Changeset 740 for vendor/current/source3/smbd/service.c
- Timestamp:
- Nov 14, 2012, 12:59:34 PM (13 years ago)
- File:
-
- 1 edited
-
vendor/current/source3/smbd/service.c (modified) (48 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/smbd/service.c
r478 r740 3 3 service (connection) opening and closing 4 4 Copyright (C) Andrew Tridgell 1992-1998 5 5 6 6 This program is free software; you can redistribute it and/or modify 7 7 it under the terms of the GNU General Public License as published by 8 8 the Free Software Foundation; either version 3 of the License, or 9 9 (at your option) any later version. 10 10 11 11 This program is distributed in the hope that it will be useful, 12 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 14 GNU General Public License for more details. 15 15 16 16 You should have received a copy of the GNU General Public License 17 17 along with this program. If not, see <http://www.gnu.org/licenses/>. … … 19 19 20 20 #include "includes.h" 21 #include "system/filesys.h" 22 #include "../lib/tsocket/tsocket.h" 23 #include "smbd/smbd.h" 21 24 #include "smbd/globals.h" 25 #include "../librpc/gen_ndr/netlogon.h" 26 #include "../libcli/security/security.h" 27 #include "printing/pcap.h" 28 #include "passdb/lookup_sid.h" 29 #include "auth.h" 22 30 23 31 extern userdom_struct current_user_info; … … 25 33 static bool canonicalize_connect_path(connection_struct *conn) 26 34 { 27 #ifdef REALPATH_TAKES_NULL28 35 bool ret; 29 char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath ,NULL);36 char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath); 30 37 if (!resolved_name) { 31 38 return false; … … 34 41 SAFE_FREE(resolved_name); 35 42 return ret; 36 #else37 char resolved_name_buf[PATH_MAX+1];38 char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath,resolved_name_buf);39 if (!resolved_name) {40 return false;41 }42 return set_conn_connectpath(conn,resolved_name);43 #endif /* REALPATH_TAKES_NULL */44 43 } 45 44 … … 62 61 63 62 /* Allocate for strlen + '\0' + possible leading '/' */ 64 destname = SMB_MALLOC(strlen(connectpath) + 2);63 destname = (char *)SMB_MALLOC(strlen(connectpath) + 2); 65 64 if (!destname) { 66 65 return false; … … 184 183 185 184 snum = SNUM(conn); 186 185 187 186 if (do_chdir && 188 187 vfs_ChDir(conn,conn->connectpath) != 0 && … … 199 198 last_conn = conn; 200 199 last_flags = flags; 201 200 202 201 /* Obey the client case sensitivity requests - only for clients that support it. */ 203 202 switch (lp_casesensitive(snum)) { … … 293 292 return -1; 294 293 } 295 294 296 295 return lp_servicenumber(service); 297 296 … … 304 303 **/ 305 304 306 int find_service( fstring service)305 int find_service(TALLOC_CTX *ctx, const char *service_in, char **p_service_out) 307 306 { 308 307 int iService; 309 struct smbd_server_connection *sconn = smbd_server_conn; 310 311 all_string_sub(service,"\\","/",0); 312 313 iService = lp_servicenumber(service); 308 309 if (!service_in) { 310 return -1; 311 } 312 313 /* First make a copy. */ 314 *p_service_out = talloc_strdup(ctx, service_in); 315 if (!*p_service_out) { 316 return -1; 317 } 318 319 all_string_sub(*p_service_out,"\\","/",0); 320 321 iService = lp_servicenumber(*p_service_out); 314 322 315 323 /* now handle the special case of a home directory */ 316 324 if (iService < 0) { 317 char *phome_dir = get_user_home_dir( talloc_tos(), service);325 char *phome_dir = get_user_home_dir(ctx, *p_service_out); 318 326 319 327 if(!phome_dir) { … … 322 330 * be a Windows to unix mapped user name. 323 331 */ 324 if(map_username(sconn, service)) 332 if(map_username(ctx, *p_service_out, p_service_out)) { 333 if (*p_service_out == NULL) { 334 /* Out of memory. */ 335 return -1; 336 } 325 337 phome_dir = get_user_home_dir( 326 talloc_tos(), service); 327 } 328 329 DEBUG(3,("checking for home directory %s gave %s\n",service, 338 ctx, *p_service_out); 339 } 340 } 341 342 DEBUG(3,("checking for home directory %s gave %s\n",*p_service_out, 330 343 phome_dir?phome_dir:"(NULL)")); 331 344 332 iService = add_home_service( service,service/* 'username' */, phome_dir);345 iService = add_home_service(*p_service_out,*p_service_out /* 'username' */, phome_dir); 333 346 } 334 347 … … 341 354 } 342 355 if (iPrinterService >= 0) { 343 DEBUG(3,("checking whether %s is a valid printer name...\n", service)); 344 if (pcap_printername_ok(service)) { 345 DEBUG(3,("%s is a valid printer name\n", service)); 346 DEBUG(3,("adding %s as a printer service\n", service)); 347 lp_add_printer(service, iPrinterService); 348 iService = lp_servicenumber(service); 356 DEBUG(3,("checking whether %s is a valid printer name...\n", 357 *p_service_out)); 358 if (pcap_printername_ok(*p_service_out)) { 359 DEBUG(3,("%s is a valid printer name\n", 360 *p_service_out)); 361 DEBUG(3,("adding %s as a printer service\n", 362 *p_service_out)); 363 lp_add_printer(*p_service_out, iPrinterService); 364 iService = lp_servicenumber(*p_service_out); 349 365 if (iService < 0) { 350 DEBUG(0,("failed to add %s as a printer service!\n", service)); 366 DEBUG(0,("failed to add %s as a printer service!\n", 367 *p_service_out)); 351 368 } 352 369 } else { 353 DEBUG(3,("%s is not a valid printer name\n", service)); 370 DEBUG(3,("%s is not a valid printer name\n", 371 *p_service_out)); 354 372 } 355 373 } … … 361 379 362 380 if (iService < 0) { 363 iService = load_registry_service( service);381 iService = load_registry_service(*p_service_out); 364 382 } 365 383 … … 367 385 if (iService < 0 && *lp_usershare_path()) { 368 386 /* Ensure the name is canonicalized. */ 369 strlower_m( service);370 iService = load_usershare_service( service);387 strlower_m(*p_service_out); 388 iService = load_usershare_service(*p_service_out); 371 389 } 372 390 … … 374 392 if (iService < 0) { 375 393 char *pdefservice = lp_defaultservice(); 376 if (pdefservice && *pdefservice && !strequal(pdefservice,service) && !strstr_m(service,"..")) { 394 if (pdefservice && 395 *pdefservice && 396 !strequal(pdefservice, *p_service_out) 397 && !strstr_m(*p_service_out,"..")) { 377 398 /* 378 399 * We need to do a local copy here as lp_defaultservice() … … 381 402 * below. Fix from Josef Hinteregger <joehtg@joehtg.co.at>. 382 403 */ 383 char *defservice = SMB_STRDUP(pdefservice);404 char *defservice = talloc_strdup(ctx, pdefservice); 384 405 385 406 if (!defservice) { … … 391 412 strequal(defservice, PRINTERS_NAME) || 392 413 strequal(defservice, "IPC$")) { 393 SAFE_FREE(defservice);414 TALLOC_FREE(defservice); 394 415 goto fail; 395 416 } 396 417 397 iService = find_service(defservice); 418 iService = find_service(ctx, defservice, p_service_out); 419 if (!*p_service_out) { 420 TALLOC_FREE(defservice); 421 iService = -1; 422 goto fail; 423 } 398 424 if (iService >= 0) { 399 all_string_sub( service, "_","/",0);400 iService = lp_add_service( service, iService);425 all_string_sub(*p_service_out, "_","/",0); 426 iService = lp_add_service(*p_service_out, iService); 401 427 } 402 SAFE_FREE(defservice);428 TALLOC_FREE(defservice); 403 429 } 404 430 } … … 406 432 if (iService >= 0) { 407 433 if (!VALID_SNUM(iService)) { 408 DEBUG(0,("Invalid snum %d for %s\n",iService, service)); 434 DEBUG(0,("Invalid snum %d for %s\n",iService, 435 *p_service_out)); 409 436 iService = -1; 410 437 } … … 413 440 fail: 414 441 415 if (iService < 0) 416 DEBUG(3,("find_service() failed to find service %s\n", service)); 442 if (iService < 0) { 443 DEBUG(3,("find_service() failed to find service %s\n", 444 *p_service_out)); 445 } 417 446 418 447 return (iService); … … 425 454 ****************************************************************************/ 426 455 427 static NTSTATUS share_sanity_checks(int snum, fstring dev) 456 static NTSTATUS share_sanity_checks(struct client_address *client_id, int snum, 457 fstring dev) 428 458 { 429 430 459 if (!lp_snum_ok(snum) || 431 ! check_access(smbd_server_fd(),432 lp_hostsallow(snum), lp_hostsdeny(snum))) {460 !allow_access(lp_hostsdeny(snum), lp_hostsallow(snum), 461 client_id->name, client_id->addr)) { 433 462 return NT_STATUS_ACCESS_DENIED; 434 463 } … … 475 504 static NTSTATUS find_forced_group(bool force_user, 476 505 int snum, const char *username, 477 DOM_SID*pgroup_sid,506 struct dom_sid *pgroup_sid, 478 507 gid_t *pgid) 479 508 { 480 509 NTSTATUS result = NT_STATUS_NO_SUCH_GROUP; 481 510 TALLOC_CTX *frame = talloc_stackframe(); 482 DOM_SIDgroup_sid;511 struct dom_sid group_sid; 483 512 enum lsa_SidType type; 484 513 char *groupname; … … 563 592 ****************************************************************************/ 564 593 565 static NTSTATUS create_connection_se rver_info(struct smbd_server_connection *sconn,594 static NTSTATUS create_connection_session_info(struct smbd_server_connection *sconn, 566 595 TALLOC_CTX *mem_ctx, int snum, 567 596 struct auth_serversupplied_info *vuid_serverinfo, … … 590 619 } else { 591 620 if (!user_ok_token(vuid_serverinfo->unix_name, 592 pdb_get_domain(vuid_serverinfo->sam_account),593 vuid_serverinfo-> ptok, snum)) {621 vuid_serverinfo->info3->base.domain.string, 622 vuid_serverinfo->security_token, snum)) { 594 623 DEBUG(2, ("user '%s' (from session setup) not " 595 624 "permitted to access this share " … … 636 665 } 637 666 667 /**************************************************************************** 668 set relavent user and group settings corresponding to force user/group 669 configuration for the given snum. 670 ****************************************************************************/ 671 672 NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) 673 { 674 NTSTATUS status; 675 676 if (*lp_force_user(snum)) { 677 678 /* 679 * Replace conn->session_info with a completely faked up one 680 * from the username we are forced into :-) 681 */ 682 683 char *fuser; 684 struct auth_serversupplied_info *forced_serverinfo; 685 686 fuser = talloc_string_sub(conn, lp_force_user(snum), "%S", 687 lp_const_servicename(snum)); 688 if (fuser == NULL) { 689 return NT_STATUS_NO_MEMORY; 690 } 691 692 status = make_serverinfo_from_username( 693 conn, fuser, conn->session_info->guest, 694 &forced_serverinfo); 695 if (!NT_STATUS_IS_OK(status)) { 696 return status; 697 } 698 699 TALLOC_FREE(conn->session_info); 700 conn->session_info = forced_serverinfo; 701 702 conn->force_user = true; 703 DEBUG(3,("Forced user %s\n", fuser)); 704 } 705 706 /* 707 * If force group is true, then override 708 * any groupid stored for the connecting user. 709 */ 710 711 if (*lp_force_group(snum)) { 712 713 status = find_forced_group( 714 conn->force_user, snum, conn->session_info->unix_name, 715 &conn->session_info->security_token->sids[1], 716 &conn->session_info->utok.gid); 717 718 if (!NT_STATUS_IS_OK(status)) { 719 return status; 720 } 721 722 /* 723 * We need to cache this gid, to use within 724 * change_to_user() separately from the conn->session_info 725 * struct. We only use conn->session_info directly if 726 * "force_user" was set. 727 */ 728 conn->force_group_gid = conn->session_info->utok.gid; 729 } 730 731 return NT_STATUS_OK; 732 } 638 733 639 734 /**************************************************************************** … … 648 743 NTSTATUS *pstatus) 649 744 { 650 connection_struct *conn ;745 connection_struct *conn = NULL; 651 746 struct smb_filename *smb_fname_cpath = NULL; 652 747 fstring dev; 653 748 int ret; 654 char addr[INET6_ADDRSTRLEN]; 749 bool on_err_call_dis_hook = false; 750 bool claimed_connection = false; 751 uid_t effuid; 752 gid_t effgid; 655 753 NTSTATUS status; 656 754 657 755 fstrcpy(dev, pdev); 658 756 659 if (NT_STATUS_IS_ERR(*pstatus = share_sanity_checks(snum, dev))) { 660 return NULL; 661 } 757 *pstatus = share_sanity_checks(&sconn->client_id, snum, dev); 758 if (NT_STATUS_IS_ERR(*pstatus)) { 759 goto err_root_exit; 760 } 662 761 663 762 conn = conn_new(sconn); … … 665 764 DEBUG(0,("Couldn't find free connection.\n")); 666 765 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES; 667 return NULL;766 goto err_root_exit; 668 767 } 669 768 670 769 conn->params->service = snum; 671 770 672 status = create_connection_se rver_info(sconn,673 conn, snum, vuser ? vuser->se rver_info : NULL, password,674 &conn->se rver_info);771 status = create_connection_session_info(sconn, 772 conn, snum, vuser ? vuser->session_info : NULL, password, 773 &conn->session_info); 675 774 676 775 if (!NT_STATUS_IS_OK(status)) { 677 DEBUG(1, ("create_connection_se rver_info failed: %s\n",776 DEBUG(1, ("create_connection_session_info failed: %s\n", 678 777 nt_errstr(status))); 679 778 *pstatus = status; 680 conn_free(conn); 681 return NULL; 779 goto err_root_exit; 682 780 } 683 781 … … 686 784 } 687 785 688 add_session_user(sconn, conn->server_info->unix_name); 689 690 safe_strcpy(conn->client_address, 691 client_addr(get_client_fd(),addr,sizeof(addr)), 692 sizeof(conn->client_address)-1); 786 add_session_user(sconn, conn->session_info->unix_name); 787 693 788 conn->num_files_open = 0; 694 789 conn->lastused = conn->lastused_count = time(NULL); … … 718 813 719 814 conn->read_only = lp_readonly(SNUM(conn)); 720 conn->admin_user = False; 721 722 if (*lp_force_user(snum)) { 723 724 /* 725 * Replace conn->server_info with a completely faked up one 726 * from the username we are forced into :-) 727 */ 728 729 char *fuser; 730 struct auth_serversupplied_info *forced_serverinfo; 731 732 fuser = talloc_string_sub(conn, lp_force_user(snum), "%S", 733 lp_servicename(snum)); 734 if (fuser == NULL) { 735 conn_free(conn); 736 *pstatus = NT_STATUS_NO_MEMORY; 737 return NULL; 738 } 739 740 status = make_serverinfo_from_username( 741 conn, fuser, conn->server_info->guest, 742 &forced_serverinfo); 743 if (!NT_STATUS_IS_OK(status)) { 744 conn_free(conn); 745 *pstatus = status; 746 return NULL; 747 } 748 749 TALLOC_FREE(conn->server_info); 750 conn->server_info = forced_serverinfo; 751 752 conn->force_user = True; 753 DEBUG(3,("Forced user %s\n", fuser)); 754 } 755 756 /* 757 * If force group is true, then override 758 * any groupid stored for the connecting user. 759 */ 760 761 if (*lp_force_group(snum)) { 762 763 status = find_forced_group( 764 conn->force_user, snum, conn->server_info->unix_name, 765 &conn->server_info->ptok->user_sids[1], 766 &conn->server_info->utok.gid); 767 768 if (!NT_STATUS_IS_OK(status)) { 769 conn_free(conn); 770 *pstatus = status; 771 return NULL; 772 } 773 774 /* 775 * We need to cache this gid, to use within 776 * change_to_user() separately from the conn->server_info 777 * struct. We only use conn->server_info directly if 778 * "force_user" was set. 779 */ 780 conn->force_group_gid = conn->server_info->utok.gid; 815 816 status = set_conn_force_user_group(conn, snum); 817 if (!NT_STATUS_IS_OK(status)) { 818 conn_free(conn); 819 *pstatus = status; 820 return NULL; 781 821 } 782 822 … … 786 826 char *s = talloc_sub_advanced(talloc_tos(), 787 827 lp_servicename(SNUM(conn)), 788 conn->se rver_info->unix_name,828 conn->session_info->unix_name, 789 829 conn->connectpath, 790 conn->se rver_info->utok.gid,791 conn->se rver_info->sanitized_username,792 pdb_get_domain(conn->server_info->sam_account),830 conn->session_info->utok.gid, 831 conn->session_info->sanitized_username, 832 conn->session_info->info3->base.domain.string, 793 833 lp_pathname(snum)); 794 834 if (!s) { 795 conn_free(conn);796 835 *pstatus = NT_STATUS_NO_MEMORY; 797 return NULL;836 goto err_root_exit; 798 837 } 799 838 800 839 if (!set_conn_connectpath(conn,s)) { 801 840 TALLOC_FREE(s); 802 conn_free(conn);803 841 *pstatus = NT_STATUS_NO_MEMORY; 804 return NULL;842 goto err_root_exit; 805 843 } 806 844 DEBUG(3,("Connect path is '%s' for service [%s]\n",s, … … 816 854 */ 817 855 818 { 819 bool can_write = False; 820 821 can_write = share_access_check(conn->server_info->ptok, 822 lp_servicename(snum), 823 FILE_WRITE_DATA); 824 825 if (!can_write) { 826 if (!share_access_check(conn->server_info->ptok, 827 lp_servicename(snum), 828 FILE_READ_DATA)) { 829 /* No access, read or write. */ 830 DEBUG(0,("make_connection: connection to %s " 831 "denied due to security " 832 "descriptor.\n", 833 lp_servicename(snum))); 834 conn_free(conn); 835 *pstatus = NT_STATUS_ACCESS_DENIED; 836 return NULL; 837 } else { 838 conn->read_only = True; 839 } 856 share_access_check(conn->session_info->security_token, 857 lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS, 858 &conn->share_access); 859 860 if ((conn->share_access & FILE_WRITE_DATA) == 0) { 861 if ((conn->share_access & FILE_READ_DATA) == 0) { 862 /* No access, read or write. */ 863 DEBUG(0,("make_connection: connection to %s " 864 "denied due to security " 865 "descriptor.\n", 866 lp_servicename(snum))); 867 *pstatus = NT_STATUS_ACCESS_DENIED; 868 goto err_root_exit; 869 } else { 870 conn->read_only = True; 840 871 } 841 872 } … … 845 876 DEBUG(0, ("vfs_init failed for service %s\n", 846 877 lp_servicename(snum))); 847 conn_free(conn);848 878 *pstatus = NT_STATUS_BAD_NETWORK_NAME; 849 return NULL; 850 } 851 852 if ((!conn->printer) && (!conn->ipc)) { 853 conn->notify_ctx = notify_init(conn, server_id_self(), 854 smbd_messaging_context(), 855 smbd_event_context(), 856 conn); 879 goto err_root_exit; 857 880 } 858 881 … … 872 895 DEBUG(1, ("Max connections (%d) exceeded for %s\n", 873 896 lp_max_connections(snum), lp_servicename(snum))); 874 conn_free(conn);875 897 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES; 876 return NULL;877 } 898 goto err_root_exit; 899 } 878 900 879 901 /* 880 902 * Get us an entry in the connections db 881 903 */ 882 if (!claim_connection(conn, lp_servicename(snum) , 0)) {904 if (!claim_connection(conn, lp_servicename(snum))) { 883 905 DEBUG(1, ("Could not store connections entry\n")); 884 conn_free(conn);885 906 *pstatus = NT_STATUS_INTERNAL_DB_ERROR; 886 return NULL; 887 } 888 889 /* Invoke VFS make connection hook - must be the first 890 VFS operation we do. */ 907 goto err_root_exit; 908 } 909 claimed_connection = true; 910 911 /* Invoke VFS make connection hook - this must be the first 912 filesystem operation that we do. */ 891 913 892 914 if (SMB_VFS_CONNECT(conn, lp_servicename(snum), 893 conn->se rver_info->unix_name) < 0) {915 conn->session_info->unix_name) < 0) { 894 916 DEBUG(0,("make_connection: VFS make connection failed!\n")); 895 yield_connection(conn, lp_servicename(snum));896 conn_free(conn);897 917 *pstatus = NT_STATUS_UNSUCCESSFUL; 898 return NULL; 918 goto err_root_exit; 919 } 920 921 /* Any error exit after here needs to call the disconnect hook. */ 922 on_err_call_dis_hook = true; 923 924 if ((!conn->printer) && (!conn->ipc)) { 925 conn->notify_ctx = notify_init(conn, 926 sconn_server_id(sconn), 927 sconn->msg_ctx, 928 smbd_event_context(), 929 conn); 899 930 } 900 931 … … 917 948 char *cmd = talloc_sub_advanced(talloc_tos(), 918 949 lp_servicename(SNUM(conn)), 919 conn->se rver_info->unix_name,950 conn->session_info->unix_name, 920 951 conn->connectpath, 921 conn->se rver_info->utok.gid,922 conn->se rver_info->sanitized_username,923 pdb_get_domain(conn->server_info->sam_account),952 conn->session_info->utok.gid, 953 conn->session_info->sanitized_username, 954 conn->session_info->info3->base.domain.string, 924 955 lp_rootpreexec(snum)); 925 956 DEBUG(5,("cmd=%s\n",cmd)); … … 929 960 DEBUG(1,("root preexec gave %d - failing " 930 961 "connection\n", ret)); 931 SMB_VFS_DISCONNECT(conn);932 yield_connection(conn, lp_servicename(snum));933 conn_free(conn);934 962 *pstatus = NT_STATUS_ACCESS_DENIED; 935 return NULL;963 goto err_root_exit; 936 964 } 937 965 } … … 941 969 /* No point continuing if they fail the basic checks */ 942 970 DEBUG(0,("Can't become connected user!\n")); 943 SMB_VFS_DISCONNECT(conn);944 yield_connection(conn, lp_servicename(snum));945 conn_free(conn);946 971 *pstatus = NT_STATUS_LOGON_FAILURE; 947 return NULL; 948 } 972 goto err_root_exit; 973 } 974 975 effuid = geteuid(); 976 effgid = getegid(); 949 977 950 978 /* Remember that a different vuid can connect later without these 951 979 * checks... */ 952 980 953 981 /* Preexecs are done here as they might make the dir we are to ChDir 954 982 * to below */ … … 958 986 char *cmd = talloc_sub_advanced(talloc_tos(), 959 987 lp_servicename(SNUM(conn)), 960 conn->se rver_info->unix_name,988 conn->session_info->unix_name, 961 989 conn->connectpath, 962 conn->se rver_info->utok.gid,963 conn->se rver_info->sanitized_username,964 pdb_get_domain(conn->server_info->sam_account),990 conn->session_info->utok.gid, 991 conn->session_info->sanitized_username, 992 conn->session_info->info3->base.domain.string, 965 993 lp_preexec(snum)); 966 994 ret = smbrun(cmd,NULL); … … 973 1001 } 974 1002 } 1003 1004 #ifdef WITH_FAKE_KASERVER 1005 if (lp_afs_share(snum)) { 1006 afs_login(conn); 1007 } 1008 #endif 1009 1010 /* 1011 * we've finished with the user stuff - go back to root 1012 * so the SMB_VFS_STAT call will only fail on path errors, 1013 * not permission problems. 1014 */ 1015 change_to_root_user(); 1016 /* ROOT Activites: */ 975 1017 976 1018 /* … … 992 1034 } 993 1035 994 #ifdef WITH_FAKE_KASERVER995 if (lp_afs_share(snum)) {996 afs_login(conn);997 }998 #endif999 1000 1036 /* Add veto/hide lists */ 1001 1037 if (!IS_IPC(conn) && !IS_PRINT(conn)) { … … 1006 1042 lp_aio_write_behind(snum)); 1007 1043 } 1008 1009 1044 status = create_synthetic_smb_fname(talloc_tos(), conn->connectpath, 1010 1045 NULL, NULL, &smb_fname_cpath); … … 1019 1054 I have disabled this chdir check (tridge) */ 1020 1055 /* the alternative is just to check the directory exists */ 1056 1021 1057 if ((ret = SMB_VFS_STAT(conn, smb_fname_cpath)) != 0 || 1022 1058 !S_ISDIR(smb_fname_cpath->st.st_ex_mode)) { … … 1038 1074 string_set(&conn->origpath,conn->connectpath); 1039 1075 1040 #if SOFTLINK_OPTIMISATION1041 /* resolve any soft links early if possible */1042 if (vfs_ChDir(conn,conn->connectpath) == 0) {1043 TALLOC_CTX *ctx = talloc_tos();1044 char *s = vfs_GetWd(ctx,s);1045 if (!s) {1046 *status = map_nt_error_from_unix(errno);1047 goto err_root_exit;1048 }1049 if (!set_conn_connectpath(conn,s)) {1050 *status = NT_STATUS_NO_MEMORY;1051 goto err_root_exit;1052 }1053 vfs_ChDir(conn,conn->connectpath);1054 }1055 #endif1056 1057 1076 /* Figure out the characteristics of the underlying filesystem. This 1058 1077 * assumes that all the filesystem mounted withing a share path have … … 1070 1089 if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) { 1071 1090 dbgtext( "%s (%s) ", get_remote_machine_name(), 1072 conn-> client_address);1073 dbgtext( "%s", srv_is_signing_active(s mbd_server_conn) ? "signed " : "");1091 conn->sconn->client_id.addr ); 1092 dbgtext( "%s", srv_is_signing_active(sconn) ? "signed " : ""); 1074 1093 dbgtext( "connect to service %s ", lp_servicename(snum) ); 1075 1094 dbgtext( "initially as user %s ", 1076 conn->se rver_info->unix_name );1077 dbgtext( "(uid=%d, gid=%d) ", (int) geteuid(), (int)getegid());1095 conn->session_info->unix_name ); 1096 dbgtext( "(uid=%d, gid=%d) ", (int)effuid, (int)effgid ); 1078 1097 dbgtext( "(pid %d)\n", (int)sys_getpid() ); 1079 1098 } 1080 1099 1081 /* we've finished with the user stuff - go back to root */1082 change_to_root_user();1083 1100 return(conn); 1084 1101 1085 1102 err_root_exit: 1086 1103 TALLOC_FREE(smb_fname_cpath); 1087 change_to_root_user(); 1088 /* Call VFS disconnect hook */ 1089 SMB_VFS_DISCONNECT(conn); 1090 yield_connection(conn, lp_servicename(snum)); 1091 conn_free(conn); 1104 /* We must exit this function as root. */ 1105 if (geteuid() != 0) { 1106 change_to_root_user(); 1107 } 1108 if (on_err_call_dis_hook) { 1109 /* Call VFS disconnect hook */ 1110 SMB_VFS_DISCONNECT(conn); 1111 } 1112 if (claimed_connection) { 1113 yield_connection(conn, lp_servicename(snum)); 1114 } 1115 if (conn) { 1116 conn_free(conn); 1117 } 1092 1118 return NULL; 1093 1119 } … … 1106 1132 uid_t euid; 1107 1133 user_struct *vuser = NULL; 1108 fstring service;1134 char *service = NULL; 1109 1135 fstring dev; 1110 1136 int snum = -1; 1111 char addr[INET6_ADDRSTRLEN];1112 1137 1113 1138 fstrcpy(dev, pdev); … … 1166 1191 * current_user_info.smb_name as the username. */ 1167 1192 if (*current_user_info.smb_name) { 1168 fstring unix_username; 1169 fstrcpy(unix_username, 1170 current_user_info.smb_name); 1171 map_username(sconn, unix_username); 1172 snum = find_service(unix_username); 1173 } 1193 char *unix_username = NULL; 1194 (void)map_username(talloc_tos(), 1195 current_user_info.smb_name, 1196 &unix_username); 1197 snum = find_service(talloc_tos(), 1198 unix_username, 1199 &unix_username); 1200 if (!unix_username) { 1201 *status = NT_STATUS_NO_MEMORY; 1202 } 1203 return NULL; 1204 } 1174 1205 if (snum != -1) { 1175 1206 DEBUG(5, ("making a connection to 'homes' " … … 1193 1224 dev, status); 1194 1225 } 1195 1196 fstrcpy(service, service_in); 1226 1227 service = talloc_strdup(talloc_tos(), service_in); 1228 if (!service) { 1229 *status = NT_STATUS_NO_MEMORY; 1230 return NULL; 1231 } 1197 1232 1198 1233 strlower_m(service); 1199 1234 1200 snum = find_service(service); 1235 snum = find_service(talloc_tos(), service, &service); 1236 if (!service) { 1237 *status = NT_STATUS_NO_MEMORY; 1238 return NULL; 1239 } 1201 1240 1202 1241 if (snum < 0) { … … 1210 1249 DEBUG(3,("%s (%s) couldn't find service %s\n", 1211 1250 get_remote_machine_name(), 1212 client_addr(get_client_fd(),addr,sizeof(addr)), 1251 tsocket_address_string( 1252 sconn->remote_address, talloc_tos()), 1213 1253 service)); 1214 1254 *status = NT_STATUS_BAD_NETWORK_NAME; … … 1248 1288 DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n", 1249 1289 get_remote_machine_name(), 1250 conn-> client_address,1290 conn->sconn->client_id.addr, 1251 1291 lp_servicename(SNUM(conn)))); 1252 1292 … … 1264 1304 char *cmd = talloc_sub_advanced(talloc_tos(), 1265 1305 lp_servicename(SNUM(conn)), 1266 conn->se rver_info->unix_name,1306 conn->session_info->unix_name, 1267 1307 conn->connectpath, 1268 conn->se rver_info->utok.gid,1269 conn->se rver_info->sanitized_username,1270 pdb_get_domain(conn->server_info->sam_account),1308 conn->session_info->utok.gid, 1309 conn->session_info->sanitized_username, 1310 conn->session_info->info3->base.domain.string, 1271 1311 lp_postexec(SNUM(conn))); 1272 1312 smbrun(cmd,NULL); … … 1280 1320 char *cmd = talloc_sub_advanced(talloc_tos(), 1281 1321 lp_servicename(SNUM(conn)), 1282 conn->se rver_info->unix_name,1322 conn->session_info->unix_name, 1283 1323 conn->connectpath, 1284 conn->se rver_info->utok.gid,1285 conn->se rver_info->sanitized_username,1286 pdb_get_domain(conn->server_info->sam_account),1324 conn->session_info->utok.gid, 1325 conn->session_info->sanitized_username, 1326 conn->session_info->info3->base.domain.string, 1287 1327 lp_rootpostexec(SNUM(conn))); 1288 1328 smbrun(cmd,NULL);
Note:
See TracChangeset
for help on using the changeset viewer.
