not running.\n"));
868	} else {
869	d_fprintf(stderr, "\n");
870	}
871	TALLOC_FREE(ctx);
872	return -1;
873	}
874	}
875	us_acl = talloc_asprintf_append(
876	us_acl, "%s:%c,", sid_string_tos(&sid), pcolon[1]);
877
878	/* Move to the next ACL entry. */
879	if (pcolon[2] == ',') {
880	pacl = &pcolon[3];
881	}
882	}
883
884	/* Remove the last ',' */
885	us_acl[strlen(us_acl)-1] = '\0';
886
887	if (guest_ok && !lp_usershare_allow_guests()) {
888	d_fprintf(stderr, _("net usershare add: guest_ok=y requested "
889	"but the \"usershare allow guests\" parameter is not "
890	"enabled by this server.\n"));
891	TALLOC_FREE(ctx);
892	return -1;
893	}
894
895	/* Create a temporary filename for this share. */
896	tmpfd = mkstemp(full_path_tmp);
897
898	if (tmpfd == -1) {
899	d_fprintf(stderr,
900	_("net usershare add: cannot create tmp file %s\n"),
901	full_path_tmp );
902	TALLOC_FREE(ctx);
903	return -1;
904	}
905
906	/* Ensure we opened the file we thought we did. */
907	if (sys_lstat(full_path_tmp, &lsbuf, false) != 0) {
908	d_fprintf(stderr,
909	_("net usershare add: cannot lstat tmp file %s\n"),
910	full_path_tmp );
911	TALLOC_FREE(ctx);
912	close(tmpfd);
913	return -1;
914	}
915
916	/* Check this is the same as the file we opened. */
917	if (sys_fstat(tmpfd, &sbuf, false) != 0) {
918	d_fprintf(stderr,
919	_("net usershare add: cannot fstat tmp file %s\n"),
920	full_path_tmp );
921	TALLOC_FREE(ctx);
922	close(tmpfd);
923	return -1;
924	}
925
926	if (!S_ISREG(sbuf.st_ex_mode) \|\| sbuf.st_ex_dev != lsbuf.st_ex_dev \|\| sbuf.st_ex_ino != lsbuf.st_ex_ino) {
927	d_fprintf(stderr,
928	_("net usershare add: tmp file %s is not a regular "
929	"file ?\n"),
930	full_path_tmp );
931	TALLOC_FREE(ctx);
932	close(tmpfd);
933	return -1;
934	}
935
936	if (fchmod(tmpfd, 0644) == -1) {
937	d_fprintf(stderr,
938	_("net usershare add: failed to fchmod tmp file %s "
939	"to 0644n"),
940	full_path_tmp );
941	TALLOC_FREE(ctx);
942	close(tmpfd);
943	return -1;
944	}
945
946	/* Create the in-memory image of the file. */
947	file_img = talloc_strdup(ctx, "#VERSION 2\npath=");
948	file_img = talloc_asprintf_append(file_img,
949	"%s\ncomment=%s\nusershare_acl=%s\n"
950	"guest_ok=%c\nsharename=%s\n",
951	us_path,
952	us_comment,
953	us_acl,
954	guest_ok ? 'y' : 'n',
955	cp_sharename);
956
957	to_write = strlen(file_img);
958
959	if (write(tmpfd, file_img, to_write) != to_write) {
960	d_fprintf(stderr,
961	_("net usershare add: failed to write %u bytes to "
962	"file %s. Error was %s\n"),
963	(unsigned int)to_write, full_path_tmp, strerror(errno));
964	unlink(full_path_tmp);
965	TALLOC_FREE(ctx);
966	close(tmpfd);
967	return -1;
968	}
969
970	/* Attempt to replace any existing share by this name. */
971	if (rename(full_path_tmp, full_path) != 0) {
972	unlink(full_path_tmp);
973	d_fprintf(stderr,
974	_("net usershare add: failed to add share %s. Error "
975	"was %s\n"),
976	sharename, strerror(errno));
977	TALLOC_FREE(ctx);
978	close(tmpfd);
979	return -1;
980	}
981
982	close(tmpfd);
983
984	if (c->opt_long_list_entries) {
985	const char *my_argv[2];
986	my_argv[0] = sharename;
987	my_argv[1] = NULL;
988	net_usershare_info(c, 1, my_argv);
989	}
990
991	TALLOC_FREE(ctx);
992	return 0;
993	}
994
995	#if 0
996	/***************************************************************************
997	List function.
998	***************************************************************************/
999
1000	static int list_fn(struct file_list fl, void priv)
1001	{
1002	d_printf("%s\n", fl->pathname);
1003	return 0;
1004	}
1005	#endif
1006
1007	/***************************************************************************
1008	List userlevel shares.
1009	***************************************************************************/
1010
1011	static int net_usershare_list(struct net_context *c, int argc,
1012	const char **argv)
1013	{
1014	fstring wcard;
1015	bool only_ours = true;
1016	int ret = -1;
1017	struct us_priv_info pi;
1018	TALLOC_CTX *ctx;
1019
1020	fstrcpy(wcard, "*");
1021
1022	if (c->display_usage)
1023	return net_usershare_list_usage(c, argc, argv);
1024
1025	if (c->opt_long_list_entries) {
1026	only_ours = false;
1027	}
1028
1029	switch (argc) {
1030	case 0:
1031	break;
1032	case 1:
1033	fstrcpy(wcard, argv[0]);
1034	break;
1035	default:
1036	return net_usershare_list_usage(c, argc, argv);
1037	}
1038
1039	strlower_m(wcard);
1040
1041	ctx = talloc_init("share_list");
1042	ret = get_share_list(ctx, wcard, only_ours);
1043	if (ret) {
1044	return ret;
1045	}
1046
1047	pi.ctx = ctx;
1048	pi.op = US_LIST_OP;
1049	pi.c = c;
1050
1051	ret = process_share_list(info_fn, &pi);
1052	talloc_destroy(ctx);
1053	return ret;
1054	}
1055
1056	/***************************************************************************
1057	Entry-point for all the USERSHARE functions.
1058	***************************************************************************/
1059
1060	int net_usershare(struct net_context c, int argc, const char *argv)
1061	{
1062	SMB_STRUCT_DIR *dp;
1063
1064	struct functable func[] = {
1065	{
1066	"add",
1067	net_usershare_add,
1068	NET_TRANSPORT_LOCAL,
1069	N_("Add/modify user defined share"),
1070	N_("net usershare add\n"
1071	" Add/modify user defined share")
1072	},
1073	{
1074	"delete",
1075	net_usershare_delete,
1076	NET_TRANSPORT_LOCAL,
1077	N_("Delete user defined share"),
1078	N_("net usershare delete\n"
1079	" Delete user defined share")
1080	},
1081	{
1082	"info",
1083	net_usershare_info,
1084	NET_TRANSPORT_LOCAL,
1085	N_("Display information about a user defined share"),
1086	N_("net usershare info\n"
1087	" Display information about a user defined share")
1088	},
1089	{
1090	"list",
1091	net_usershare_list,
1092	NET_TRANSPORT_LOCAL,
1093	N_("List user defined shares"),
1094	N_("net usershare list\n"
1095	" List user defined shares")
1096	},
1097	{NULL, NULL, 0, NULL, NULL}
1098	};
1099
1100	if (lp_usershare_max_shares() == 0) {
1101	d_fprintf(stderr,
1102	_("net usershare: usershares are currently "
1103	"disabled\n"));
1104	return -1;
1105	}
1106
1107	dp = sys_opendir(lp_usershare_path());
1108	if (!dp) {
1109	int err = errno;
1110	d_fprintf(stderr,
1111	_("net usershare: cannot open usershare directory %s. "
1112	"Error %s\n"),
1113	lp_usershare_path(), strerror(err) );
1114	if (err == EACCES) {
1115	d_fprintf(stderr,
1116	_("You do not have permission to create a "
1117	"usershare. Ask your administrator to grant "
1118	"you permissions to create a share.\n"));
1119	} else if (err == ENOENT) {
1120	d_fprintf(stderr,
1121	_("Please ask your system administrator to "
1122	"enable user sharing.\n"));
1123	}
1124	return -1;
1125	}
1126	sys_closedir(dp);
1127
1128	return net_run_function(c, argc, argv, "net usershare", func);
1129	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: