Changeset 745 for trunk/server/source3/smbd/service.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/smbd/service.c (modified) (48 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/smbd/service.c
r480 r745 3 3 service (connection) opening and closing 4 4 Copyright (C) Andrew Tridgell 1992-1998 5 5 6 6 This program is free software; you can redistribute it and/or modify 7 7 it under the terms of the GNU General Public License as published by 8 8 the Free Software Foundation; either version 3 of the License, or 9 9 (at your option) any later version. 10 10 11 11 This program is distributed in the hope that it will be useful, 12 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 14 GNU General Public License for more details. 15 15 16 16 You should have received a copy of the GNU General Public License 17 17 along with this program. If not, see <http://www.gnu.org/licenses/>. … … 19 19 20 20 #include "includes.h" 21 #include "system/filesys.h" 22 #include "../lib/tsocket/tsocket.h" 23 #include "smbd/smbd.h" 21 24 #include "smbd/globals.h" 25 #include "../librpc/gen_ndr/netlogon.h" 26 #include "../libcli/security/security.h" 27 #include "printing/pcap.h" 28 #include "passdb/lookup_sid.h" 29 #include "auth.h" 22 30 23 31 extern userdom_struct current_user_info; … … 25 33 static bool canonicalize_connect_path(connection_struct *conn) 26 34 { 27 #ifdef REALPATH_TAKES_NULL28 35 bool ret; 29 char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath ,NULL);36 char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath); 30 37 if (!resolved_name) { 31 38 return false; … … 34 41 SAFE_FREE(resolved_name); 35 42 return ret; 36 #else37 char resolved_name_buf[PATH_MAX+1];38 char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath,resolved_name_buf);39 if (!resolved_name) {40 return false;41 }42 return set_conn_connectpath(conn,resolved_name);43 #endif /* REALPATH_TAKES_NULL */44 43 } 45 44 … … 62 61 63 62 /* Allocate for strlen + '\0' + possible leading '/' */ 64 destname = SMB_MALLOC(strlen(connectpath) + 2);63 destname = (char *)SMB_MALLOC(strlen(connectpath) + 2); 65 64 if (!destname) { 66 65 return false; … … 189 188 190 189 snum = SNUM(conn); 191 190 192 191 if (do_chdir && 193 192 vfs_ChDir(conn,conn->connectpath) != 0 && … … 204 203 last_conn = conn; 205 204 last_flags = flags; 206 205 207 206 /* Obey the client case sensitivity requests - only for clients that support it. */ 208 207 switch (lp_casesensitive(snum)) { … … 298 297 return -1; 299 298 } 300 299 301 300 return lp_servicenumber(service); 302 301 … … 309 308 **/ 310 309 311 int find_service( fstring service)310 int find_service(TALLOC_CTX *ctx, const char *service_in, char **p_service_out) 312 311 { 313 312 int iService; 314 struct smbd_server_connection *sconn = smbd_server_conn; 315 316 all_string_sub(service,"\\","/",0); 317 318 iService = lp_servicenumber(service); 313 314 if (!service_in) { 315 return -1; 316 } 317 318 /* First make a copy. */ 319 *p_service_out = talloc_strdup(ctx, service_in); 320 if (!*p_service_out) { 321 return -1; 322 } 323 324 all_string_sub(*p_service_out,"\\","/",0); 325 326 iService = lp_servicenumber(*p_service_out); 319 327 320 328 /* now handle the special case of a home directory */ 321 329 if (iService < 0) { 322 char *phome_dir = get_user_home_dir( talloc_tos(), service);330 char *phome_dir = get_user_home_dir(ctx, *p_service_out); 323 331 324 332 if(!phome_dir) { … … 327 335 * be a Windows to unix mapped user name. 328 336 */ 329 if(map_username(sconn, service)) 337 if(map_username(ctx, *p_service_out, p_service_out)) { 338 if (*p_service_out == NULL) { 339 /* Out of memory. */ 340 return -1; 341 } 330 342 phome_dir = get_user_home_dir( 331 talloc_tos(), service); 332 } 333 334 DEBUG(3,("checking for home directory %s gave %s\n",service, 343 ctx, *p_service_out); 344 } 345 } 346 347 DEBUG(3,("checking for home directory %s gave %s\n",*p_service_out, 335 348 phome_dir?phome_dir:"(NULL)")); 336 349 337 iService = add_home_service( service,service/* 'username' */, phome_dir);350 iService = add_home_service(*p_service_out,*p_service_out /* 'username' */, phome_dir); 338 351 } 339 352 … … 346 359 } 347 360 if (iPrinterService >= 0) { 348 DEBUG(3,("checking whether %s is a valid printer name...\n", service)); 349 if (pcap_printername_ok(service)) { 350 DEBUG(3,("%s is a valid printer name\n", service)); 351 DEBUG(3,("adding %s as a printer service\n", service)); 352 lp_add_printer(service, iPrinterService); 353 iService = lp_servicenumber(service); 361 DEBUG(3,("checking whether %s is a valid printer name...\n", 362 *p_service_out)); 363 if (pcap_printername_ok(*p_service_out)) { 364 DEBUG(3,("%s is a valid printer name\n", 365 *p_service_out)); 366 DEBUG(3,("adding %s as a printer service\n", 367 *p_service_out)); 368 lp_add_printer(*p_service_out, iPrinterService); 369 iService = lp_servicenumber(*p_service_out); 354 370 if (iService < 0) { 355 DEBUG(0,("failed to add %s as a printer service!\n", service)); 371 DEBUG(0,("failed to add %s as a printer service!\n", 372 *p_service_out)); 356 373 } 357 374 } else { 358 DEBUG(3,("%s is not a valid printer name\n", service)); 375 DEBUG(3,("%s is not a valid printer name\n", 376 *p_service_out)); 359 377 } 360 378 } … … 366 384 367 385 if (iService < 0) { 368 iService = load_registry_service( service);386 iService = load_registry_service(*p_service_out); 369 387 } 370 388 … … 372 390 if (iService < 0 && *lp_usershare_path()) { 373 391 /* Ensure the name is canonicalized. */ 374 strlower_m( service);375 iService = load_usershare_service( service);392 strlower_m(*p_service_out); 393 iService = load_usershare_service(*p_service_out); 376 394 } 377 395 … … 379 397 if (iService < 0) { 380 398 char *pdefservice = lp_defaultservice(); 381 if (pdefservice && *pdefservice && !strequal(pdefservice,service) && !strstr_m(service,"..")) { 399 if (pdefservice && 400 *pdefservice && 401 !strequal(pdefservice, *p_service_out) 402 && !strstr_m(*p_service_out,"..")) { 382 403 /* 383 404 * We need to do a local copy here as lp_defaultservice() … … 386 407 * below. Fix from Josef Hinteregger <joehtg@joehtg.co.at>. 387 408 */ 388 char *defservice = SMB_STRDUP(pdefservice);409 char *defservice = talloc_strdup(ctx, pdefservice); 389 410 390 411 if (!defservice) { … … 396 417 strequal(defservice, PRINTERS_NAME) || 397 418 strequal(defservice, "IPC$")) { 398 SAFE_FREE(defservice);419 TALLOC_FREE(defservice); 399 420 goto fail; 400 421 } 401 422 402 iService = find_service(defservice); 423 iService = find_service(ctx, defservice, p_service_out); 424 if (!*p_service_out) { 425 TALLOC_FREE(defservice); 426 iService = -1; 427 goto fail; 428 } 403 429 if (iService >= 0) { 404 all_string_sub( service, "_","/",0);405 iService = lp_add_service( service, iService);430 all_string_sub(*p_service_out, "_","/",0); 431 iService = lp_add_service(*p_service_out, iService); 406 432 } 407 SAFE_FREE(defservice);433 TALLOC_FREE(defservice); 408 434 } 409 435 } … … 411 437 if (iService >= 0) { 412 438 if (!VALID_SNUM(iService)) { 413 DEBUG(0,("Invalid snum %d for %s\n",iService, service)); 439 DEBUG(0,("Invalid snum %d for %s\n",iService, 440 *p_service_out)); 414 441 iService = -1; 415 442 } … … 418 445 fail: 419 446 420 if (iService < 0) 421 DEBUG(3,("find_service() failed to find service %s\n", service)); 447 if (iService < 0) { 448 DEBUG(3,("find_service() failed to find service %s\n", 449 *p_service_out)); 450 } 422 451 423 452 return (iService); … … 430 459 ****************************************************************************/ 431 460 432 static NTSTATUS share_sanity_checks(int snum, fstring dev) 461 static NTSTATUS share_sanity_checks(struct client_address *client_id, int snum, 462 fstring dev) 433 463 { 434 435 464 if (!lp_snum_ok(snum) || 436 ! check_access(smbd_server_fd(),437 lp_hostsallow(snum), lp_hostsdeny(snum))) {465 !allow_access(lp_hostsdeny(snum), lp_hostsallow(snum), 466 client_id->name, client_id->addr)) { 438 467 return NT_STATUS_ACCESS_DENIED; 439 468 } … … 480 509 static NTSTATUS find_forced_group(bool force_user, 481 510 int snum, const char *username, 482 DOM_SID*pgroup_sid,511 struct dom_sid *pgroup_sid, 483 512 gid_t *pgid) 484 513 { 485 514 NTSTATUS result = NT_STATUS_NO_SUCH_GROUP; 486 515 TALLOC_CTX *frame = talloc_stackframe(); 487 DOM_SIDgroup_sid;516 struct dom_sid group_sid; 488 517 enum lsa_SidType type; 489 518 char *groupname; … … 568 597 ****************************************************************************/ 569 598 570 static NTSTATUS create_connection_se rver_info(struct smbd_server_connection *sconn,599 static NTSTATUS create_connection_session_info(struct smbd_server_connection *sconn, 571 600 TALLOC_CTX *mem_ctx, int snum, 572 601 struct auth_serversupplied_info *vuid_serverinfo, … … 595 624 } else { 596 625 if (!user_ok_token(vuid_serverinfo->unix_name, 597 pdb_get_domain(vuid_serverinfo->sam_account),598 vuid_serverinfo-> ptok, snum)) {626 vuid_serverinfo->info3->base.domain.string, 627 vuid_serverinfo->security_token, snum)) { 599 628 DEBUG(2, ("user '%s' (from session setup) not " 600 629 "permitted to access this share " … … 641 670 } 642 671 672 /**************************************************************************** 673 set relavent user and group settings corresponding to force user/group 674 configuration for the given snum. 675 ****************************************************************************/ 676 677 NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) 678 { 679 NTSTATUS status; 680 681 if (*lp_force_user(snum)) { 682 683 /* 684 * Replace conn->session_info with a completely faked up one 685 * from the username we are forced into :-) 686 */ 687 688 char *fuser; 689 struct auth_serversupplied_info *forced_serverinfo; 690 691 fuser = talloc_string_sub(conn, lp_force_user(snum), "%S", 692 lp_const_servicename(snum)); 693 if (fuser == NULL) { 694 return NT_STATUS_NO_MEMORY; 695 } 696 697 status = make_serverinfo_from_username( 698 conn, fuser, conn->session_info->guest, 699 &forced_serverinfo); 700 if (!NT_STATUS_IS_OK(status)) { 701 return status; 702 } 703 704 TALLOC_FREE(conn->session_info); 705 conn->session_info = forced_serverinfo; 706 707 conn->force_user = true; 708 DEBUG(3,("Forced user %s\n", fuser)); 709 } 710 711 /* 712 * If force group is true, then override 713 * any groupid stored for the connecting user. 714 */ 715 716 if (*lp_force_group(snum)) { 717 718 status = find_forced_group( 719 conn->force_user, snum, conn->session_info->unix_name, 720 &conn->session_info->security_token->sids[1], 721 &conn->session_info->utok.gid); 722 723 if (!NT_STATUS_IS_OK(status)) { 724 return status; 725 } 726 727 /* 728 * We need to cache this gid, to use within 729 * change_to_user() separately from the conn->session_info 730 * struct. We only use conn->session_info directly if 731 * "force_user" was set. 732 */ 733 conn->force_group_gid = conn->session_info->utok.gid; 734 } 735 736 return NT_STATUS_OK; 737 } 643 738 644 739 /**************************************************************************** … … 653 748 NTSTATUS *pstatus) 654 749 { 655 connection_struct *conn ;750 connection_struct *conn = NULL; 656 751 struct smb_filename *smb_fname_cpath = NULL; 657 752 fstring dev; 658 753 int ret; 659 char addr[INET6_ADDRSTRLEN]; 754 bool on_err_call_dis_hook = false; 755 bool claimed_connection = false; 756 uid_t effuid; 757 gid_t effgid; 660 758 NTSTATUS status; 661 759 662 760 fstrcpy(dev, pdev); 663 761 664 if (NT_STATUS_IS_ERR(*pstatus = share_sanity_checks(snum, dev))) { 665 return NULL; 666 } 762 *pstatus = share_sanity_checks(&sconn->client_id, snum, dev); 763 if (NT_STATUS_IS_ERR(*pstatus)) { 764 goto err_root_exit; 765 } 667 766 668 767 conn = conn_new(sconn); … … 670 769 DEBUG(0,("Couldn't find free connection.\n")); 671 770 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES; 672 return NULL;771 goto err_root_exit; 673 772 } 674 773 675 774 conn->params->service = snum; 676 775 677 status = create_connection_se rver_info(sconn,678 conn, snum, vuser ? vuser->se rver_info : NULL, password,679 &conn->se rver_info);776 status = create_connection_session_info(sconn, 777 conn, snum, vuser ? vuser->session_info : NULL, password, 778 &conn->session_info); 680 779 681 780 if (!NT_STATUS_IS_OK(status)) { 682 DEBUG(1, ("create_connection_se rver_info failed: %s\n",781 DEBUG(1, ("create_connection_session_info failed: %s\n", 683 782 nt_errstr(status))); 684 783 *pstatus = status; 685 conn_free(conn); 686 return NULL; 784 goto err_root_exit; 687 785 } 688 786 … … 691 789 } 692 790 693 add_session_user(sconn, conn->server_info->unix_name); 694 695 safe_strcpy(conn->client_address, 696 client_addr(get_client_fd(),addr,sizeof(addr)), 697 sizeof(conn->client_address)-1); 791 add_session_user(sconn, conn->session_info->unix_name); 792 698 793 conn->num_files_open = 0; 699 794 conn->lastused = conn->lastused_count = time(NULL); … … 723 818 724 819 conn->read_only = lp_readonly(SNUM(conn)); 725 conn->admin_user = False; 726 727 if (*lp_force_user(snum)) { 728 729 /* 730 * Replace conn->server_info with a completely faked up one 731 * from the username we are forced into :-) 732 */ 733 734 char *fuser; 735 struct auth_serversupplied_info *forced_serverinfo; 736 737 fuser = talloc_string_sub(conn, lp_force_user(snum), "%S", 738 lp_servicename(snum)); 739 if (fuser == NULL) { 740 conn_free(conn); 741 *pstatus = NT_STATUS_NO_MEMORY; 742 return NULL; 743 } 744 745 status = make_serverinfo_from_username( 746 conn, fuser, conn->server_info->guest, 747 &forced_serverinfo); 748 if (!NT_STATUS_IS_OK(status)) { 749 conn_free(conn); 750 *pstatus = status; 751 return NULL; 752 } 753 754 TALLOC_FREE(conn->server_info); 755 conn->server_info = forced_serverinfo; 756 757 conn->force_user = True; 758 DEBUG(3,("Forced user %s\n", fuser)); 759 } 760 761 /* 762 * If force group is true, then override 763 * any groupid stored for the connecting user. 764 */ 765 766 if (*lp_force_group(snum)) { 767 768 status = find_forced_group( 769 conn->force_user, snum, conn->server_info->unix_name, 770 &conn->server_info->ptok->user_sids[1], 771 &conn->server_info->utok.gid); 772 773 if (!NT_STATUS_IS_OK(status)) { 774 conn_free(conn); 775 *pstatus = status; 776 return NULL; 777 } 778 779 /* 780 * We need to cache this gid, to use within 781 * change_to_user() separately from the conn->server_info 782 * struct. We only use conn->server_info directly if 783 * "force_user" was set. 784 */ 785 conn->force_group_gid = conn->server_info->utok.gid; 820 821 status = set_conn_force_user_group(conn, snum); 822 if (!NT_STATUS_IS_OK(status)) { 823 conn_free(conn); 824 *pstatus = status; 825 return NULL; 786 826 } 787 827 … … 791 831 char *s = talloc_sub_advanced(talloc_tos(), 792 832 lp_servicename(SNUM(conn)), 793 conn->se rver_info->unix_name,833 conn->session_info->unix_name, 794 834 conn->connectpath, 795 conn->se rver_info->utok.gid,796 conn->se rver_info->sanitized_username,797 pdb_get_domain(conn->server_info->sam_account),835 conn->session_info->utok.gid, 836 conn->session_info->sanitized_username, 837 conn->session_info->info3->base.domain.string, 798 838 lp_pathname(snum)); 799 839 if (!s) { 800 conn_free(conn);801 840 *pstatus = NT_STATUS_NO_MEMORY; 802 return NULL;841 goto err_root_exit; 803 842 } 804 843 805 844 if (!set_conn_connectpath(conn,s)) { 806 845 TALLOC_FREE(s); 807 conn_free(conn);808 846 *pstatus = NT_STATUS_NO_MEMORY; 809 return NULL;847 goto err_root_exit; 810 848 } 811 849 DEBUG(3,("Connect path is '%s' for service [%s]\n",s, … … 821 859 */ 822 860 823 { 824 bool can_write = False; 825 826 can_write = share_access_check(conn->server_info->ptok, 827 lp_servicename(snum), 828 FILE_WRITE_DATA); 829 830 if (!can_write) { 831 if (!share_access_check(conn->server_info->ptok, 832 lp_servicename(snum), 833 FILE_READ_DATA)) { 834 /* No access, read or write. */ 835 DEBUG(0,("make_connection: connection to %s " 836 "denied due to security " 837 "descriptor.\n", 838 lp_servicename(snum))); 839 conn_free(conn); 840 *pstatus = NT_STATUS_ACCESS_DENIED; 841 return NULL; 842 } else { 843 conn->read_only = True; 844 } 861 share_access_check(conn->session_info->security_token, 862 lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS, 863 &conn->share_access); 864 865 if ((conn->share_access & FILE_WRITE_DATA) == 0) { 866 if ((conn->share_access & FILE_READ_DATA) == 0) { 867 /* No access, read or write. */ 868 DEBUG(0,("make_connection: connection to %s " 869 "denied due to security " 870 "descriptor.\n", 871 lp_servicename(snum))); 872 *pstatus = NT_STATUS_ACCESS_DENIED; 873 goto err_root_exit; 874 } else { 875 conn->read_only = True; 845 876 } 846 877 } … … 850 881 DEBUG(0, ("vfs_init failed for service %s\n", 851 882 lp_servicename(snum))); 852 conn_free(conn);853 883 *pstatus = NT_STATUS_BAD_NETWORK_NAME; 854 return NULL; 855 } 856 857 if ((!conn->printer) && (!conn->ipc)) { 858 conn->notify_ctx = notify_init(conn, server_id_self(), 859 smbd_messaging_context(), 860 smbd_event_context(), 861 conn); 884 goto err_root_exit; 862 885 } 863 886 … … 877 900 DEBUG(1, ("Max connections (%d) exceeded for %s\n", 878 901 lp_max_connections(snum), lp_servicename(snum))); 879 conn_free(conn);880 902 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES; 881 return NULL;882 } 903 goto err_root_exit; 904 } 883 905 884 906 /* 885 907 * Get us an entry in the connections db 886 908 */ 887 if (!claim_connection(conn, lp_servicename(snum) , 0)) {909 if (!claim_connection(conn, lp_servicename(snum))) { 888 910 DEBUG(1, ("Could not store connections entry\n")); 889 conn_free(conn);890 911 *pstatus = NT_STATUS_INTERNAL_DB_ERROR; 891 return NULL; 892 } 893 894 /* Invoke VFS make connection hook - must be the first 895 VFS operation we do. */ 912 goto err_root_exit; 913 } 914 claimed_connection = true; 915 916 /* Invoke VFS make connection hook - this must be the first 917 filesystem operation that we do. */ 896 918 897 919 if (SMB_VFS_CONNECT(conn, lp_servicename(snum), 898 conn->se rver_info->unix_name) < 0) {920 conn->session_info->unix_name) < 0) { 899 921 DEBUG(0,("make_connection: VFS make connection failed!\n")); 900 yield_connection(conn, lp_servicename(snum));901 conn_free(conn);902 922 *pstatus = NT_STATUS_UNSUCCESSFUL; 903 return NULL; 923 goto err_root_exit; 924 } 925 926 /* Any error exit after here needs to call the disconnect hook. */ 927 on_err_call_dis_hook = true; 928 929 if ((!conn->printer) && (!conn->ipc)) { 930 conn->notify_ctx = notify_init(conn, 931 sconn_server_id(sconn), 932 sconn->msg_ctx, 933 smbd_event_context(), 934 conn); 904 935 } 905 936 … … 922 953 char *cmd = talloc_sub_advanced(talloc_tos(), 923 954 lp_servicename(SNUM(conn)), 924 conn->se rver_info->unix_name,955 conn->session_info->unix_name, 925 956 conn->connectpath, 926 conn->se rver_info->utok.gid,927 conn->se rver_info->sanitized_username,928 pdb_get_domain(conn->server_info->sam_account),957 conn->session_info->utok.gid, 958 conn->session_info->sanitized_username, 959 conn->session_info->info3->base.domain.string, 929 960 lp_rootpreexec(snum)); 930 961 DEBUG(5,("cmd=%s\n",cmd)); … … 934 965 DEBUG(1,("root preexec gave %d - failing " 935 966 "connection\n", ret)); 936 SMB_VFS_DISCONNECT(conn);937 yield_connection(conn, lp_servicename(snum));938 conn_free(conn);939 967 *pstatus = NT_STATUS_ACCESS_DENIED; 940 return NULL;968 goto err_root_exit; 941 969 } 942 970 } … … 946 974 /* No point continuing if they fail the basic checks */ 947 975 DEBUG(0,("Can't become connected user!\n")); 948 SMB_VFS_DISCONNECT(conn);949 yield_connection(conn, lp_servicename(snum));950 conn_free(conn);951 976 *pstatus = NT_STATUS_LOGON_FAILURE; 952 return NULL; 953 } 977 goto err_root_exit; 978 } 979 980 effuid = geteuid(); 981 effgid = getegid(); 954 982 955 983 /* Remember that a different vuid can connect later without these 956 984 * checks... */ 957 985 958 986 /* Preexecs are done here as they might make the dir we are to ChDir 959 987 * to below */ … … 963 991 char *cmd = talloc_sub_advanced(talloc_tos(), 964 992 lp_servicename(SNUM(conn)), 965 conn->se rver_info->unix_name,993 conn->session_info->unix_name, 966 994 conn->connectpath, 967 conn->se rver_info->utok.gid,968 conn->se rver_info->sanitized_username,969 pdb_get_domain(conn->server_info->sam_account),995 conn->session_info->utok.gid, 996 conn->session_info->sanitized_username, 997 conn->session_info->info3->base.domain.string, 970 998 lp_preexec(snum)); 971 999 ret = smbrun(cmd,NULL); … … 978 1006 } 979 1007 } 1008 1009 #ifdef WITH_FAKE_KASERVER 1010 if (lp_afs_share(snum)) { 1011 afs_login(conn); 1012 } 1013 #endif 1014 1015 /* 1016 * we've finished with the user stuff - go back to root 1017 * so the SMB_VFS_STAT call will only fail on path errors, 1018 * not permission problems. 1019 */ 1020 change_to_root_user(); 1021 /* ROOT Activites: */ 980 1022 981 1023 /* … … 997 1039 } 998 1040 999 #ifdef WITH_FAKE_KASERVER1000 if (lp_afs_share(snum)) {1001 afs_login(conn);1002 }1003 #endif1004 1005 1041 /* Add veto/hide lists */ 1006 1042 if (!IS_IPC(conn) && !IS_PRINT(conn)) { … … 1011 1047 lp_aio_write_behind(snum)); 1012 1048 } 1013 1014 1049 status = create_synthetic_smb_fname(talloc_tos(), conn->connectpath, 1015 1050 NULL, NULL, &smb_fname_cpath); … … 1024 1059 I have disabled this chdir check (tridge) */ 1025 1060 /* the alternative is just to check the directory exists */ 1061 1026 1062 if ((ret = SMB_VFS_STAT(conn, smb_fname_cpath)) != 0 || 1027 1063 !S_ISDIR(smb_fname_cpath->st.st_ex_mode)) { … … 1043 1079 string_set(&conn->origpath,conn->connectpath); 1044 1080 1045 #if SOFTLINK_OPTIMISATION1046 /* resolve any soft links early if possible */1047 if (vfs_ChDir(conn,conn->connectpath) == 0) {1048 TALLOC_CTX *ctx = talloc_tos();1049 char *s = vfs_GetWd(ctx,s);1050 if (!s) {1051 *status = map_nt_error_from_unix(errno);1052 goto err_root_exit;1053 }1054 if (!set_conn_connectpath(conn,s)) {1055 *status = NT_STATUS_NO_MEMORY;1056 goto err_root_exit;1057 }1058 vfs_ChDir(conn,conn->connectpath);1059 }1060 #endif1061 1062 1081 /* Figure out the characteristics of the underlying filesystem. This 1063 1082 * assumes that all the filesystem mounted withing a share path have … … 1075 1094 if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) { 1076 1095 dbgtext( "%s (%s) ", get_remote_machine_name(), 1077 conn-> client_address);1078 dbgtext( "%s", srv_is_signing_active(s mbd_server_conn) ? "signed " : "");1096 conn->sconn->client_id.addr ); 1097 dbgtext( "%s", srv_is_signing_active(sconn) ? "signed " : ""); 1079 1098 dbgtext( "connect to service %s ", lp_servicename(snum) ); 1080 1099 dbgtext( "initially as user %s ", 1081 conn->se rver_info->unix_name );1082 dbgtext( "(uid=%d, gid=%d) ", (int) geteuid(), (int)getegid());1100 conn->session_info->unix_name ); 1101 dbgtext( "(uid=%d, gid=%d) ", (int)effuid, (int)effgid ); 1083 1102 dbgtext( "(pid %d)\n", (int)sys_getpid() ); 1084 1103 } 1085 1104 1086 /* we've finished with the user stuff - go back to root */1087 change_to_root_user();1088 1105 return(conn); 1089 1106 1090 1107 err_root_exit: 1091 1108 TALLOC_FREE(smb_fname_cpath); 1092 change_to_root_user(); 1093 /* Call VFS disconnect hook */ 1094 SMB_VFS_DISCONNECT(conn); 1095 yield_connection(conn, lp_servicename(snum)); 1096 conn_free(conn); 1109 /* We must exit this function as root. */ 1110 if (geteuid() != 0) { 1111 change_to_root_user(); 1112 } 1113 if (on_err_call_dis_hook) { 1114 /* Call VFS disconnect hook */ 1115 SMB_VFS_DISCONNECT(conn); 1116 } 1117 if (claimed_connection) { 1118 yield_connection(conn, lp_servicename(snum)); 1119 } 1120 if (conn) { 1121 conn_free(conn); 1122 } 1097 1123 return NULL; 1098 1124 } … … 1111 1137 uid_t euid; 1112 1138 user_struct *vuser = NULL; 1113 fstring service;1139 char *service = NULL; 1114 1140 fstring dev; 1115 1141 int snum = -1; 1116 char addr[INET6_ADDRSTRLEN];1117 1142 1118 1143 fstrcpy(dev, pdev); … … 1171 1196 * current_user_info.smb_name as the username. */ 1172 1197 if (*current_user_info.smb_name) { 1173 fstring unix_username; 1174 fstrcpy(unix_username, 1175 current_user_info.smb_name); 1176 map_username(sconn, unix_username); 1177 snum = find_service(unix_username); 1178 } 1198 char *unix_username = NULL; 1199 (void)map_username(talloc_tos(), 1200 current_user_info.smb_name, 1201 &unix_username); 1202 snum = find_service(talloc_tos(), 1203 unix_username, 1204 &unix_username); 1205 if (!unix_username) { 1206 *status = NT_STATUS_NO_MEMORY; 1207 } 1208 return NULL; 1209 } 1179 1210 if (snum != -1) { 1180 1211 DEBUG(5, ("making a connection to 'homes' " … … 1198 1229 dev, status); 1199 1230 } 1200 1201 fstrcpy(service, service_in); 1231 1232 service = talloc_strdup(talloc_tos(), service_in); 1233 if (!service) { 1234 *status = NT_STATUS_NO_MEMORY; 1235 return NULL; 1236 } 1202 1237 1203 1238 strlower_m(service); 1204 1239 1205 snum = find_service(service); 1240 snum = find_service(talloc_tos(), service, &service); 1241 if (!service) { 1242 *status = NT_STATUS_NO_MEMORY; 1243 return NULL; 1244 } 1206 1245 1207 1246 if (snum < 0) { … … 1215 1254 DEBUG(3,("%s (%s) couldn't find service %s\n", 1216 1255 get_remote_machine_name(), 1217 client_addr(get_client_fd(),addr,sizeof(addr)), 1256 tsocket_address_string( 1257 sconn->remote_address, talloc_tos()), 1218 1258 service)); 1219 1259 *status = NT_STATUS_BAD_NETWORK_NAME; … … 1253 1293 DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n", 1254 1294 get_remote_machine_name(), 1255 conn-> client_address,1295 conn->sconn->client_id.addr, 1256 1296 lp_servicename(SNUM(conn)))); 1257 1297 … … 1269 1309 char *cmd = talloc_sub_advanced(talloc_tos(), 1270 1310 lp_servicename(SNUM(conn)), 1271 conn->se rver_info->unix_name,1311 conn->session_info->unix_name, 1272 1312 conn->connectpath, 1273 conn->se rver_info->utok.gid,1274 conn->se rver_info->sanitized_username,1275 pdb_get_domain(conn->server_info->sam_account),1313 conn->session_info->utok.gid, 1314 conn->session_info->sanitized_username, 1315 conn->session_info->info3->base.domain.string, 1276 1316 lp_postexec(SNUM(conn))); 1277 1317 smbrun(cmd,NULL); … … 1285 1325 char *cmd = talloc_sub_advanced(talloc_tos(), 1286 1326 lp_servicename(SNUM(conn)), 1287 conn->se rver_info->unix_name,1327 conn->session_info->unix_name, 1288 1328 conn->connectpath, 1289 conn->se rver_info->utok.gid,1290 conn->se rver_info->sanitized_username,1291 pdb_get_domain(conn->server_info->sam_account),1329 conn->session_info->utok.gid, 1330 conn->session_info->sanitized_username, 1331 conn->session_info->info3->base.domain.string, 1292 1332 lp_rootpostexec(SNUM(conn))); 1293 1333 smbrun(cmd,NULL);
Note:
See TracChangeset
for help on using the changeset viewer.
