1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00

r312: let ntvfs posix backend return NT_STATUS_ACCESS_DENIED in the connect hook

and print out an error message to the debug log which say:
use 'cifs' or 'simple' as ntvfs handler
this also warns about 'root' fileaccess in the 'simple' module

the 'default' ntvfs handler is now registered by the posix backend

metze
This commit is contained in:
Stefan Metzmacher 2004-04-21 14:19:03 +00:00 committed by Gerald (Jerry) Carter
parent f1b1bbc550
commit 84b3589daa
3 changed files with 15 additions and 94 deletions

View File

@ -240,7 +240,7 @@ SMB_MODULE(ntvfs_print, NTVFS, STATIC, [ntvfs/print/vfs_print.o])
SMB_MODULE(ntvfs_ipc, NTVFS, STATIC, [ntvfs/ipc/vfs_ipc.o])
SMB_MODULE(ntvfs_posix, NTVFS, NOT, [ntvfs/posix/vfs_posix.o])
SMB_MODULE(ntvfs_posix, NTVFS, STATIC, [ntvfs/posix/vfs_posix.o])
SMB_MODULE(ntvfs_nbench, NTVFS, STATIC, [ntvfs/nbench/vfs_nbench.o])

View File

@ -1,8 +1,8 @@
/*
Unix SMB/CIFS implementation.
POSIX NTVFS backend
Copyright (C) Andrew Tridgell 1992-2003
Copyright (C) Andrew Bartlett 2001
Copyright (C) Andrew Tridgell 2003
Copyright (C) Stefan (metze) Metzmacher 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -31,98 +31,28 @@
directory exists (tho it doesn't need to be accessible by the user,
that comes later)
*/
static NTSTATUS pvfs_connect(struct ntvfs_context *ctx, const char *sharename)
static NTSTATUS pvfs_connect(struct request_context *req, const char *sharename)
{
struct stat st;
struct connection_struct *conn = ctx->conn;
NTSTATUS status;
DEBUG(0, ("Connection to share [%s] ACCESS DENIED!\n", sharename));
DEBUGADD(0,("This is because your using the 'ntvfs handler = default'.\n"));
DEBUGADD(0,("This backend is not functional at the moment.\n"));
DEBUGADD(0,("Please use one of the following backends:\n"));
DEBUGADD(0,("cifs - a proxy to another cifs-server\n"));
DEBUGADD(0,("simple - a very, very simple posix backend\n"));
DEBUGADD(0,(" all file acess is done as user 'root'\n"));
DEBUGADD(0,(" Please don't use this a sensitive data!!!\n"));
/* the directory must exist */
if (stat(conn->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) {
DEBUG(0,("'%s' is not a directory, when connecting to [%s]\n",
conn->connectpath, lp_servicename(SNUM(conn))));
return NT_STATUS_BAD_NETWORK_NAME;
}
/* Initialise old VFS function pointers */
if (!smbd_vfs_init(conn)) {
DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn))));
return NT_STATUS_BAD_NETWORK_NAME;
}
/* become the user for the rest */
status = ntvfs_change_to_user(ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* the posix backend can do preexec */
status = ntvfs_connect_preexec(ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* Invoke the old POSIX VFS make connection hook */
if (conn->vfs_ops.connect &&
conn->vfs_ops.connect(conn, lp_servicename(snum), user) < 0) {
DEBUG(0,("make_connection: POSIX VFS make connection failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
}
/*
* Print out the 'connected as' stuff here as we need
* to know the effective uid and gid we will be using
* (at least initially).
*/
if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) {
dbgtext( "%s (%s) ", get_remote_machine_name(), conn->client_address );
dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) );
dbgtext( "initially as user %s ", user );
dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() );
dbgtext( "(pid %d)\n", (int)sys_getpid() );
}
return NT_STATUS_OK;
return NT_STATUS_ACCESS_DENIED;
}
/*
disconnect from a share
*/
static NTSTATUS pvfs_disconnect(struct ntvfs_context *ctx)
static NTSTATUS pvfs_disconnect(struct tcon_context *tcon)
{
return NT_STATUS_OK;
}
/*
delete a file - the dirtype specifies the file types to include in the search.
The name can contain CIFS wildcards, but rarely does (except with OS/2 clients)
*/
static NTSTATUS pvfs_unlink(struct ntvfs_context *ctx, const char *name, uint16 dirtype)
{
NTSTATUS status;
if (ntvfs_dfs_redirect(ctx, name)) {
return NT_STATUS_PATH_NOT_COVERED;
}
status = unlink_internals(ctx->conn, dirtype, name);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
ntvfs_run_change_notify_queue();
return NT_STATUS_OK;
}
/*
initialialise the POSIX disk backend, registering ourselves with the ntvfs subsystem
*/
@ -139,7 +69,6 @@ NTSTATUS ntvfs_posix_init(void)
/* fill in all the operations */
ops.connect = pvfs_connect;
ops.disconnect = pvfs_disconnect;
ops.unlink = pvfs_unlink;
/* register ourselves with the NTVFS subsystem. We register under the name 'default'
as we wish to be the default backend */

View File

@ -948,7 +948,7 @@ NTSTATUS ntvfs_simple_init(void)
ops.trans = svfs_trans;
/* register ourselves with the NTVFS subsystem. We register
under two names 'simple' and 'default'
under names 'simple'
*/
ops.name = "simple";
ret = register_backend("ntvfs", &ops);
@ -958,13 +958,5 @@ NTSTATUS ntvfs_simple_init(void)
ops.name));
}
/* also register as "default" */
ops.name = "default";
ret = register_backend("ntvfs", &ops);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("Failed to register simple backend with name: %s!\n",
ops.name));
}
return ret;
}