Fixes for the %U and %G problems people have reported.

Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.

These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.

Jeremy.

source/include/proto.h

@@ -1554,7 +1554,7 @@ char *validated_username(uint16 vuid);
 int setup_groups(char *user, int uid, int gid, int *p_ngroups, 
 		 int **p_igroups, gid_t **p_groups,
          int **p_attrs);
-uint16 register_vuid(int uid,int gid, char *name,BOOL guest);
+uint16 register_vuid(int uid,int gid, char *unix_name, char *requested_name, BOOL guest);
 void add_session_user(char *user);
 BOOL update_smbpassword_file( char *user, fstring password);
 void dfs_unlogin(void);
@@ -1726,7 +1726,7 @@ int reply_lanman2(char *outbuf);
 int reply_nt1(char *outbuf);
 void close_cnum(int cnum, uint16 vuid);
 void exit_server(char *reason);
-void standard_sub(int cnum,char *str);
+void standard_sub(int cnum,char *str,uint16 vuid);
 char *smb_fn_name(int type);
 int chain_reply(char *inbuf,char *outbuf,int size,int bufsize);
 int construct_reply(char *inbuf,char *outbuf,int size,int bufsize);

source/include/smb.h

@@ -485,7 +485,8 @@ typedef struct
   int uid; /* uid of a validated user */
   int gid; /* gid of a validated user */
 
-  fstring name; /* name of a validated user */
+  fstring requested_name; /* user name from the client */
+  fstring name; /* unix user name of a validated user */
   fstring real_name;   /* to store real name from password file - simeon */
   BOOL guest;
 

source/printing/printing.c

@@ -103,7 +103,7 @@ static char *build_print_command(int cnum, char *command, char *syscmd, char *fi
   
   string_sub(syscmd, "%p", tstr);
   
-  standard_sub(cnum,syscmd);
+  standard_sub(cnum,syscmd,UID_FIELD_INVALID);
   
   return (syscmd);
 }
@@ -1056,7 +1056,7 @@ int get_printqueue(int snum,int cnum,print_queue_struct **queue,
   pstrcpy(syscmd,lpq_command);
   string_sub(syscmd,"%p",printername);
 
-  standard_sub(cnum,syscmd);
+  standard_sub(cnum,syscmd,UID_FIELD_INVALID);
 
   sprintf(outfile,"%s/lpq.%08x",tmpdir(),str_checksum(syscmd));
   
@@ -1147,7 +1147,7 @@ void del_printqueue(int cnum,int snum,int jobid)
   pstrcpy(syscmd,lprm_command);
   string_sub(syscmd,"%p",printername);
   string_sub(syscmd,"%j",jobstr);
-  standard_sub(cnum,syscmd);
+  standard_sub(cnum,syscmd,UID_FIELD_INVALID);
 
   ret = smbrun(syscmd,NULL,False);
   DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret));  
@@ -1185,7 +1185,7 @@ void status_printjob(int cnum,int snum,int jobid,int status)
   pstrcpy(syscmd,lpstatus_command);
   string_sub(syscmd,"%p",printername);
   string_sub(syscmd,"%j",jobstr);
-  standard_sub(cnum,syscmd);
+  standard_sub(cnum,syscmd,UID_FIELD_INVALID);
 
   ret = smbrun(syscmd,NULL,False);
   DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret));  

source/smbd/ipc.c

@@ -85,7 +85,7 @@ static int CopyExpanded(int cnum, int snum, char** dst, char* src, int* n)
 
   StrnCpy(buf,src,sizeof(buf)/2);
   string_sub(buf,"%S",lp_servicename(snum));
-  standard_sub(cnum,buf);
+  standard_sub(cnum,buf,UID_FIELD_INVALID);
   StrnCpy(*dst,buf,*n);
   l = strlen(*dst) + 1;
   (*dst) += l;
@@ -110,7 +110,7 @@ static int StrlenExpanded(int cnum, int snum, char* s)
   if (!s) return(0);
   StrnCpy(buf,s,sizeof(buf)/2);
   string_sub(buf,"%S",lp_servicename(snum));
-  standard_sub(cnum,buf);
+  standard_sub(cnum,buf,UID_FIELD_INVALID);
   return strlen(buf) + 1;
 }
 
@@ -120,7 +120,7 @@ static char* Expand(int cnum, int snum, char* s)
   if (!s) return(NULL);
   StrnCpy(buf,s,sizeof(buf)/2);
   string_sub(buf,"%S",lp_servicename(snum));
-  standard_sub(cnum,buf);
+  standard_sub(cnum,buf,UID_FIELD_INVALID);
   return &buf[0];
 }
 
@@ -2058,7 +2058,7 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data,
 	SIVAL(p,6,0);
       } else {
 	SIVAL(p,6,PTR_DIFF(p2,*rdata));
-	standard_sub(cnum,comment);
+	standard_sub(cnum,comment,vuid);
 	StrnCpy(p2,comment,MAX(mdrcnt - struct_len,0));
 	p2 = skip_string(p2,1);
       }
@@ -2584,7 +2584,7 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data,
 /* JHT - By calling lp_logon_script() and standard_sub() we have */
 /* made sure all macros are fully substituted and available */
     logon_script = lp_logon_script();
-    standard_sub( cnum, logon_script );
+    standard_sub( cnum, logon_script, vuid );
     PACKS(&desc,"z", logon_script);		/* script path */
 /* End of JHT mods */
 

source/smbd/message.c

@@ -78,7 +78,7 @@ static void msg_deliver(void)
       string_sub(s,"%s",name);
       string_sub(s,"%f",msgfrom);
       string_sub(s,"%t",msgto);
-      standard_sub(-1,s);
+      standard_sub(-1,s,UID_FIELD_INVALID);
       smbrun(s,NULL,False);
     }
 

source/smbd/password.c

@@ -251,7 +251,7 @@ register a uid/name pair as being valid and that a valid password
 has been given. vuid is biased by an offset. This allows us to
 tell random client vuid's (normally zero) from valid vuids.
 ****************************************************************************/
-uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
+uint16 register_vuid(int uid,int gid, char *unix_name, char *requested_name, BOOL guest)
 {
   user_struct *vuser;
   struct passwd *pwfile; /* for getting real name from passwd file */
@@ -298,7 +298,8 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
   vuser->uid = uid;
   vuser->gid = gid;
   vuser->guest = guest;
-  strcpy(vuser->name,name);
+  fstrcpy(vuser->name,unix_name);
+  fstrcpy(vuser->requested_name,requested_name);
 
   vuser->n_sids = 0;
   vuser->sids   = NULL;
@@ -310,13 +311,13 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
 
   /* Find all the groups this uid is in and store them. 
      Used by become_user() */
-  setup_groups(name,uid,gid,
+  setup_groups(unix_name,uid,gid,
 	       &vuser->n_groups,
 	       &vuser->igroups,
 	       &vuser->groups,
 	       &vuser->attrs);
 
-  DEBUG(3,("uid %d registered to name %s\n",uid,name));
+  DEBUG(3,("uid %d registered to name %s\n",uid,unix_name));
 
   DEBUG(3, ("Clearing default real name\n"));
   fstrcpy(vuser->real_name, "<Full Name>\0");

source/smbd/reply.c

@@ -689,7 +689,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 
   /* register the name and uid as being validated, so further connections
      to a uid can get through without a password, on the same VC */
-  sess_vuid = register_vuid(uid,gid,user,guest);
+  sess_vuid = register_vuid(uid,gid,user,sesssetup_user,guest);
  
   SSVAL(outbuf,smb_uid,sess_vuid);
   SSVAL(inbuf,smb_uid,sess_vuid);

source/smbd/server.c

@@ -3537,7 +3537,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
   {
     pstring s;
     pstrcpy(s,lp_pathname(snum));
-    standard_sub(cnum,s);
+    standard_sub(cnum,s,vuid);
     string_set(&pcon->connectpath,s);
     DEBUG(3,("Connect path is %s\n",s));
   }
@@ -3574,7 +3574,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
     {
       pstring cmd;
       pstrcpy(cmd,lp_rootpreexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
+      standard_sub(cnum,cmd,vuid);
       DEBUG(5,("cmd=%s\n",cmd));
       smbrun(cmd,NULL,False);
     }
@@ -3628,7 +3628,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
     {
       pstring cmd;
       pstrcpy(cmd,lp_preexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
+      standard_sub(cnum,cmd,vuid);
       smbrun(cmd,NULL,False);
     }
   
@@ -4222,7 +4222,7 @@ void close_cnum(int cnum, uint16 vuid)
     {
       pstring cmd;
       strcpy(cmd,lp_postexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
+      standard_sub(cnum,cmd,vuid);
       smbrun(cmd,NULL,False);
       unbecome_user();
     }
@@ -4233,7 +4233,7 @@ void close_cnum(int cnum, uint16 vuid)
     {
       pstring cmd;
       strcpy(cmd,lp_rootpostexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
+      standard_sub(cnum,cmd,vuid);
       smbrun(cmd,NULL,False);
     }
 
@@ -4338,8 +4338,10 @@ void exit_server(char *reason)
 /****************************************************************************
 do some standard substitutions in a string
 ****************************************************************************/
-void standard_sub(int cnum,char *str)
+void standard_sub(int cnum,char *str,uint16 vuid)
 {
+  user_struct *vuser = get_valid_user_struct(vuid);
+
   if (VALID_CNUM(cnum)) {
     char *p, *s, *home;
 
@@ -4368,6 +4370,9 @@ void standard_sub(int cnum,char *str)
       }
     }
   }
+  if(vuser != NULL)
+    pstrcpy( sesssetup_user, vuser->requested_name);
+
   standard_sub_basic(str);
 }
 

source/smbd/uid.c

@@ -28,6 +28,7 @@ static int initial_gid;
 
 /* what user is current? */
 struct current_user current_user;
+extern pstring sesssetup_user;
 
 pstring OriginalDir;
 
@@ -276,7 +277,12 @@ BOOL become_user(connection_struct *conn, int cnum, uint16 vuid)
 
   current_user.cnum = cnum;
   current_user.vuid = vuid;
-  
+
+  /* Ensure sesssetup_user is set correctly if we are using
+     user security. */
+  if(vuser != NULL)
+    pstrcpy( sesssetup_user, vuser->requested_name);
+
   DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d)\n",
 	   getuid(),geteuid(),getgid(),getegid()));