sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
a3cec511bb
samba-mirror/source4/smb_server/service.c
Andrew Tridgell a3cec511bb r2561: completely redid the ntvfs module chaining code, You can now do something like: 
ntvfs handler = nbench posix

and the nbench pass-thru module will be called before the posix
module. The chaining logic is now much saner, and less racy, with each
level in the chain getting its own private pointer rather than relying
on save/restore logic in the pass-thru module.

The only pass-thru module we have at the moment is the nbench one
(which records all traffic in a nbench compatibe format), but I plan
on soon writing a "unixuid" pass-thru module that will implement the
setegid()/setgroups()/seteuid() logic for standard posix uid
handling. This separation of the posix backend from the uid handling
should simplify the code, and make development easier.

I also modified the nbench module so it can do multiple chaining, so
if you want to you can do:

   ntvfs module = nbench nbench posix

and it will save 2 copies of the log file in /tmp. This is really only
useful for testing at the moment until we have more than one pass-thru
module.
(This used to be commit f84c0af35c)
2007-10-10 12:59:06 -05:00

311 lines
8.6 KiB
C
Raw Blame History

/*
Unix SMB/CIFS implementation.
service (connection) handling
Copyright (C) Andrew Tridgell 1992-2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
/****************************************************************************
Add a home service. Returns the new service number or -1 if fail.
****************************************************************************/
int add_home_service(const char *service, const char *username, const char *homedir)
{
int iHomeService;
if (!service || !homedir)
return -1;
if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0)
return -1;
/*
* If this is a winbindd provided username, remove
* the domain component before adding the service.
* Log a warning if the "path=" parameter does not
* include any macros.
*/
{
const char *p = strchr(service,*lp_winbind_separator());
/* We only want the 'user' part of the string */
if (p) {
service = p + 1;
}
}
if (!lp_add_home(service, iHomeService, username, homedir)) {
return -1;
}
return lp_servicenumber(service);
}
/**
* Find a service entry. service is always in dos codepage.
*
* @param service is modified (to canonical form??)
**/
static int find_service(const char *service)
{
int iService;
iService = lp_servicenumber(service);
/* If we still don't have a service, attempt to add it as a printer. */
if (iService == -1) {
int iPrinterService;
if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0) {
const char *pszTemp;
DEBUG(3,("checking whether %s is a valid printer name...\n", service));
pszTemp = lp_printcapname();
if ((pszTemp != NULL) && pcap_printername_ok(service, pszTemp)) {
DEBUG(3,("%s is a valid printer name\n", service));
DEBUG(3,("adding %s as a printer service\n", service));
lp_add_printer(service, iPrinterService);
iService = lp_servicenumber(service);
if (iService < 0)
DEBUG(0,("failed to add %s as a printer service!\n", service));
} else {
DEBUG(3,("%s is not a valid printer name\n", service));
}
}
}
/* Check for default vfs service? Unsure whether to implement this */
if (iService == -1) {
}
/* just possibly it's a default service? */
if (iService == -1) {
const char *pdefservice = lp_defaultservice();
if (pdefservice && *pdefservice &&
!strequal(pdefservice,service) &&
!strstr(service,"..")) {
/*
* We need to do a local copy here as lp_defaultservice()
* returns one of the rotating lp_string buffers that
* could get overwritten by the recursive find_service() call
* below. Fix from Josef Hinteregger <joehtg@joehtg.co.at>.
*/
pstring defservice;
pstrcpy(defservice, pdefservice);
iService = find_service(defservice);
if (iService >= 0) {
/* REWRITE: all_string_sub(service, "_","/",0); */
iService = lp_add_service(service, iService);
}
}
}
if (iService >= 0 && !VALID_SNUM(iService)) {
DEBUG(0,("Invalid snum %d for %s\n",iService, service));
iService = -1;
}
if (iService == -1) {
DEBUG(3,("find_service() failed to find service %s\n", service));
}
return iService;
}
/****************************************************************************
Make a connection, given the snum to connect to, and the vuser of the
connecting user if appropriate.
****************************************************************************/
static NTSTATUS make_connection_snum(struct smbsrv_request *req,
int snum, enum ntvfs_type type,
DATA_BLOB password,
const char *dev)
{
struct smbsrv_tcon *tcon;
NTSTATUS status;
tcon = conn_new(req->smb_conn);
if (!tcon) {
DEBUG(0,("Couldn't find free connection.\n"));
return NT_STATUS_INSUFFICIENT_RESOURCES;
}
req->tcon = tcon;
tcon->service = snum;
tcon->type = type;
/*
* New code to check if there's a share security descripter
* added from NT server manager. This is done after the
* smb.conf checks are done as we need a uid and token. JRA.
*
*/
if (!share_access_check(req, tcon, snum, SA_RIGHT_FILE_WRITE_DATA)) {
if (!share_access_check(req, tcon, snum, SA_RIGHT_FILE_READ_DATA)) {
/* No access, read or write. */
DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
lp_servicename(snum)));
conn_free(req->smb_conn, tcon);
return NT_STATUS_ACCESS_DENIED;
} else {
tcon->read_only = True;
}
}
/* init ntvfs function pointers */
status = ntvfs_init_connection(req);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("ntvfs_init_connection failed for service %s\n", lp_servicename(SNUM(tcon))));
conn_free(req->smb_conn, tcon);
return status;
}
/* Invoke NTVFS connection hook */
if (tcon->ntvfs_ops->connect) {
status = tcon->ntvfs_ops->connect(req, lp_servicename(snum), 0);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("make_connection: NTVFS make connection failed!\n"));
conn_free(req->smb_conn, tcon);
return status;
}
}
return NT_STATUS_OK;
}
/****************************************************************************
Make a connection to a service.
*
* @param service
****************************************************************************/
static NTSTATUS make_connection(struct smbsrv_request *req,
const char *service, DATA_BLOB password,
const char *dev, uint16_t vuid)
{
int snum;
enum ntvfs_type type;
const char *type_str;
/* the service might be of the form \\SERVER\SHARE. Should we put
the server name we get from this somewhere? */
if (strncmp(service, "\\\\", 2) == 0) {
char *p = strchr(service+2, '\\');
if (p) {
service = p + 1;
}
}
snum = find_service(service);
if (snum == -1) {
DEBUG(0,("couldn't find service %s\n", service));
return NT_STATUS_BAD_NETWORK_NAME;
}
/* work out what sort of connection this is */
if (strcmp(lp_fstype(snum), "IPC") == 0) {
type = NTVFS_IPC;
type_str = "IPC";
} else if (lp_print_ok(snum)) {
type = NTVFS_PRINT;
type_str = "LPT:";
} else {
type = NTVFS_DISK;
type_str = "A:";
}
if (strcmp(dev, "?????") != 0 && strcasecmp(type_str, dev) != 0) {
/* the client gave us the wrong device type */
return NT_STATUS_BAD_DEVICE_TYPE;
}
return make_connection_snum(req, snum, type, password, dev);
}
/****************************************************************************
close a cnum
****************************************************************************/
void close_cnum(struct smbsrv_tcon *tcon)
{
DEBUG(3,("%s closed connection to service %s\n",
socket_get_peer_addr(tcon->smb_conn->connection->socket, tcon),
lp_servicename(SNUM(tcon))));
/* tell the ntvfs backend that we are disconnecting */
tcon->ntvfs_ops->disconnect(tcon, 0);
conn_free(tcon->smb_conn, tcon);
}
/*
backend for tree connect call
*/
NTSTATUS tcon_backend(struct smbsrv_request *req, union smb_tcon *con)
{
NTSTATUS status;
uint16_t vuid = UID_FIELD_INVALID;
/* can only do bare tcon in share level security */
if (req->session == NULL && lp_security() != SEC_SHARE) {
return NT_STATUS_ACCESS_DENIED;
}
if (req->session) {
vuid = req->session->vuid;
}
if (con->generic.level == RAW_TCON_TCON) {
DATA_BLOB password;
password = data_blob(con->tcon.in.password, strlen(con->tcon.in.password) + 1);
status = make_connection(req, con->tcon.in.service, password, con->tcon.in.dev, vuid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
con->tcon.out.max_xmit = req->smb_conn->negotiate.max_recv;
con->tcon.out.cnum = req->tcon->cnum;
return status;
}
status = make_connection(req, con->tconx.in.path, con->tconx.in.password,
con->tconx.in.device, vuid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
con->tconx.out.cnum = req->tcon->cnum;
con->tconx.out.dev_type = talloc_strdup(req, req->tcon->dev_type);
con->tconx.out.fs_type = talloc_strdup(req, req->tcon->fs_type);
con->tconx.out.options = SMB_SUPPORT_SEARCH_BITS | (lp_csc_policy(req->tcon->service) << 2);
if (lp_msdfs_root(req->tcon->service) && lp_host_msdfs()) {
con->tconx.out.options |= SMB_SHARE_IN_DFS;
}
return status;
}
View Git Blame Copy Permalink