Changeset 745 for trunk/server/source3/smbd/msdfs.c

Timestamp:

Nov 27, 2012, 4:43:17 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.0

Location:

trunk/server

Files:

• . (modified) (1 prop)
• source3/smbd/msdfs.c (modified) (19 diffs)

trunk/server/source3/smbd/msdfs.c

@@ -23 +23 @@
 #define DBGC_CLASS DBGC_MSDFS
 #include "includes.h"
+#include "system/filesys.h"
+#include "smbd/smbd.h"
 #include "smbd/globals.h"
+#include "msdfs.h"
+#include "auth.h"
+#include "libcli/security/security.h"
 
 /**********************************************************************
@@ -51 +56 @@
                                 bool *ppath_contains_wcard)
 {
+        struct smbd_server_connection *sconn = smbd_server_conn;
         char *pathname_local;
         char *p,*temp;
@@ -78 +84 @@
         sepchar = pdp->posix_path ? '/' : '\\';
 
-        if (*pathname != sepchar) {
+        if (!sconn->using_smb2 && (*pathname != sepchar)) {
                 DEBUG(10,("parse_dfs_path: path %s doesn't start with %c\n",
                         pathname, sepchar ));
@@ -212 +218 @@
 /********************************************************
  Fake up a connection struct for the VFS layer.
- Note this CHANGES CWD !!!! JRA.
+ Note: this performs a vfs connect and CHANGES CWD !!!! JRA.
 *********************************************************/
 
@@ -219 +225 @@
                                 int snum,
                                 const char *path,
-                                struct auth_serversupplied_info *server_info,
+                                const struct auth_serversupplied_info *session_info,
                                 char **poldcwd)
 {
@@ -225 +231 @@
         char *connpath;
         char *oldcwd;
+        const char *vfs_user;
 
         conn = TALLOC_ZERO_P(ctx, connection_struct);
@@ -255 +262 @@
         conn->params->service = snum;
 
-        if (server_info != NULL) {
-                conn->server_info = copy_serverinfo(conn, server_info);
-                if (conn->server_info == NULL) {
+        conn->sconn = smbd_server_conn;
+        conn->sconn->num_tcons_open++;
+
+        if (session_info != NULL) {
+                conn->session_info = copy_serverinfo(conn, session_info);
+                if (conn->session_info == NULL) {
                         DEBUG(0, ("copy_serverinfo failed\n"));
                         TALLOC_FREE(conn);
                         return NT_STATUS_NO_MEMORY;
                 }
+                vfs_user = conn->session_info->unix_name;
+        } else {
+                /* use current authenticated user in absence of session_info */
+                vfs_user = get_current_username();
         }
 
         set_conn_connectpath(conn, connpath);
+
+        /*
+         * New code to check if there's a share security descripter
+         * added from NT server manager. This is done after the
+         * smb.conf checks are done as we need a uid and token. JRA.
+         *
+         */
+        if (conn->session_info) {
+                share_access_check(conn->session_info->security_token,
+                                   lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS,
+                                   &conn->share_access);
+
+                if ((conn->share_access & FILE_WRITE_DATA) == 0) {
+                        if ((conn->share_access & FILE_READ_DATA) == 0) {
+                                /* No access, read or write. */
+                                DEBUG(0,("create_conn_struct: connection to %s "
+                                         "denied due to security "
+                                         "descriptor.\n",
+                                         lp_servicename(snum)));
+                                conn_free(conn);
+                                return NT_STATUS_ACCESS_DENIED;
+                        } else {
+                                conn->read_only = true;
+                        }
+                }
+        } else {
+                conn->share_access = 0;
+                conn->read_only = true;
+        }
 
         if (!smbd_vfs_init(conn)) {
@@ -271 +314 @@
                 conn_free(conn);
                 return status;
+        }
+
+        /* this must be the first filesystem operation that we do */
+        if (SMB_VFS_CONNECT(conn, lp_servicename(snum), vfs_user) < 0) {
+                DEBUG(0,("VFS connect failed!\n"));
+                conn_free(conn);
+                return NT_STATUS_UNSUCCESSFUL;
         }
 
@@ -723 +773 @@
                         || (strequal(pdp->servicename, HOMES_NAME)
                         && strequal(lp_servicename(SNUM(conn)),
-                                conn->server_info->sanitized_username) )) ) {
+                                conn->session_info->sanitized_username) )) ) {
 
                 /* The given sharename doesn't match this connection. */
@@ -796 +846 @@
 
 NTSTATUS get_referred_path(TALLOC_CTX *ctx,
-                        struct auth_serversupplied_info *server_info,
                         const char *dfs_path,
                         struct junction_map *jucn,
@@ -831 +880 @@
         snum = lp_servicenumber(jucn->service_name);
         if(snum < 0) {
-                fstring service_name;
-                fstrcpy(service_name, jucn->service_name);
-                if ((snum = find_service(service_name)) < 0) {
+                char *service_name = NULL;
+                if ((snum = find_service(ctx, jucn->service_name, &service_name)) < 0) {
                         return NT_STATUS_NOT_FOUND;
+                }
+                if (!service_name) {
+                        return NT_STATUS_NO_MEMORY;
                 }
                 TALLOC_FREE(jucn->service_name);
@@ -918 +969 @@
 
         status = create_conn_struct(ctx, &conn, snum, lp_pathname(snum),
-                                    server_info, &oldpath);
+                                    NULL, &oldpath);
         if (!NT_STATUS_IS_OK(status)) {
                 TALLOC_FREE(pdp);
@@ -933 +984 @@
                 DEBUG(3,("get_referred_path: No valid referrals for path %s\n",
                         dfs_path));
-                vfs_ChDir(conn, oldpath);
-                conn_free(conn);
-                TALLOC_FREE(pdp);
-                return status;
+                goto err_exit;
         }
 
@@ -945 +993 @@
                 DEBUG(3,("get_referred_path: failed to parse symlink "
                         "target %s\n", targetpath ));
-                vfs_ChDir(conn, oldpath);
-                conn_free(conn);
-                TALLOC_FREE(pdp);
-                return NT_STATUS_NOT_FOUND;
-        }
-
+                status = NT_STATUS_NOT_FOUND;
+                goto err_exit;
+        }
+
+        status = NT_STATUS_OK;
+ err_exit:
         vfs_ChDir(conn, oldpath);
+        SMB_VFS_DISCONNECT(conn);
         conn_free(conn);
         TALLOC_FREE(pdp);
-        return NT_STATUS_OK;
+        return status;
 }
 
@@ -1223 +1272 @@
 
         /* The following call can change cwd. */
-        *pstatus = get_referred_path(ctx, orig_conn->server_info,
-                                     pathnamep, junction,
-                                     &consumedcnt, &self_referral);
+        *pstatus = get_referred_path(ctx, pathnamep, junction,
+                        &consumedcnt, &self_referral);
         if (!NT_STATUS_IS_OK(*pstatus)) {
                 vfs_ChDir(orig_conn,orig_conn->connectpath);
@@ -1370 +1418 @@
         if (!*pp_path_out) {
                 vfs_ChDir(*conn_out, *oldpath);
+                SMB_VFS_DISCONNECT(*conn_out);
                 conn_free(*conn_out);
                 return False;
@@ -1458 +1507 @@
 out:
         vfs_ChDir(conn, cwd);
+        SMB_VFS_DISCONNECT(conn);
         conn_free(conn);
         return ret;
@@ -1489 +1539 @@
         TALLOC_FREE(smb_fname);
         vfs_ChDir(conn, cwd);
+        SMB_VFS_DISCONNECT(conn);
         conn_free(conn);
         return ret;
@@ -1553 +1604 @@
 out:
         vfs_ChDir(conn, cwd);
+        SMB_VFS_DISCONNECT(conn);
         conn_free(conn);
         return cnt;