int cli_errno(struct cli_state *cli)
{
NTSTATUS status;
if (cli_is_nt_error(cli)) {
status = cli_nt_error(cli);
return map_errno_from_nt_status(status);
}
if (cli_is_dos_error(cli)) {
uint8 eclass;
uint32 ecode;
cli_dos_error(cli, &eclass, &ecode);
status = dos_to_ntstatus(eclass, ecode);
return map_errno_from_nt_status(status);
}
/*
* Yuck! A special case for this Vista error. Since its high-order
* byte isn't 0xc0, it doesn't match cli_is_nt_error() above.
*/
status = cli_nt_error(cli);
if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT)) {
return EACCES;
}
/* for other cases */
return EINVAL;
}
int onefs_lstat(vfs_handle_struct *handle, struct smb_filename *smb_fname)
{
struct smb_filename *smb_fname_onefs = NULL;
NTSTATUS status;
int ret;
status = onefs_stream_prep_smb_fname(talloc_tos(), smb_fname,
&smb_fname_onefs);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
/*
* If the smb_fname has no stream or is :$DATA, then just stat the
* base stream. Otherwise stat the stream.
*/
if (!is_ntfs_stream_smb_fname(smb_fname_onefs)) {
ret = onefs_sys_lstat(smb_fname_onefs->base_name,
&smb_fname->st);
} else {
ret = stat_stream(handle->conn, smb_fname_onefs->base_name,
smb_fname_onefs->stream_name, &smb_fname->st,
AT_SYMLINK_NOFOLLOW);
}
onefs_adjust_stat_time(handle->conn, smb_fname->base_name,
&smb_fname->st);
TALLOC_FREE(smb_fname_onefs);
return ret;
}
static int tsmsm_set_offline(struct vfs_handle_struct *handle,
const struct smb_filename *fname)
{
struct tsmsm_struct *tsmd = (struct tsmsm_struct *) handle->data;
int result = 0;
char *command;
NTSTATUS status;
char *path;
if (tsmd->hsmscript == NULL) {
/* no script enabled */
DEBUG(1, ("tsmsm_set_offline: No 'tsmsm:hsm script' configured\n"));
return 0;
}
status = get_full_smb_filename(talloc_tos(), fname, &path);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return false;
}
/* Now, call the script */
command = talloc_asprintf(tsmd, "%s offline \"%s\"", tsmd->hsmscript, path);
if(!command) {
DEBUG(1, ("tsmsm_set_offline: can't allocate memory to run hsm script"));
return -1;
}
DEBUG(10, ("tsmsm_set_offline: Running [%s]\n", command));
if((result = smbrun(command, NULL)) != 0) {
DEBUG(1,("tsmsm_set_offline: Running [%s] returned %d\n", command, result));
}
TALLOC_FREE(command);
return result;
}
static int unlink_acl_tdb(vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
{
struct smb_filename *smb_fname_tmp = NULL;
struct db_context *db = acl_db;
NTSTATUS status;
int ret = -1;
status = copy_smb_filename(talloc_tos(), smb_fname, &smb_fname_tmp);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
goto out;
}
if (lp_posix_pathnames()) {
ret = SMB_VFS_LSTAT(handle->conn, smb_fname_tmp);
} else {
ret = SMB_VFS_STAT(handle->conn, smb_fname_tmp);
}
if (ret == -1) {
goto out;
}
ret = unlink_acl_common(handle, smb_fname_tmp);
if (ret == -1) {
goto out;
}
acl_tdb_delete(handle, db, &smb_fname_tmp->st);
out:
return ret;
}
static int streams_xattr_stat(vfs_handle_struct *handle,
struct smb_filename *smb_fname)
{
NTSTATUS status;
int result = -1;
char *xattr_name = NULL;
if (!is_ntfs_stream_smb_fname(smb_fname)) {
return SMB_VFS_NEXT_STAT(handle, smb_fname);
}
/* Note if lp_posix_paths() is true, we can never
* get here as is_ntfs_stream_smb_fname() is
* always false. So we never need worry about
* not following links here. */
/* If the default stream is requested, just stat the base file. */
if (is_ntfs_default_stream_smb_fname(smb_fname)) {
return streams_xattr_stat_base(handle, smb_fname, true);
}
/* Populate the stat struct with info from the base file. */
if (streams_xattr_stat_base(handle, smb_fname, true) == -1) {
return -1;
}
/* Derive the xattr name to lookup. */
status = streams_xattr_get_name(handle, talloc_tos(),
smb_fname->stream_name, &xattr_name);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
/* Augment the base file's stat information before returning. */
smb_fname->st.st_ex_size = get_xattr_size(handle->conn,
smb_fname,
xattr_name);
if (smb_fname->st.st_ex_size == -1) {
SET_STAT_INVALID(smb_fname->st);
errno = ENOENT;
result = -1;
goto fail;
}
smb_fname->st.st_ex_ino = stream_inode(&smb_fname->st, xattr_name);
smb_fname->st.st_ex_mode &= ~S_IFMT;
smb_fname->st.st_ex_mode &= ~S_IFDIR;
smb_fname->st.st_ex_mode |= S_IFREG;
smb_fname->st.st_ex_blocks =
smb_fname->st.st_ex_size / STAT_ST_BLOCKSIZE + 1;
result = 0;
fail:
TALLOC_FREE(xattr_name);
return result;
}
static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp,
SMB_STRUCT_STAT *sbuf)
{
struct smb_filename *smb_fname_base = NULL;
NTSTATUS status;
int ret = -1;
struct stream_io *io = (struct stream_io *)
VFS_FETCH_FSP_EXTENSION(handle, fsp);
DEBUG(10, ("streams_xattr_fstat called for %d\n", fsp->fh->fd));
if (io == NULL || fsp->base_fsp == NULL) {
return SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
}
if (!streams_xattr_recheck(io)) {
return -1;
}
/* Create an smb_filename with stream_name == NULL. */
status = create_synthetic_smb_fname(talloc_tos(),
io->base,
NULL, NULL,
&smb_fname_base);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
if (lp_posix_pathnames()) {
ret = SMB_VFS_LSTAT(handle->conn, smb_fname_base);
} else {
ret = SMB_VFS_STAT(handle->conn, smb_fname_base);
}
*sbuf = smb_fname_base->st;
TALLOC_FREE(smb_fname_base);
if (ret == -1) {
return -1;
}
sbuf->st_ex_size = get_xattr_size(handle->conn, fsp->base_fsp,
io->base, io->xattr_name);
if (sbuf->st_ex_size == -1) {
return -1;
}
DEBUG(10, ("sbuf->st_ex_size = %d\n", (int)sbuf->st_ex_size));
sbuf->st_ex_ino = stream_inode(sbuf, io->xattr_name);
sbuf->st_ex_mode &= ~S_IFMT;
sbuf->st_ex_mode |= S_IFREG;
sbuf->st_ex_blocks = sbuf->st_ex_size / STAT_ST_BLOCKSIZE + 1;
return 0;
}
static SMB_STRUCT_DIR *opendir_acl_common(vfs_handle_struct *handle,
const char *fname, const char *mask, uint32 attr)
{
NTSTATUS status = check_parent_acl_common(handle, fname,
SEC_DIR_LIST, NULL);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return NULL;
}
return SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
}
static int open_acl_xattr(vfs_handle_struct *handle,
const char *fname,
files_struct *fsp,
int flags,
mode_t mode)
{
uint32_t access_granted = 0;
struct security_descriptor *pdesc = NULL;
bool file_existed = true;
NTSTATUS status = get_nt_acl_xattr_internal(handle,
NULL,
fname,
(OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION),
&pdesc);
if (NT_STATUS_IS_OK(status)) {
/* See if we can access it. */
status = smb1_file_se_access_check(pdesc,
handle->conn->server_info->ptok,
fsp->access_mask,
&access_granted);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("open_acl_xattr: file %s open "
"refused with error %s\n",
fname,
nt_errstr(status) ));
errno = map_errno_from_nt_status(status);
return -1;
}
} else if (NT_STATUS_EQUAL(status,NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
file_existed = false;
}
DEBUG(10,("open_acl_xattr: get_nt_acl_attr_internal for "
"file %s returned %s\n",
fname,
nt_errstr(status) ));
fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
if (!file_existed && fsp->fh->fd != -1) {
/* File was created. Inherit from parent directory. */
string_set(&fsp->fsp_name, fname);
inherit_new_acl(handle, fname, fsp, false);
}
return fsp->fh->fd;
}
int onefs_vtimes_streams(vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
int flags, struct timespec times[3])
{
struct smb_filename *smb_fname_onefs = NULL;
int ret;
int dirfd;
int saved_errno;
NTSTATUS status;
START_PROFILE(syscall_ntimes);
if (!is_ntfs_stream_smb_fname(smb_fname)) {
ret = vtimes(smb_fname->base_name, times, flags);
return ret;
}
status = onefs_stream_prep_smb_fname(talloc_tos(), smb_fname,
&smb_fname_onefs);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
/* Default stream (the ::$DATA was just stripped off). */
if (!is_ntfs_stream_smb_fname(smb_fname_onefs)) {
ret = vtimes(smb_fname_onefs->base_name, times, flags);
goto out;
}
dirfd = get_stream_dir_fd(handle->conn, smb_fname->base_name, NULL);
if (dirfd < -1) {
ret = -1;
goto out;
}
ret = enc_vtimesat(dirfd, smb_fname_onefs->stream_name, ENC_DEFAULT,
times, flags);
saved_errno = errno;
close(dirfd);
errno = saved_errno;
out:
END_PROFILE(syscall_ntimes);
TALLOC_FREE(smb_fname_onefs);
return ret;
}
ssize_t
SMBC_write_ctx(SMBCCTX *context,
SMBCFILE *file,
const void *buf,
size_t count)
{
off_t offset;
TALLOC_CTX *frame = talloc_stackframe();
NTSTATUS status;
/* First check all pointers before dereferencing them */
if (!context || !context->internal->initialized) {
errno = EINVAL;
TALLOC_FREE(frame);
return -1;
}
if (!file || !SMBC_dlist_contains(context->internal->files, file)) {
errno = EBADF;
TALLOC_FREE(frame);
return -1;
}
/* Check that the buffer exists ... */
if (buf == NULL) {
errno = EINVAL;
TALLOC_FREE(frame);
return -1;
}
offset = file->offset; /* See "offset" comment in SMBC_read_ctx() */
status = cli_writeall(file->targetcli, file->cli_fd,
0, (const uint8_t *)buf, offset, count, NULL);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
TALLOC_FREE(frame);
return -1;
}
file->offset += count;
TALLOC_FREE(frame);
return count; /* Success, 0 bytes of data ... */
}
static int streams_xattr_unlink(vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
{
NTSTATUS status;
int ret = -1;
char *xattr_name = NULL;
if (!is_ntfs_stream_smb_fname(smb_fname)) {
return SMB_VFS_NEXT_UNLINK(handle, smb_fname);
}
/* If the default stream is requested, just open the base file. */
if (is_ntfs_default_stream_smb_fname(smb_fname)) {
struct smb_filename *smb_fname_base = NULL;
smb_fname_base = cp_smb_filename(talloc_tos(), smb_fname);
if (smb_fname_base == NULL) {
errno = ENOMEM;
return -1;
}
ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname_base);
TALLOC_FREE(smb_fname_base);
return ret;
}
status = streams_xattr_get_name(handle, talloc_tos(),
smb_fname->stream_name, &xattr_name);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
goto fail;
}
ret = SMB_VFS_REMOVEXATTR(handle->conn, smb_fname, xattr_name);
if ((ret == -1) && (errno == ENOATTR)) {
errno = ENOENT;
goto fail;
}
ret = 0;
fail:
TALLOC_FREE(xattr_name);
return ret;
}
int onefs_unlink(vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
{
struct smb_filename *smb_fname_onefs = NULL;
int ret;
int dir_fd, saved_errno;
NTSTATUS status;
/* Not a stream. */
if (!is_ntfs_stream_smb_fname(smb_fname)) {
return SMB_VFS_NEXT_UNLINK(handle, smb_fname);
}
status = onefs_stream_prep_smb_fname(talloc_tos(), smb_fname,
&smb_fname_onefs);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
/* Default stream (the ::$DATA was just stripped off). */
if (!is_ntfs_stream_smb_fname(smb_fname_onefs)) {
ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname_onefs);
goto out;
}
dir_fd = get_stream_dir_fd(handle->conn, smb_fname_onefs->base_name,
NULL);
if (dir_fd < 0) {
ret = -1;
goto out;
}
ret = enc_unlinkat(dir_fd, smb_fname_onefs->stream_name, ENC_DEFAULT,
0);
saved_errno = errno;
close(dir_fd);
errno = saved_errno;
out:
TALLOC_FREE(smb_fname_onefs);
return ret;
}
static int fake_acls_stat(vfs_handle_struct *handle,
struct smb_filename *smb_fname)
{
int ret = -1;
ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
if (ret == 0) {
TALLOC_CTX *frame = talloc_stackframe();
char *path;
struct smb_filename smb_fname_base = {
.base_name = smb_fname->base_name
};
NTSTATUS status;
/*
* As we're calling getxattr directly here
* we need to use only the base_name, not
* the full name containing any stream name.
*/
status = get_full_smb_filename(frame, &smb_fname_base, &path);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
TALLOC_FREE(frame);
return -1;
}
ret = fake_acls_uid(handle, path, &smb_fname->st.st_ex_uid);
if (ret != 0) {
TALLOC_FREE(frame);
return ret;
}
ret = fake_acls_gid(handle, path, &smb_fname->st.st_ex_gid);
if (ret != 0) {
TALLOC_FREE(frame);
return ret;
}
TALLOC_FREE(frame);
}
return ret;
}
static int fake_acls_lstat(vfs_handle_struct *handle,
struct smb_filename *smb_fname)
{
int ret = -1;
ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
if (ret == 0) {
TALLOC_CTX *frame = talloc_stackframe();
char *path;
struct smb_filename smb_fname_base = {
.base_name = smb_fname->base_name
};
NTSTATUS status;
/*
* As we're calling getxattr directly here
* we need to use only the base_name, not
* the full name containing any stream name.
*/
status = get_full_smb_filename(frame, &smb_fname_base, &path);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
TALLOC_FREE(frame);
return -1;
}
/* This isn't quite right (calling getxattr not
* lgetxattr), but for the test purposes of this
* module (fake NT ACLs from windows clients), it is
* close enough. We removed the l*xattr functions
* because linux doesn't support using them, but we
* could fake them in xattr_tdb if we really wanted
* to. We ignore errors because the link might not point anywhere */
fake_acls_uid(handle, path, &smb_fname->st.st_ex_uid);
fake_acls_gid(handle, path, &smb_fname->st.st_ex_gid);
TALLOC_FREE(frame);
}
return ret;
}
static int mkdir_acl_common(vfs_handle_struct *handle, const char *path, mode_t mode)
{
int ret;
NTSTATUS status;
SMB_STRUCT_STAT sbuf;
ret = vfs_stat_smb_fname(handle->conn, path, &sbuf);
if (ret == -1 && errno == ENOENT) {
struct security_descriptor *parent_desc = NULL;
struct security_descriptor *psd = NULL;
/* We're creating a new directory. */
status = check_parent_acl_common(handle, path,
SEC_DIR_ADD_SUBDIR, &parent_desc);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
/* Cache the parent security descriptor for
* later use. We don't have an fsp here so
* use the handle. */
/* Attach this to the conn, move from talloc_tos(). */
psd = (struct security_descriptor *)talloc_move(handle->conn,
&parent_desc);
if (!psd) {
return -1;
}
SMB_VFS_HANDLE_SET_DATA(handle, psd, free_sd_common,
struct security_descriptor *, return -1);
}
return SMB_VFS_NEXT_MKDIR(handle, path, mode);
}
static int streams_xattr_open(vfs_handle_struct *handle,
struct smb_filename *smb_fname,
files_struct *fsp, int flags, mode_t mode)
{
NTSTATUS status;
struct streams_xattr_config *config = NULL;
struct stream_io *sio = NULL;
struct ea_struct ea;
char *xattr_name = NULL;
int pipe_fds[2];
int fakefd = -1;
int ret;
SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
return -1);
DEBUG(10, ("streams_xattr_open called for %s with flags 0x%x\n",
smb_fname_str_dbg(smb_fname), flags));
if (!is_ntfs_stream_smb_fname(smb_fname)) {
return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
}
/* If the default stream is requested, just open the base file. */
if (is_ntfs_default_stream_smb_fname(smb_fname)) {
char *tmp_stream_name;
tmp_stream_name = smb_fname->stream_name;
smb_fname->stream_name = NULL;
ret = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
smb_fname->stream_name = tmp_stream_name;
return ret;
}
status = streams_xattr_get_name(handle, talloc_tos(),
smb_fname->stream_name, &xattr_name);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
goto fail;
}
/*
* Return a valid fd, but ensure any attempt to use it returns an error
* (EPIPE).
*/
ret = pipe(pipe_fds);
if (ret != 0) {
goto fail;
}
close(pipe_fds[1]);
pipe_fds[1] = -1;
fakefd = pipe_fds[0];
status = get_ea_value(talloc_tos(), handle->conn, NULL,
smb_fname, xattr_name, &ea);
DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status)));
if (!NT_STATUS_IS_OK(status)
&& !NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
/*
* The base file is not there. This is an error even if we got
* O_CREAT, the higher levels should have created the base
* file for us.
*/
DEBUG(10, ("streams_xattr_open: base file %s not around, "
"returning ENOENT\n", smb_fname->base_name));
errno = ENOENT;
goto fail;
}
if ((!NT_STATUS_IS_OK(status) && (flags & O_CREAT)) ||
(flags & O_TRUNC)) {
/*
* The attribute does not exist or needs to be truncated
*/
/*
* Darn, xattrs need at least 1 byte
*/
char null = '\0';
DEBUG(10, ("creating or truncating attribute %s on file %s\n",
xattr_name, smb_fname->base_name));
ret = SMB_VFS_SETXATTR(fsp->conn,
smb_fname,
xattr_name,
&null, sizeof(null),
flags & O_EXCL ? XATTR_CREATE : 0);
if (ret != 0) {
goto fail;
}
}
sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL);
if (sio == NULL) {
errno = ENOMEM;
goto fail;
}
sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
xattr_name);
/*
* so->base needs to be a copy of fsp->fsp_name->base_name,
* making it identical to streams_xattr_recheck(). If the
* open is changing directories, fsp->fsp_name->base_name
* will be the full path from the share root, whilst
* smb_fname will be relative to the $cwd.
*/
sio->base = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
fsp->fsp_name->base_name);
sio->fsp_name_ptr = fsp->fsp_name;
sio->handle = handle;
sio->fsp = fsp;
if ((sio->xattr_name == NULL) || (sio->base == NULL)) {
errno = ENOMEM;
goto fail;
}
return fakefd;
fail:
if (fakefd >= 0) {
close(fakefd);
fakefd = -1;
}
return -1;
}
static SMBCSRV *
SMBC_server_internal(TALLOC_CTX *ctx,
SMBCCTX *context,
bool connect_if_not_found,
const char *server,
uint16_t port,
const char *share,
char **pp_workgroup,
char **pp_username,
char **pp_password,
bool *in_cache)
{
SMBCSRV *srv=NULL;
char *workgroup = NULL;
struct cli_state *c = NULL;
const char *server_n = server;
int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
uint32_t fs_attrs = 0;
const char *username_used;
NTSTATUS status;
char *newserver, *newshare;
int flags = 0;
struct smbXcli_tcon *tcon = NULL;
int signing_state = SMB_SIGNING_DEFAULT;
ZERO_STRUCT(c);
*in_cache = false;
if (server[0] == 0) {
errno = EPERM;
return NULL;
}
/* Look for a cached connection */
srv = SMBC_find_server(ctx, context, server, share,
pp_workgroup, pp_username, pp_password);
/*
* If we found a connection and we're only allowed one share per
* server...
*/
if (srv &&
share != NULL && *share != '\0' &&
smbc_getOptionOneSharePerServer(context)) {
/*
* ... then if there's no current connection to the share,
* connect to it. SMBC_find_server(), or rather the function
* pointed to by context->get_cached_srv_fn which
* was called by SMBC_find_server(), will have issued a tree
* disconnect if the requested share is not the same as the
* one that was already connected.
*/
/*
* Use srv->cli->desthost and srv->cli->share instead of
* server and share below to connect to the actual share,
* i.e., a normal share or a referred share from
* 'msdfs proxy' share.
*/
if (!cli_state_has_tcon(srv->cli)) {
/* Ensure we have accurate auth info */
SMBC_call_auth_fn(ctx, context,
smbXcli_conn_remote_name(srv->cli->conn),
srv->cli->share,
pp_workgroup,
pp_username,
pp_password);
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
cli_shutdown(srv->cli);
srv->cli = NULL;
smbc_getFunctionRemoveCachedServer(context)(context,
srv);
return NULL;
}
/*
* We don't need to renegotiate encryption
* here as the encryption context is not per
* tid.
*/
status = cli_tree_connect(srv->cli,
srv->cli->share,
"?????",
*pp_password,
strlen(*pp_password)+1);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
cli_shutdown(srv->cli);
srv->cli = NULL;
smbc_getFunctionRemoveCachedServer(context)(context,
srv);
srv = NULL;
}
/* Determine if this share supports case sensitivity */
if (is_ipc) {
DEBUG(4,
("IPC$ so ignore case sensitivity\n"));
status = NT_STATUS_OK;
} else {
status = cli_get_fs_attr_info(c, &fs_attrs);
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(4, ("Could not retrieve "
"case sensitivity flag: %s.\n",
nt_errstr(status)));
/*
* We can't determine the case sensitivity of
* the share. We have no choice but to use the
* user-specified case sensitivity setting.
*/
if (smbc_getOptionCaseSensitive(context)) {
cli_set_case_sensitive(c, True);
} else {
cli_set_case_sensitive(c, False);
}
} else if (!is_ipc) {
DEBUG(4,
("Case sensitive: %s\n",
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? "True"
: "False")));
cli_set_case_sensitive(
c,
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? True
: False));
}
/*
* Regenerate the dev value since it's based on both
* server and share
*/
if (srv) {
const char *remote_name =
smbXcli_conn_remote_name(srv->cli->conn);
srv->dev = (dev_t)(str_checksum(remote_name) ^
str_checksum(srv->cli->share));
}
}
}
/* If we have a connection... */
if (srv) {
/* ... then we're done here. Give 'em what they came for. */
*in_cache = true;
goto done;
}
/* If we're not asked to connect when a connection doesn't exist... */
if (! connect_if_not_found) {
/* ... then we're done here. */
return NULL;
}
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
return NULL;
}
DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
status = NT_STATUS_UNSUCCESSFUL;
if (smbc_getOptionUseKerberos(context)) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
}
if (smbc_getOptionFallbackAfterKerberos(context)) {
flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
if (smbc_getOptionUseCCache(context)) {
flags |= CLI_FULL_CONNECTION_USE_CCACHE;
}
if (smbc_getOptionUseNTHash(context)) {
flags |= CLI_FULL_CONNECTION_USE_NT_HASH;
}
if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
signing_state = SMB_SIGNING_REQUIRED;
}
if (port == 0) {
if (share == NULL || *share == '\0' || is_ipc) {
/*
* Try 139 first for IPC$
*/
status = cli_connect_nb(server_n, NULL, NBT_SMB_PORT, 0x20,
smbc_getNetbiosName(context),
signing_state, flags, &c);
}
}
if (!NT_STATUS_IS_OK(status)) {
/*
* No IPC$ or 139 did not work
*/
status = cli_connect_nb(server_n, NULL, port, 0x20,
smbc_getNetbiosName(context),
signing_state, flags, &c);
}
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return NULL;
}
cli_set_timeout(c, smbc_getTimeout(context));
status = smbXcli_negprot(c->conn, c->timeout,
lp_client_min_protocol(),
lp_client_max_protocol());
if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(c);
errno = ETIMEDOUT;
return NULL;
}
if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
/* Ensure we ask for some initial credits. */
smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
}
username_used = *pp_username;
if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
*pp_password,
strlen(*pp_password),
*pp_password,
strlen(*pp_password),
*pp_workgroup))) {
/* Failed. Try an anonymous login, if allowed by flags. */
username_used = "";
if (smbc_getOptionNoAutoAnonymousLogin(context) ||
!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
*pp_password, 1,
*pp_password, 0,
*pp_workgroup))) {
cli_shutdown(c);
errno = EPERM;
return NULL;
}
}
DEBUG(4,(" session setup ok\n"));
/* here's the fun part....to support 'msdfs proxy' shares
(on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
here before trying to connect to the original share.
cli_check_msdfs_proxy() will fail if it is a normal share. */
if (smbXcli_conn_dfs_supported(c->conn) &&
cli_check_msdfs_proxy(ctx, c, share,
&newserver, &newshare,
/* FIXME: cli_check_msdfs_proxy() does
not support smbc_smb_encrypt_level type */
context->internal->smb_encryption_level ?
true : false,
*pp_username,
*pp_password,
*pp_workgroup)) {
cli_shutdown(c);
srv = SMBC_server_internal(ctx, context, connect_if_not_found,
newserver, port, newshare, pp_workgroup,
pp_username, pp_password, in_cache);
TALLOC_FREE(newserver);
TALLOC_FREE(newshare);
return srv;
}
/* must be a normal share */
status = cli_tree_connect(c, share, "?????", *pp_password,
strlen(*pp_password)+1);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
cli_shutdown(c);
return NULL;
}
DEBUG(4,(" tconx ok\n"));
if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
tcon = c->smb2.tcon;
} else {
tcon = c->smb1.tcon;
}
/* Determine if this share supports case sensitivity */
if (is_ipc) {
DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
status = NT_STATUS_OK;
} else {
status = cli_get_fs_attr_info(c, &fs_attrs);
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
nt_errstr(status)));
/*
* We can't determine the case sensitivity of the share. We
* have no choice but to use the user-specified case
* sensitivity setting.
*/
if (smbc_getOptionCaseSensitive(context)) {
cli_set_case_sensitive(c, True);
} else {
cli_set_case_sensitive(c, False);
}
} else if (!is_ipc) {
DEBUG(4, ("Case sensitive: %s\n",
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? "True"
: "False")));
smbXcli_tcon_set_fs_attributes(tcon, fs_attrs);
}
if (context->internal->smb_encryption_level) {
/* Attempt UNIX smb encryption. */
if (!NT_STATUS_IS_OK(cli_force_encryption(c,
username_used,
*pp_password,
*pp_workgroup))) {
/*
* context->smb_encryption_level == 1
* means don't fail if encryption can't be negotiated,
* == 2 means fail if encryption can't be negotiated.
*/
DEBUG(4,(" SMB encrypt failed\n"));
if (context->internal->smb_encryption_level == 2) {
cli_shutdown(c);
errno = EPERM;
return NULL;
}
}
DEBUG(4,(" SMB encrypt ok\n"));
}
/*
* Ok, we have got a nice connection
* Let's allocate a server structure.
*/
srv = SMB_MALLOC_P(SMBCSRV);
if (!srv) {
cli_shutdown(c);
errno = ENOMEM;
return NULL;
}
ZERO_STRUCTP(srv);
DLIST_ADD(srv->cli, c);
srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
srv->no_pathinfo = False;
srv->no_pathinfo2 = False;
srv->no_pathinfo3 = False;
srv->no_nt_session = False;
done:
if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) {
workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
} else {
workgroup = *pp_workgroup;
}
if(!workgroup) {
if (c != NULL) {
cli_shutdown(c);
}
SAFE_FREE(srv);
return NULL;
}
/* set the credentials to make DFS work */
smbc_set_credentials_with_fallback(context,
workgroup,
*pp_username,
*pp_password);
return srv;
}
static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp)
{
connection_struct *conn = fsp->conn;
struct smb_filename *smb_dname = fsp->fsp_name;
int ret;
SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
/* Might be a symlink. */
if(SMB_VFS_LSTAT(conn, smb_dname) != 0) {
return map_nt_error_from_unix(errno);
}
if (S_ISLNK(smb_dname->st.st_ex_mode)) {
/* Is what it points to a directory ? */
if(SMB_VFS_STAT(conn, smb_dname) != 0) {
return map_nt_error_from_unix(errno);
}
if (!(S_ISDIR(smb_dname->st.st_ex_mode))) {
return NT_STATUS_NOT_A_DIRECTORY;
}
ret = SMB_VFS_UNLINK(conn, smb_dname);
} else {
ret = SMB_VFS_RMDIR(conn, smb_dname->base_name);
}
if (ret == 0) {
notify_fname(conn, NOTIFY_ACTION_REMOVED,
FILE_NOTIFY_CHANGE_DIR_NAME,
smb_dname->base_name);
return NT_STATUS_OK;
}
if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
/*
* Check to see if the only thing in this directory are
* vetoed files/directories. If so then delete them and
* retry. If we fail to delete any of them (and we *don't*
* do a recursive delete) then fail the rmdir.
*/
SMB_STRUCT_STAT st;
const char *dname = NULL;
char *talloced = NULL;
long dirpos = 0;
struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
smb_dname->base_name, NULL,
0);
if(dir_hnd == NULL) {
errno = ENOTEMPTY;
goto err;
}
while ((dname = ReadDirName(dir_hnd, &dirpos, &st,
&talloced)) != NULL) {
if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0)) {
TALLOC_FREE(talloced);
continue;
}
if (!is_visible_file(conn, smb_dname->base_name, dname,
&st, false)) {
TALLOC_FREE(talloced);
continue;
}
if(!IS_VETO_PATH(conn, dname)) {
TALLOC_FREE(dir_hnd);
TALLOC_FREE(talloced);
errno = ENOTEMPTY;
goto err;
}
TALLOC_FREE(talloced);
}
/* We only have veto files/directories.
* Are we allowed to delete them ? */
if(!lp_recursive_veto_delete(SNUM(conn))) {
TALLOC_FREE(dir_hnd);
errno = ENOTEMPTY;
goto err;
}
/* Do a recursive delete. */
RewindDir(dir_hnd,&dirpos);
while ((dname = ReadDirName(dir_hnd, &dirpos, &st,
&talloced)) != NULL) {
struct smb_filename *smb_dname_full = NULL;
char *fullname = NULL;
bool do_break = true;
NTSTATUS status;
if (ISDOT(dname) || ISDOTDOT(dname)) {
TALLOC_FREE(talloced);
continue;
}
if (!is_visible_file(conn, smb_dname->base_name, dname,
&st, false)) {
TALLOC_FREE(talloced);
continue;
}
fullname = talloc_asprintf(ctx,
"%s/%s",
smb_dname->base_name,
dname);
if(!fullname) {
errno = ENOMEM;
goto err_break;
}
status = create_synthetic_smb_fname(talloc_tos(),
fullname, NULL,
NULL,
&smb_dname_full);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
goto err_break;
}
if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
goto err_break;
}
if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
if(!recursive_rmdir(ctx, conn,
smb_dname_full)) {
goto err_break;
}
if(SMB_VFS_RMDIR(conn,
smb_dname_full->base_name) != 0) {
goto err_break;
}
} else if(SMB_VFS_UNLINK(conn, smb_dname_full) != 0) {
goto err_break;
}
/* Successful iteration. */
do_break = false;
err_break:
TALLOC_FREE(fullname);
TALLOC_FREE(smb_dname_full);
TALLOC_FREE(talloced);
if (do_break)
break;
}
TALLOC_FREE(dir_hnd);
/* Retry the rmdir */
ret = SMB_VFS_RMDIR(conn, smb_dname->base_name);
}
err:
if (ret != 0) {
DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
"%s\n", smb_fname_str_dbg(smb_dname),
strerror(errno)));
return map_nt_error_from_unix(errno);
}
notify_fname(conn, NOTIFY_ACTION_REMOVED,
FILE_NOTIFY_CHANGE_DIR_NAME,
smb_dname->base_name);
return NT_STATUS_OK;
}
int main(int argc,const char *argv[])
{
/* shall I run as a daemon */
bool is_daemon = false;
bool interactive = false;
bool Fork = true;
bool no_process_group = false;
bool log_stdout = false;
char *ports = NULL;
char *profile_level = NULL;
int opt;
poptContext pc;
bool print_build_options = False;
enum {
OPT_DAEMON = 1000,
OPT_INTERACTIVE,
OPT_FORK,
OPT_NO_PROCESS_GROUP,
OPT_LOG_STDOUT
};
struct poptOption long_options[] = {
POPT_AUTOHELP
{"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)" },
{"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)"},
{"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in foreground (for daemontools, etc.)" },
{"no-process-group", '\0', POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
{"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" },
{"build-options", 'b', POPT_ARG_NONE, NULL, 'b', "Print build options" },
{"port", 'p', POPT_ARG_STRING, &ports, 0, "Listen on the specified ports"},
{"profiling-level", 'P', POPT_ARG_STRING, &profile_level, 0, "Set profiling level","PROFILE_LEVEL"},
POPT_COMMON_SAMBA
POPT_TABLEEND
};
struct smbd_parent_context *parent = NULL;
TALLOC_CTX *frame;
NTSTATUS status;
struct tevent_context *ev_ctx;
struct messaging_context *msg_ctx;
struct server_id server_id;
struct tevent_signal *se;
int profiling_level;
char *np_dir = NULL;
static const struct smbd_shim smbd_shim_fns =
{
.cancel_pending_lock_requests_by_fid = smbd_cancel_pending_lock_requests_by_fid,
.send_stat_cache_delete_message = smbd_send_stat_cache_delete_message,
.change_to_root_user = smbd_change_to_root_user,
.become_authenticated_pipe_user = smbd_become_authenticated_pipe_user,
.unbecome_authenticated_pipe_user = smbd_unbecome_authenticated_pipe_user,
.contend_level2_oplocks_begin = smbd_contend_level2_oplocks_begin,
.contend_level2_oplocks_end = smbd_contend_level2_oplocks_end,
.become_root = smbd_become_root,
.unbecome_root = smbd_unbecome_root,
.exit_server = smbd_exit_server,
.exit_server_cleanly = smbd_exit_server_cleanly,
};
/*
* Do this before any other talloc operation
*/
talloc_enable_null_tracking();
frame = talloc_stackframe();
setup_logging(argv[0], DEBUG_DEFAULT_STDOUT);
smb_init_locale();
set_smbd_shim(&smbd_shim_fns);
smbd_init_globals();
TimeInit();
#ifdef HAVE_SET_AUTH_PARAMETERS
set_auth_parameters(argc,argv);
#endif
pc = poptGetContext("smbd", argc, argv, long_options, 0);
while((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
case OPT_DAEMON:
is_daemon = true;
break;
case OPT_INTERACTIVE:
interactive = true;
break;
case OPT_FORK:
Fork = false;
break;
case OPT_NO_PROCESS_GROUP:
no_process_group = true;
break;
case OPT_LOG_STDOUT:
log_stdout = true;
break;
case 'b':
print_build_options = True;
break;
default:
d_fprintf(stderr, "\nInvalid option %s: %s\n\n",
poptBadOption(pc, 0), poptStrerror(opt));
poptPrintUsage(pc, stderr, 0);
exit(1);
}
}
poptFreeContext(pc);
if (interactive) {
Fork = False;
log_stdout = True;
}
if (log_stdout) {
setup_logging(argv[0], DEBUG_STDOUT);
} else {
setup_logging(argv[0], DEBUG_FILE);
}
if (print_build_options) {
build_options(True); /* Display output to screen as well as debug */
exit(0);
}
#ifdef HAVE_SETLUID
/* needed for SecureWare on SCO */
setluid(0);
#endif
set_remote_machine_name("smbd", False);
if (interactive && (DEBUGLEVEL >= 9)) {
talloc_enable_leak_report();
}
if (log_stdout && Fork) {
DEBUG(0,("ERROR: Can't log to stdout (-S) unless daemon is in foreground (-F) or interactive (-i)\n"));
exit(1);
}
/* we want to re-seed early to prevent time delays causing
client problems at a later date. (tridge) */
generate_random_buffer(NULL, 0);
/* get initial effective uid and gid */
sec_init();
/* make absolutely sure we run as root - to handle cases where people
are crazy enough to have it setuid */
gain_root_privilege();
gain_root_group_privilege();
fault_setup();
dump_core_setup("smbd", lp_logfile(talloc_tos()));
/* we are never interested in SIGPIPE */
BlockSignals(True,SIGPIPE);
#if defined(SIGFPE)
/* we are never interested in SIGFPE */
BlockSignals(True,SIGFPE);
#endif
#if defined(SIGUSR2)
/* We are no longer interested in USR2 */
BlockSignals(True,SIGUSR2);
#endif
/* POSIX demands that signals are inherited. If the invoking process has
* these signals masked, we will have problems, as we won't recieve them. */
BlockSignals(False, SIGHUP);
BlockSignals(False, SIGUSR1);
BlockSignals(False, SIGTERM);
/* Ensure we leave no zombies until we
* correctly set up child handling below. */
CatchChild();
/* we want total control over the permissions on created files,
so set our umask to 0 */
umask(0);
reopen_logs();
DEBUG(0,("smbd version %s started.\n", samba_version_string()));
DEBUGADD(0,("%s\n", COPYRIGHT_STARTUP_MESSAGE));
DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n",
(int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid()));
/* Output the build options to the debug log */
build_options(False);
if (sizeof(uint16_t) < 2 || sizeof(uint32_t) < 4) {
DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n"));
exit(1);
}
if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
DEBUG(0, ("error opening config file '%s'\n", get_dyn_CONFIGFILE()));
exit(1);
}
if (!cluster_probe_ok()) {
exit(1);
}
/* Init the security context and global current_user */
init_sec_ctx();
/*
* Initialize the event context. The event context needs to be
* initialized before the messaging context, cause the messaging
* context holds an event context.
* FIXME: This should be s3_tevent_context_init()
*/
ev_ctx = server_event_context();
if (ev_ctx == NULL) {
exit(1);
}
/*
* Init the messaging context
* FIXME: This should only call messaging_init()
*/
msg_ctx = server_messaging_context();
if (msg_ctx == NULL) {
exit(1);
}
/*
* Reloading of the printers will not work here as we don't have a
* server info and rpc services set up. It will be called later.
*/
if (!reload_services(NULL, NULL, false)) {
exit(1);
}
if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
&& !lp_parm_bool(-1, "server role check", "inhibit", false)) {
DEBUG(0, ("server role = 'active directory domain controller' not compatible with running smbd standalone. \n"));
DEBUGADD(0, ("You should start 'samba' instead, and it will control starting smbd if required\n"));
exit(1);
}
/* ...NOTE... Log files are working from this point! */
DEBUG(3,("loaded services\n"));
init_structs();
if (!profile_setup(msg_ctx, False)) {
DEBUG(0,("ERROR: failed to setup profiling\n"));
return -1;
}
if (profile_level != NULL) {
profiling_level = atoi(profile_level);
} else {
profiling_level = lp_smbd_profiling_level();
}
set_profile_level(profiling_level, messaging_server_id(msg_ctx));
if (!is_daemon && !is_a_socket(0)) {
if (!interactive) {
DEBUG(3, ("Standard input is not a socket, "
"assuming -D option\n"));
}
/*
* Setting is_daemon here prevents us from eventually calling
* the open_sockets_inetd()
*/
is_daemon = True;
}
if (is_daemon && !interactive) {
DEBUG(3, ("Becoming a daemon.\n"));
become_daemon(Fork, no_process_group, log_stdout);
}
#if HAVE_SETPGID
/*
* If we're interactive we want to set our own process group for
* signal management.
*/
if (interactive && !no_process_group)
setpgid( (pid_t)0, (pid_t)0);
#endif
if (!directory_exist(lp_lock_directory()))
mkdir(lp_lock_directory(), 0755);
if (!directory_exist(lp_pid_directory()))
mkdir(lp_pid_directory(), 0755);
if (is_daemon)
pidfile_create(lp_pid_directory(), "smbd");
status = reinit_after_fork(msg_ctx, ev_ctx, false, NULL);
if (!NT_STATUS_IS_OK(status)) {
exit_daemon("reinit_after_fork() failed", map_errno_from_nt_status(status));
}
if (!interactive) {
/*
* Do not initialize the parent-child-pipe before becoming a
* daemon: this is used to detect a died parent in the child
* process.
*/
status = init_before_fork();
if (!NT_STATUS_IS_OK(status)) {
exit_daemon(nt_errstr(status), map_errno_from_nt_status(status));
}
}
parent = talloc_zero(ev_ctx, struct smbd_parent_context);
if (!parent) {
exit_server("talloc(struct smbd_parent_context) failed");
}
parent->interactive = interactive;
parent->ev_ctx = ev_ctx;
parent->msg_ctx = msg_ctx;
am_parent = parent;
se = tevent_add_signal(parent->ev_ctx,
parent,
SIGTERM, 0,
smbd_parent_sig_term_handler,
parent);
if (!se) {
exit_server("failed to setup SIGTERM handler");
}
se = tevent_add_signal(parent->ev_ctx,
parent,
SIGHUP, 0,
smbd_parent_sig_hup_handler,
parent);
if (!se) {
exit_server("failed to setup SIGHUP handler");
}
/* Setup all the TDB's - including CLEAR_IF_FIRST tdb's. */
if (smbd_memcache() == NULL) {
exit_daemon("no memcache available", EACCES);
}
memcache_set_global(smbd_memcache());
/* Initialise the password backed before the global_sam_sid
to ensure that we fetch from ldap before we make a domain sid up */
if(!initialize_password_db(false, ev_ctx))
exit(1);
if (!secrets_init()) {
exit_daemon("smbd can not open secrets.tdb", EACCES);
}
if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
struct loadparm_context *lp_ctx = loadparm_init_s3(NULL, loadparm_s3_helpers());
if (!open_schannel_session_store(NULL, lp_ctx)) {
exit_daemon("ERROR: Samba cannot open schannel store for secured NETLOGON operations.", EACCES);
}
TALLOC_FREE(lp_ctx);
}
if(!get_global_sam_sid()) {
exit_daemon("Samba cannot create a SAM SID", EACCES);
}
server_id = messaging_server_id(msg_ctx);
status = smbXsrv_version_global_init(&server_id);
if (!NT_STATUS_IS_OK(status)) {
exit_daemon("Samba cannot init server context", EACCES);
}
status = smbXsrv_session_global_init();
if (!NT_STATUS_IS_OK(status)) {
exit_daemon("Samba cannot init session context", EACCES);
}
status = smbXsrv_tcon_global_init();
if (!NT_STATUS_IS_OK(status)) {
exit_daemon("Samba cannot init tcon context", EACCES);
}
if (!locking_init())
exit_daemon("Samba cannot init locking", EACCES);
if (!leases_db_init(false)) {
exit_daemon("Samba cannot init leases", EACCES);
}
if (!smbd_notifyd_init(msg_ctx, interactive)) {
exit_daemon("Samba cannot init notification", EACCES);
}
if (!messaging_parent_dgm_cleanup_init(msg_ctx)) {
exit(1);
}
if (!smbd_scavenger_init(NULL, msg_ctx, ev_ctx)) {
exit_daemon("Samba cannot init scavenging", EACCES);
}
if (!serverid_parent_init(ev_ctx)) {
exit_daemon("Samba cannot init server id", EACCES);
}
if (!W_ERROR_IS_OK(registry_init_full()))
exit_daemon("Samba cannot init registry", EACCES);
/* Open the share_info.tdb here, so we don't have to open
after the fork on every single connection. This is a small
performance improvment and reduces the total number of system
fds used. */
if (!share_info_db_init()) {
exit_daemon("ERROR: failed to load share info db.", EACCES);
}
status = init_system_session_info();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("ERROR: failed to setup system user info: %s.\n",
nt_errstr(status)));
return -1;
}
if (!init_guest_info()) {
DEBUG(0,("ERROR: failed to setup guest info.\n"));
return -1;
}
if (!file_init_global()) {
DEBUG(0, ("ERROR: file_init_global() failed\n"));
return -1;
}
status = smbXsrv_open_global_init();
if (!NT_STATUS_IS_OK(status)) {
exit_daemon("Samba cannot init global open", map_errno_from_nt_status(status));
}
/* This MUST be done before start_epmd() because otherwise
* start_epmd() forks and races against dcesrv_ep_setup() to
* call directory_create_or_exist() */
if (!directory_create_or_exist(lp_ncalrpc_dir(), 0755)) {
DEBUG(0, ("Failed to create pipe directory %s - %s\n",
lp_ncalrpc_dir(), strerror(errno)));
return -1;
}
np_dir = talloc_asprintf(talloc_tos(), "%s/np", lp_ncalrpc_dir());
if (!np_dir) {
DEBUG(0, ("%s: Out of memory\n", __location__));
return -1;
}
if (!directory_create_or_exist_strict(np_dir, geteuid(), 0700)) {
DEBUG(0, ("Failed to create pipe directory %s - %s\n",
np_dir, strerror(errno)));
return -1;
}
if (is_daemon && !interactive) {
if (rpc_epmapper_daemon() == RPC_DAEMON_FORK) {
start_epmd(ev_ctx, msg_ctx);
}
}
if (!dcesrv_ep_setup(ev_ctx, msg_ctx)) {
exit_daemon("Samba cannot setup ep pipe", EACCES);
}
if (is_daemon && !interactive) {
daemon_ready("smbd");
}
/* only start other daemons if we are running as a daemon
* -- bad things will happen if smbd is launched via inetd
* and we fork a copy of ourselves here */
if (is_daemon && !interactive) {
if (rpc_lsasd_daemon() == RPC_DAEMON_FORK) {
start_lsasd(ev_ctx, msg_ctx);
}
if (rpc_fss_daemon() == RPC_DAEMON_FORK) {
start_fssd(ev_ctx, msg_ctx);
}
if (!lp__disable_spoolss() &&
(rpc_spoolss_daemon() != RPC_DAEMON_DISABLED)) {
bool bgq = lp_parm_bool(-1, "smbd", "backgroundqueue", true);
if (!printing_subsystem_init(ev_ctx, msg_ctx, true, bgq)) {
exit_daemon("Samba failed to init printing subsystem", EACCES);
}
}
#ifdef WITH_SPOTLIGHT
if ((rpc_mdssvc_mode() == RPC_SERVICE_MODE_EXTERNAL) &&
(rpc_mdssd_daemon() == RPC_DAEMON_FORK)) {
start_mdssd(ev_ctx, msg_ctx);
}
#endif
} else if (!lp__disable_spoolss() &&
(rpc_spoolss_daemon() != RPC_DAEMON_DISABLED)) {
if (!printing_subsystem_init(ev_ctx, msg_ctx, false, false)) {
exit(1);
}
}
if (!is_daemon) {
int sock;
/* inetd mode */
TALLOC_FREE(frame);
/* Started from inetd. fd 0 is the socket. */
/* We will abort gracefully when the client or remote system
goes away */
sock = dup(0);
/* close stdin, stdout (if not logging to it), but not stderr */
close_low_fds(true, !debug_get_output_is_stdout(), false);
#ifdef HAVE_ATEXIT
atexit(killkids);
#endif
/* Stop zombies */
smbd_setup_sig_chld_handler(parent);
smbd_process(ev_ctx, msg_ctx, sock, true);
exit_server_cleanly(NULL);
return(0);
}
if (!open_sockets_smbd(parent, ev_ctx, msg_ctx, ports))
exit_server("open_sockets_smbd() failed");
/* do a printer update now that all messaging has been set up,
* before we allow clients to start connecting */
if (!lp__disable_spoolss() &&
(rpc_spoolss_daemon() != RPC_DAEMON_DISABLED)) {
printing_subsystem_update(ev_ctx, msg_ctx, false);
}
TALLOC_FREE(frame);
/* make sure we always have a valid stackframe */
frame = talloc_stackframe();
if (!Fork) {
/* if we are running in the foreground then look for
EOF on stdin, and exit if it happens. This allows
us to die if the parent process dies
Only do this on a pipe or socket, no other device.
*/
struct stat st;
if (fstat(0, &st) != 0) {
return false;
}
if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
tevent_add_fd(ev_ctx,
parent,
0,
TEVENT_FD_READ,
smbd_stdin_handler,
NULL);
}
}
smbd_parent_loop(ev_ctx, parent);
exit_server_cleanly(NULL);
TALLOC_FREE(frame);
return(0);
}
static bool tsmsm_is_offline(struct vfs_handle_struct *handle,
const struct smb_filename *fname,
SMB_STRUCT_STAT *stbuf)
{
struct tsmsm_struct *tsmd = (struct tsmsm_struct *) handle->data;
const dm_sessid_t *dmsession_id;
void *dmhandle = NULL;
size_t dmhandle_len = 0;
size_t rlen;
dm_attrname_t dmname;
int ret, lerrno;
bool offline;
char *buf = NULL;
size_t buflen;
NTSTATUS status;
char *path;
status = get_full_smb_filename(talloc_tos(), fname, &path);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return false;
}
/* if the file has more than FILE_IS_ONLINE_RATIO of blocks available,
then assume it is not offline (it may not be 100%, as it could be sparse) */
if (512 * stbuf->st_ex_blocks >=
stbuf->st_ex_size * tsmd->online_ratio) {
DEBUG(10,("%s not offline: st_blocks=%llu st_size=%llu "
"online_ratio=%.2f\n", path,
(unsigned long long)stbuf->st_ex_blocks,
(unsigned long long)stbuf->st_ex_size, tsmd->online_ratio));
return false;
}
dmsession_id = dmapi_get_current_session();
if (dmsession_id == NULL) {
DEBUG(2, ("tsmsm_is_offline: no DMAPI session available? "
"Assume file is online.\n"));
return false;
}
/* using POSIX capabilities does not work here. It's a slow path, so
* become_root() is just as good anyway (tridge)
*/
/* Also, AIX has DMAPI but no POSIX capablities support. In this case,
* we need to be root to do DMAPI manipulations.
*/
become_root();
/* go the slow DMAPI route */
if (dm_path_to_handle((char*)path, &dmhandle, &dmhandle_len) != 0) {
DEBUG(2,("dm_path_to_handle failed - assuming offline (%s) - %s\n",
path, strerror(errno)));
offline = true;
goto done;
}
memset(&dmname, 0, sizeof(dmname));
strlcpy((char *)&dmname.an_chars[0], tsmd->attrib_name, sizeof(dmname.an_chars));
if (tsmd->attrib_value != NULL) {
buflen = strlen(tsmd->attrib_value);
} else {
buflen = 1;
}
buf = talloc_zero_size(tsmd, buflen);
if (buf == NULL) {
DEBUG(0,("out of memory in tsmsm_is_offline -- assuming online (%s)\n", path));
errno = ENOMEM;
offline = false;
goto done;
}
do {
lerrno = 0;
ret = dm_get_dmattr(*dmsession_id, dmhandle, dmhandle_len,
DM_NO_TOKEN, &dmname, buflen, buf, &rlen);
if (ret == -1 && errno == EINVAL) {
DEBUG(0, ("Stale DMAPI session, re-creating it.\n"));
lerrno = EINVAL;
if (dmapi_new_session()) {
dmsession_id = dmapi_get_current_session();
} else {
DEBUG(0,
("Unable to re-create DMAPI session, assuming offline (%s) - %s\n",
path, strerror(errno)));
offline = true;
dm_handle_free(dmhandle, dmhandle_len);
goto done;
}
}
} while (ret == -1 && lerrno == EINVAL);
/* check if we need a specific attribute value */
if (tsmd->attrib_value != NULL) {
offline = (ret == 0 && rlen == buflen &&
memcmp(buf, tsmd->attrib_value, buflen) == 0);
} else {
/* its offline if the specified DMAPI attribute exists */
offline = (ret == 0 || (ret == -1 && errno == E2BIG));
}
DEBUG(10,("dm_get_dmattr %s ret=%d (%s)\n", path, ret, strerror(errno)));
ret = 0;
dm_handle_free(dmhandle, dmhandle_len);
done:
talloc_free(buf);
unbecome_root();
return offline;
}
int onefs_rename(vfs_handle_struct *handle,
const struct smb_filename *smb_fname_src,
const struct smb_filename *smb_fname_dst)
{
struct smb_filename *smb_fname_src_onefs = NULL;
struct smb_filename *smb_fname_dst_onefs = NULL;
NTSTATUS status;
int saved_errno;
int dir_fd = -1;
int ret = -1;
START_PROFILE(syscall_rename_at);
if (!is_ntfs_stream_smb_fname(smb_fname_src) &&
!is_ntfs_stream_smb_fname(smb_fname_dst)) {
ret = SMB_VFS_NEXT_RENAME(handle, smb_fname_src,
smb_fname_dst);
goto done;
}
/* For now don't allow renames from or to the default stream. */
if (is_ntfs_default_stream_smb_fname(smb_fname_src) ||
is_ntfs_default_stream_smb_fname(smb_fname_dst)) {
DEBUG(3, ("Unable to rename to/from a default stream: %s -> "
"%s\n", smb_fname_str_dbg(smb_fname_src),
smb_fname_str_dbg(smb_fname_dst)));
errno = ENOSYS;
goto done;
}
/* prep stream smb_filename structs. */
status = onefs_stream_prep_smb_fname(talloc_tos(), smb_fname_src,
&smb_fname_src_onefs);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
goto done;
}
status = onefs_stream_prep_smb_fname(talloc_tos(), smb_fname_dst,
&smb_fname_dst_onefs);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
goto done;
}
dir_fd = get_stream_dir_fd(handle->conn, smb_fname_src->base_name,
NULL);
if (dir_fd < -1) {
goto done;
}
DEBUG(8, ("onefs_rename called for %s => %s\n",
smb_fname_str_dbg(smb_fname_src_onefs),
smb_fname_str_dbg(smb_fname_dst_onefs)));
/* Handle rename of stream to default stream specially. */
if (smb_fname_dst_onefs->stream_name == NULL) {
ret = enc_renameat(dir_fd, smb_fname_src_onefs->stream_name,
ENC_DEFAULT, AT_FDCWD,
smb_fname_dst_onefs->base_name,
ENC_DEFAULT);
} else {
ret = enc_renameat(dir_fd, smb_fname_src_onefs->stream_name,
ENC_DEFAULT, dir_fd,
smb_fname_dst_onefs->stream_name,
ENC_DEFAULT);
}
done:
END_PROFILE(syscall_rename_at);
TALLOC_FREE(smb_fname_src_onefs);
TALLOC_FREE(smb_fname_dst_onefs);
saved_errno = errno;
if (dir_fd >= 0) {
close(dir_fd);
}
errno = saved_errno;
return ret;
}
static SMBCSRV *
SMBC_server_internal(TALLOC_CTX *ctx,
SMBCCTX *context,
bool connect_if_not_found,
const char *server,
const char *share,
char **pp_workgroup,
char **pp_username,
char **pp_password,
bool *in_cache)
{
SMBCSRV *srv=NULL;
char *workgroup = NULL;
struct cli_state *c;
struct nmb_name called, calling;
const char *server_n = server;
struct sockaddr_storage ss;
int tried_reverse = 0;
int port_try_first;
int port_try_next;
int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
uint32 fs_attrs = 0;
const char *username_used;
NTSTATUS status;
char *newserver, *newshare;
zero_sockaddr(&ss);
ZERO_STRUCT(c);
*in_cache = false;
if (server[0] == 0) {
errno = EPERM;
return NULL;
}
/* Look for a cached connection */
srv = SMBC_find_server(ctx, context, server, share,
pp_workgroup, pp_username, pp_password);
/*
* If we found a connection and we're only allowed one share per
* server...
*/
if (srv &&
*share != '\0' &&
smbc_getOptionOneSharePerServer(context)) {
/*
* ... then if there's no current connection to the share,
* connect to it. SMBC_find_server(), or rather the function
* pointed to by context->get_cached_srv_fn which
* was called by SMBC_find_server(), will have issued a tree
* disconnect if the requested share is not the same as the
* one that was already connected.
*/
/*
* Use srv->cli->desthost and srv->cli->share instead of
* server and share below to connect to the actual share,
* i.e., a normal share or a referred share from
* 'msdfs proxy' share.
*/
if (srv->cli->cnum == (uint16) -1) {
/* Ensure we have accurate auth info */
SMBC_call_auth_fn(ctx, context,
srv->cli->desthost,
srv->cli->share,
pp_workgroup,
pp_username,
pp_password);
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
cli_shutdown(srv->cli);
srv->cli = NULL;
smbc_getFunctionRemoveCachedServer(context)(context,
srv);
return NULL;
}
/*
* We don't need to renegotiate encryption
* here as the encryption context is not per
* tid.
*/
status = cli_tcon_andx(srv->cli, srv->cli->share, "?????",
*pp_password,
strlen(*pp_password)+1);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
cli_shutdown(srv->cli);
srv->cli = NULL;
smbc_getFunctionRemoveCachedServer(context)(context,
srv);
srv = NULL;
}
/* Determine if this share supports case sensitivity */
if (is_ipc) {
DEBUG(4,
("IPC$ so ignore case sensitivity\n"));
} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
DEBUG(4, ("Could not retrieve "
"case sensitivity flag: %s.\n",
cli_errstr(c)));
/*
* We can't determine the case sensitivity of
* the share. We have no choice but to use the
* user-specified case sensitivity setting.
*/
if (smbc_getOptionCaseSensitive(context)) {
cli_set_case_sensitive(c, True);
} else {
cli_set_case_sensitive(c, False);
}
} else {
DEBUG(4,
("Case sensitive: %s\n",
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? "True"
: "False")));
cli_set_case_sensitive(
c,
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? True
: False));
}
/*
* Regenerate the dev value since it's based on both
* server and share
*/
if (srv) {
srv->dev = (dev_t)(str_checksum(srv->cli->desthost) ^
str_checksum(srv->cli->share));
}
}
}
/* If we have a connection... */
if (srv) {
/* ... then we're done here. Give 'em what they came for. */
*in_cache = true;
goto done;
}
/* If we're not asked to connect when a connection doesn't exist... */
if (! connect_if_not_found) {
/* ... then we're done here. */
return NULL;
}
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
return NULL;
}
make_nmb_name(&calling, smbc_getNetbiosName(context), 0x0);
make_nmb_name(&called , server, 0x20);
DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
again:
zero_sockaddr(&ss);
/* have to open a new connection */
if ((c = cli_initialise()) == NULL) {
errno = ENOMEM;
return NULL;
}
if (smbc_getOptionUseKerberos(context)) {
c->use_kerberos = True;
}
if (smbc_getOptionFallbackAfterKerberos(context)) {
c->fallback_after_kerberos = True;
}
if (smbc_getOptionUseCCache(context)) {
c->use_ccache = True;
}
c->timeout = smbc_getTimeout(context);
/*
* Force use of port 139 for first try if share is $IPC, empty, or
* null, so browse lists can work
*/
if (share == NULL || *share == '\0' || is_ipc) {
port_try_first = 139;
port_try_next = 445;
} else {
port_try_first = 445;
port_try_next = 139;
}
c->port = port_try_first;
status = cli_connect(c, server_n, &ss);
if (!NT_STATUS_IS_OK(status)) {
/* First connection attempt failed. Try alternate port. */
c->port = port_try_next;
status = cli_connect(c, server_n, &ss);
if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(c);
errno = ETIMEDOUT;
return NULL;
}
}
if (!cli_session_request(c, &calling, &called)) {
cli_shutdown(c);
if (strcmp(called.name, "*SMBSERVER")) {
make_nmb_name(&called , "*SMBSERVER", 0x20);
goto again;
} else { /* Try one more time, but ensure we don't loop */
/* Only try this if server is an IP address ... */
if (is_ipaddress(server) && !tried_reverse) {
fstring remote_name;
struct sockaddr_storage rem_ss;
if (!interpret_string_addr(&rem_ss, server,
NI_NUMERICHOST)) {
DEBUG(4, ("Could not convert IP address "
"%s to struct sockaddr_storage\n",
server));
errno = ETIMEDOUT;
return NULL;
}
tried_reverse++; /* Yuck */
if (name_status_find("*", 0, 0,
&rem_ss, remote_name)) {
make_nmb_name(&called,
remote_name,
0x20);
goto again;
}
}
}
errno = ETIMEDOUT;
return NULL;
}
DEBUG(4,(" session request ok\n"));
status = cli_negprot(c);
if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(c);
errno = ETIMEDOUT;
return NULL;
}
username_used = *pp_username;
if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
*pp_password,
strlen(*pp_password),
*pp_password,
strlen(*pp_password),
*pp_workgroup))) {
fprintf(stderr, "JerryLin: Libsmb_server.c->SMBC_server_internal: cli_session_setup fail with username=[%s], password=[%s]\n", username_used, *pp_password);
/* Failed. Try an anonymous login, if allowed by flags. */
username_used = "";
if (smbc_getOptionNoAutoAnonymousLogin(context) ||
!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
*pp_password, 1,
*pp_password, 0,
*pp_workgroup))) {
cli_shutdown(c);
errno = EPERM;
return NULL;
}
}
status = cli_init_creds(c, username_used,
*pp_workgroup, *pp_password);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
cli_shutdown(c);
return NULL;
}
DEBUG(4,(" session setup ok\n"));
/* here's the fun part....to support 'msdfs proxy' shares
(on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
here before trying to connect to the original share.
cli_check_msdfs_proxy() will fail if it is a normal share. */
if ((c->capabilities & CAP_DFS) &&
cli_check_msdfs_proxy(ctx, c, share,
&newserver, &newshare,
/* FIXME: cli_check_msdfs_proxy() does
not support smbc_smb_encrypt_level type */
context->internal->smb_encryption_level ?
true : false,
*pp_username,
*pp_password,
*pp_workgroup)) {
cli_shutdown(c);
srv = SMBC_server_internal(ctx, context, connect_if_not_found,
newserver, newshare, pp_workgroup,
pp_username, pp_password, in_cache);
TALLOC_FREE(newserver);
TALLOC_FREE(newshare);
return srv;
}
/* must be a normal share */
status = cli_tcon_andx(c, share, "?????", *pp_password,
strlen(*pp_password)+1);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
fprintf(stderr, "JerryLin: Libsmb_server.c->SMBC_server_internal: cli_tcon_andx return %08X, errno=[%d]\n", NT_STATUS_V(status), errno);
cli_shutdown(c);
return NULL;
}
DEBUG(4,(" tconx ok\n"));
/* Determine if this share supports case sensitivity */
if (is_ipc) {
DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
cli_errstr(c)));
/*
* We can't determine the case sensitivity of the share. We
* have no choice but to use the user-specified case
* sensitivity setting.
*/
if (smbc_getOptionCaseSensitive(context)) {
cli_set_case_sensitive(c, True);
} else {
cli_set_case_sensitive(c, False);
}
} else {
DEBUG(4, ("Case sensitive: %s\n",
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? "True"
: "False")));
cli_set_case_sensitive(c,
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? True
: False));
}
if (context->internal->smb_encryption_level) {
/* Attempt UNIX smb encryption. */
if (!NT_STATUS_IS_OK(cli_force_encryption(c,
username_used,
*pp_password,
*pp_workgroup))) {
/*
* context->smb_encryption_level == 1
* means don't fail if encryption can't be negotiated,
* == 2 means fail if encryption can't be negotiated.
*/
DEBUG(4,(" SMB encrypt failed\n"));
if (context->internal->smb_encryption_level == 2) {
cli_shutdown(c);
errno = EPERM;
return NULL;
}
}
DEBUG(4,(" SMB encrypt ok\n"));
}
/*
* Ok, we have got a nice connection
* Let's allocate a server structure.
*/
srv = SMB_MALLOC_P(SMBCSRV);
if (!srv) {
cli_shutdown(c);
errno = ENOMEM;
return NULL;
}
ZERO_STRUCTP(srv);
srv->cli = c;
srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
srv->no_pathinfo = False;
srv->no_pathinfo2 = False;
srv->no_nt_session = False;
done:
if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) {
workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
} else {
workgroup = *pp_workgroup;
}
if(!workgroup) {
return NULL;
}
/* set the credentials to make DFS work */
smbc_set_credentials_with_fallback(context,
workgroup,
*pp_username,
*pp_password);
return srv;
}
ssize_t
SMBC_write_ctx(SMBCCTX *context,
SMBCFILE *file,
const void *buf,
size_t count)
{
off_t offset;
char *server = NULL, *share = NULL, *user = NULL, *password = NULL;
char *path = NULL;
char *targetpath = NULL;
struct cli_state *targetcli = NULL;
TALLOC_CTX *frame = talloc_stackframe();
NTSTATUS status;
/* First check all pointers before dereferencing them */
if (!context || !context->internal->initialized) {
errno = EINVAL;
TALLOC_FREE(frame);
return -1;
}
if (!file || !SMBC_dlist_contains(context->internal->files, file)) {
errno = EBADF;
TALLOC_FREE(frame);
return -1;
}
/* Check that the buffer exists ... */
if (buf == NULL) {
errno = EINVAL;
TALLOC_FREE(frame);
return -1;
}
offset = file->offset; /* See "offset" comment in SMBC_read_ctx() */
/*d_printf(">>>write: parsing %s\n", file->fname);*/
if (SMBC_parse_path(frame,
context,
file->fname,
NULL,
&server,
&share,
&path,
&user,
&password,
NULL)) {
errno = EINVAL;
TALLOC_FREE(frame);
return -1;
}
/*d_printf(">>>write: resolving %s\n", path);*/
status = cli_resolve_path(frame, "", context->internal->auth_info,
file->srv->cli, path,
&targetcli, &targetpath);
if (!NT_STATUS_IS_OK(status)) {
d_printf("Could not resolve %s\n", path);
errno = ENOENT;
TALLOC_FREE(frame);
return -1;
}
/*d_printf(">>>write: resolved path as %s\n", targetpath);*/
status = cli_writeall(targetcli, file->cli_fd,
0, (const uint8_t *)buf, offset, count, NULL);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
TALLOC_FREE(frame);
return -1;
}
file->offset += count;
TALLOC_FREE(frame);
return count; /* Success, 0 bytes of data ... */
}
int main(int argc, const char *argv[])
{
bool is_daemon = false;
bool opt_interactive = false;
bool Fork = true;
bool no_process_group = false;
bool log_stdout = false;
poptContext pc;
char *p_lmhosts = NULL;
int opt;
struct messaging_context *msg;
enum {
OPT_DAEMON = 1000,
OPT_INTERACTIVE,
OPT_FORK,
OPT_NO_PROCESS_GROUP,
OPT_LOG_STDOUT
};
struct poptOption long_options[] = {
POPT_AUTOHELP
{"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon(default)" },
{"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)" },
{"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in foreground (for daemontools & etc)" },
{"no-process-group", 0, POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
{"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" },
{"hosts", 'H', POPT_ARG_STRING, &p_lmhosts, 0, "Load a netbios hosts file"},
{"port", 'p', POPT_ARG_INT, &global_nmb_port, 0, "Listen on the specified port" },
POPT_COMMON_SAMBA
POPT_COMMON_DYNCONFIG
POPT_TABLEEND
};
TALLOC_CTX *frame;
NTSTATUS status;
bool ok;
/*
* Do this before any other talloc operation
*/
talloc_enable_null_tracking();
frame = talloc_stackframe();
/*
* We want total control over the permissions on created files,
* so set our umask to 0.
*/
umask(0);
setup_logging(argv[0], DEBUG_DEFAULT_STDOUT);
load_case_tables();
global_nmb_port = NMB_PORT;
pc = poptGetContext("nmbd", argc, argv, long_options, 0);
while ((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
case OPT_DAEMON:
is_daemon = true;
break;
case OPT_INTERACTIVE:
opt_interactive = true;
break;
case OPT_FORK:
Fork = false;
break;
case OPT_NO_PROCESS_GROUP:
no_process_group = true;
break;
case OPT_LOG_STDOUT:
log_stdout = true;
break;
default:
d_fprintf(stderr, "\nInvalid option %s: %s\n\n",
poptBadOption(pc, 0), poptStrerror(opt));
poptPrintUsage(pc, stderr, 0);
exit(1);
}
};
poptFreeContext(pc);
global_in_nmbd = true;
StartupTime = time(NULL);
sys_srandom(time(NULL) ^ getpid());
if (!override_logfile) {
char *lfile = NULL;
if (asprintf(&lfile, "%s/log.nmbd", get_dyn_LOGFILEBASE()) < 0) {
exit(1);
}
lp_set_logfile(lfile);
SAFE_FREE(lfile);
}
fault_setup();
dump_core_setup("nmbd", lp_logfile(talloc_tos()));
/* POSIX demands that signals are inherited. If the invoking process has
* these signals masked, we will have problems, as we won't receive them. */
BlockSignals(False, SIGHUP);
BlockSignals(False, SIGUSR1);
BlockSignals(False, SIGTERM);
#if defined(SIGFPE)
/* we are never interested in SIGFPE */
BlockSignals(True,SIGFPE);
#endif
/* We no longer use USR2... */
#if defined(SIGUSR2)
BlockSignals(True, SIGUSR2);
#endif
/* Ignore children - no zombies. */
CatchChild();
if ( opt_interactive ) {
Fork = False;
log_stdout = True;
}
if ( log_stdout && Fork ) {
DEBUG(0,("ERROR: Can't log to stdout (-S) unless daemon is in foreground (-F) or interactive (-i)\n"));
exit(1);
}
if (log_stdout) {
setup_logging(argv[0], DEBUG_STDOUT);
} else {
setup_logging( argv[0], DEBUG_FILE);
}
reopen_logs();
DEBUG(0,("nmbd version %s started.\n", samba_version_string()));
DEBUGADD(0,("%s\n", COPYRIGHT_STARTUP_MESSAGE));
if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
DEBUG(0, ("error opening config file '%s'\n", get_dyn_CONFIGFILE()));
exit(1);
}
reopen_logs();
if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
&& !lp_parm_bool(-1, "server role check", "inhibit", false)) {
/* TODO: when we have a merged set of defaults for
* loadparm, we could possibly check if the internal
* nbt server is in the list, and allow a startup if disabled */
DEBUG(0, ("server role = 'active directory domain controller' not compatible with running nmbd standalone. \n"));
DEBUGADD(0, ("You should start 'samba' instead, and it will control starting the internal nbt server\n"));
exit(1);
}
msg = messaging_init(NULL, server_event_context());
if (msg == NULL) {
return 1;
}
if ( !reload_nmbd_services(False) )
return(-1);
if(!init_names())
return -1;
reload_nmbd_services( True );
if (strequal(lp_workgroup(),"*")) {
DEBUG(0,("ERROR: a workgroup name of * is no longer supported\n"));
exit(1);
}
set_samba_nb_type();
if (!is_daemon && !is_a_socket(0)) {
DEBUG(0,("standard input is not a socket, assuming -D option\n"));
is_daemon = True;
}
if (is_daemon && !opt_interactive) {
DEBUG( 2, ( "Becoming a daemon.\n" ) );
become_daemon(Fork, no_process_group, log_stdout);
}
#if HAVE_SETPGID
/*
* If we're interactive we want to set our own process group for
* signal management.
*/
if (opt_interactive && !no_process_group)
setpgid( (pid_t)0, (pid_t)0 );
#endif
#ifndef SYNC_DNS
/* Setup the async dns. We do it here so it doesn't have all the other
stuff initialised and thus chewing memory and sockets */
if(lp_we_are_a_wins_server() && lp_wins_dns_proxy()) {
start_async_dns(msg);
}
#endif
ok = directory_create_or_exist(lp_lockdir(), geteuid(), 0755);
if (!ok) {
exit_daemon("Failed to create directory for lock files, check 'lock directory'", errno);
}
ok = directory_create_or_exist(lp_piddir(), geteuid(), 0755);
if (!ok) {
exit_daemon("Failed to create directory for pid files, check 'pid directory'", errno);
}
pidfile_create(lp_piddir(), "nmbd");
status = reinit_after_fork(msg, nmbd_event_context(),
false);
if (!NT_STATUS_IS_OK(status)) {
exit_daemon("reinit_after_fork() failed", map_errno_from_nt_status(status));
}
/*
* Do not initialize the parent-child-pipe before becoming
* a daemon: this is used to detect a died parent in the child
* process.
*/
status = init_before_fork();
if (!NT_STATUS_IS_OK(status)) {
exit_daemon(nt_errstr(status), map_errno_from_nt_status(status));
}
if (!nmbd_setup_sig_term_handler(msg))
exit_daemon("NMBD failed to setup signal handler", EINVAL);
if (!nmbd_setup_stdin_handler(msg, !Fork))
exit_daemon("NMBD failed to setup stdin handler", EINVAL);
if (!nmbd_setup_sig_hup_handler(msg))
exit_daemon("NMBD failed to setup SIGHUP handler", EINVAL);
/* get broadcast messages */
if (!serverid_register(messaging_server_id(msg),
FLAG_MSG_GENERAL |
FLAG_MSG_NMBD |
FLAG_MSG_DBWRAP)) {
exit_daemon("Could not register NMBD process in serverid.tdb", EACCES);
}
messaging_register(msg, NULL, MSG_FORCE_ELECTION,
nmbd_message_election);
#if 0
/* Until winsrepl is done. */
messaging_register(msg, NULL, MSG_WINS_NEW_ENTRY,
nmbd_wins_new_entry);
#endif
messaging_register(msg, NULL, MSG_SHUTDOWN,
nmbd_terminate);
messaging_register(msg, NULL, MSG_SMB_CONF_UPDATED,
msg_reload_nmbd_services);
messaging_register(msg, NULL, MSG_SEND_PACKET,
msg_nmbd_send_packet);
TimeInit();
DEBUG( 3, ( "Opening sockets %d\n", global_nmb_port ) );
if ( !open_sockets( is_daemon, global_nmb_port ) ) {
kill_async_dns_child();
return 1;
}
/* Determine all the IP addresses we have. */
load_interfaces();
/* Create an nmbd subnet record for each of the above. */
if( False == create_subnets() ) {
kill_async_dns_child();
exit_daemon("NMBD failed when creating subnet lists", EACCES);
}
/* Load in any static local names. */
if (p_lmhosts) {
set_dyn_LMHOSTSFILE(p_lmhosts);
}
load_lmhosts_file(get_dyn_LMHOSTSFILE());
DEBUG(3,("Loaded hosts file %s\n", get_dyn_LMHOSTSFILE()));
/* If we are acting as a WINS server, initialise data structures. */
if( !initialise_wins() ) {
kill_async_dns_child();
exit_daemon( "NMBD failed when initialising WINS server.", EACCES);
}
/*
* Register nmbd primary workgroup and nmbd names on all
* the broadcast subnets, and on the WINS server (if specified).
* Also initiate the startup of our primary workgroup (start
* elections if we are setup as being able to be a local
* master browser.
*/
if( False == register_my_workgroup_and_names() ) {
kill_async_dns_child();
exit_daemon( "NMBD failed when creating my workgroup.", EACCES);
}
if (!initialize_nmbd_proxy_logon()) {
kill_async_dns_child();
exit_daemon( "NMBD failed to setup nmbd_proxy_logon.", EACCES);
}
if (!nmbd_init_packet_server()) {
kill_async_dns_child();
exit_daemon( "NMBD failed to setup packet server.", EACCES);
}
if (is_daemon && !opt_interactive) {
daemon_ready("nmbd");
}
TALLOC_FREE(frame);
process(msg);
kill_async_dns_child();
return(0);
}
static int streams_xattr_rename(vfs_handle_struct *handle,
const struct smb_filename *smb_fname_src,
const struct smb_filename *smb_fname_dst)
{
NTSTATUS status;
int ret = -1;
char *src_xattr_name = NULL;
char *dst_xattr_name = NULL;
bool src_is_stream, dst_is_stream;
ssize_t oret;
ssize_t nret;
struct ea_struct ea;
src_is_stream = is_ntfs_stream_smb_fname(smb_fname_src);
dst_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
if (!src_is_stream && !dst_is_stream) {
return SMB_VFS_NEXT_RENAME(handle, smb_fname_src,
smb_fname_dst);
}
/* For now don't allow renames from or to the default stream. */
if (is_ntfs_default_stream_smb_fname(smb_fname_src) ||
is_ntfs_default_stream_smb_fname(smb_fname_dst)) {
errno = ENOSYS;
goto done;
}
/* Don't rename if the streams are identical. */
if (strcasecmp_m(smb_fname_src->stream_name,
smb_fname_dst->stream_name) == 0) {
goto done;
}
/* Get the xattr names. */
status = streams_xattr_get_name(handle, talloc_tos(),
smb_fname_src->stream_name,
&src_xattr_name);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
goto fail;
}
status = streams_xattr_get_name(handle, talloc_tos(),
smb_fname_dst->stream_name,
&dst_xattr_name);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
goto fail;
}
/* read the old stream */
status = get_ea_value(talloc_tos(), handle->conn, NULL,
smb_fname_src, src_xattr_name, &ea);
if (!NT_STATUS_IS_OK(status)) {
errno = ENOENT;
goto fail;
}
/* (over)write the new stream */
nret = SMB_VFS_SETXATTR(handle->conn, smb_fname_src,
dst_xattr_name, ea.value.data, ea.value.length,
0);
if (nret < 0) {
if (errno == ENOATTR) {
errno = ENOENT;
}
goto fail;
}
/* remove the old stream */
oret = SMB_VFS_REMOVEXATTR(handle->conn, smb_fname_src,
src_xattr_name);
if (oret < 0) {
if (errno == ENOATTR) {
errno = ENOENT;
}
goto fail;
}
done:
errno = 0;
ret = 0;
fail:
TALLOC_FREE(src_xattr_name);
TALLOC_FREE(dst_xattr_name);
return ret;
}
int file_set_dosmode(connection_struct *conn, struct smb_filename *smb_fname,
uint32 dosmode, const char *parent_dir, bool newfile)
{
int mask=0;
mode_t tmp;
mode_t unixmode;
int ret = -1, lret = -1;
uint32_t old_mode;
struct timespec new_create_timespec;
files_struct *fsp = NULL;
bool need_close = false;
NTSTATUS status;
if (!CAN_WRITE(conn)) {
errno = EROFS;
return -1;
}
/* We only allow READONLY|HIDDEN|SYSTEM|DIRECTORY|ARCHIVE here. */
dosmode &= (SAMBA_ATTRIBUTES_MASK | FILE_ATTRIBUTE_OFFLINE);
DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n",
dosmode, smb_fname_str_dbg(smb_fname)));
unixmode = smb_fname->st.st_ex_mode;
get_acl_group_bits(conn, smb_fname->base_name,
&smb_fname->st.st_ex_mode);
if (S_ISDIR(smb_fname->st.st_ex_mode))
dosmode |= FILE_ATTRIBUTE_DIRECTORY;
else
dosmode &= ~FILE_ATTRIBUTE_DIRECTORY;
new_create_timespec = smb_fname->st.st_ex_btime;
old_mode = dos_mode(conn, smb_fname);
if ((dosmode & FILE_ATTRIBUTE_OFFLINE) &&
!(old_mode & FILE_ATTRIBUTE_OFFLINE)) {
lret = SMB_VFS_SET_OFFLINE(conn, smb_fname);
if (lret == -1) {
if (errno == ENOTSUP) {
DEBUG(10, ("Setting FILE_ATTRIBUTE_OFFLINE for "
"%s/%s is not supported.\n",
parent_dir,
smb_fname_str_dbg(smb_fname)));
} else {
DEBUG(0, ("An error occurred while setting "
"FILE_ATTRIBUTE_OFFLINE for "
"%s/%s: %s", parent_dir,
smb_fname_str_dbg(smb_fname),
strerror(errno)));
}
}
}
dosmode &= ~FILE_ATTRIBUTE_OFFLINE;
old_mode &= ~FILE_ATTRIBUTE_OFFLINE;
smb_fname->st.st_ex_btime = new_create_timespec;
/* Store the DOS attributes in an EA by preference. */
if (lp_store_dos_attributes(SNUM(conn))) {
/*
* Don't fall back to using UNIX modes. Finally
* follow the smb.conf manpage.
*/
if (!set_ea_dos_attribute(conn, smb_fname, dosmode)) {
return -1;
}
if (!newfile) {
notify_fname(conn, NOTIFY_ACTION_MODIFIED,
FILE_NOTIFY_CHANGE_ATTRIBUTES,
smb_fname->base_name);
}
smb_fname->st.st_ex_mode = unixmode;
return 0;
}
unixmode = unix_mode(conn, dosmode, smb_fname, parent_dir);
/* preserve the file type bits */
mask |= S_IFMT;
/* preserve the s bits */
mask |= (S_ISUID | S_ISGID);
/* preserve the t bit */
#ifdef S_ISVTX
mask |= S_ISVTX;
#endif
/* possibly preserve the x bits */
if (!MAP_ARCHIVE(conn))
mask |= S_IXUSR;
if (!MAP_SYSTEM(conn))
mask |= S_IXGRP;
if (!MAP_HIDDEN(conn))
mask |= S_IXOTH;
unixmode |= (smb_fname->st.st_ex_mode & mask);
/* if we previously had any r bits set then leave them alone */
if ((tmp = smb_fname->st.st_ex_mode & (S_IRUSR|S_IRGRP|S_IROTH))) {
unixmode &= ~(S_IRUSR|S_IRGRP|S_IROTH);
unixmode |= tmp;
}
/* if we previously had any w bits set then leave them alone
whilst adding in the new w bits, if the new mode is not rdonly */
if (!IS_DOS_READONLY(dosmode)) {
unixmode |= (smb_fname->st.st_ex_mode & (S_IWUSR|S_IWGRP|S_IWOTH));
}
/*
* From the chmod 2 man page:
*
* "If the calling process is not privileged, and the group of the file
* does not match the effective group ID of the process or one of its
* supplementary group IDs, the S_ISGID bit will be turned off, but
* this will not cause an error to be returned."
*
* Simply refuse to do the chmod in this case.
*/
if (S_ISDIR(smb_fname->st.st_ex_mode) && (unixmode & S_ISGID) &&
geteuid() != sec_initial_uid() &&
!current_user_in_group(conn, smb_fname->st.st_ex_gid)) {
DEBUG(3,("file_set_dosmode: setgid bit cannot be "
"set for directory %s\n",
smb_fname_str_dbg(smb_fname)));
errno = EPERM;
return -1;
}
ret = SMB_VFS_CHMOD(conn, smb_fname->base_name, unixmode);
if (ret == 0) {
if(!newfile || (lret != -1)) {
notify_fname(conn, NOTIFY_ACTION_MODIFIED,
FILE_NOTIFY_CHANGE_ATTRIBUTES,
smb_fname->base_name);
}
smb_fname->st.st_ex_mode = unixmode;
return 0;
}
if((errno != EPERM) && (errno != EACCES))
return -1;
if(!lp_dos_filemode(SNUM(conn)))
return -1;
/* We want DOS semantics, ie allow non owner with write permission to change the
bits on a file. Just like file_ntimes below.
*/
if (!can_write_to_file(conn, smb_fname)) {
errno = EACCES;
return -1;
}
/*
* We need to get an open file handle to do the
* metadata operation under root.
*/
status = get_file_handle_for_metadata(conn,
smb_fname,
&fsp,
&need_close);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
become_root();
ret = SMB_VFS_FCHMOD(fsp, unixmode);
unbecome_root();
if (need_close) {
close_file(NULL, fsp, NORMAL_CLOSE);
}
if (!newfile) {
notify_fname(conn, NOTIFY_ACTION_MODIFIED,
FILE_NOTIFY_CHANGE_ATTRIBUTES,
smb_fname->base_name);
}
if (ret == 0) {
smb_fname->st.st_ex_mode = unixmode;
}
return( ret );
}
static int open_acl_common(vfs_handle_struct *handle,
struct smb_filename *smb_fname,
files_struct *fsp,
int flags,
mode_t mode)
{
uint32_t access_granted = 0;
struct security_descriptor *pdesc = NULL;
struct security_descriptor *parent_desc = NULL;
bool file_existed = true;
char *fname = NULL;
NTSTATUS status;
if (fsp->base_fsp) {
/* Stream open. Base filename open already did the ACL check. */
DEBUG(10,("open_acl_common: stream open on %s\n",
fsp_str_dbg(fsp) ));
return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
}
status = get_full_smb_filename(talloc_tos(), smb_fname,
&fname);
if (!NT_STATUS_IS_OK(status)) {
goto err;
}
status = get_nt_acl_internal(handle,
NULL,
fname,
(OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION),
&pdesc);
if (NT_STATUS_IS_OK(status)) {
/* See if we can access it. */
status = smb1_file_se_access_check(handle->conn,
pdesc,
handle->conn->server_info->ptok,
fsp->access_mask,
&access_granted);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("open_acl_xattr: %s open "
"refused with error %s\n",
fsp_str_dbg(fsp),
nt_errstr(status) ));
goto err;
}
} else if (NT_STATUS_EQUAL(status,NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
file_existed = false;
/*
* If O_CREAT is true then we're trying to create a file.
* Check the parent directory ACL will allow this.
*/
if (flags & O_CREAT) {
struct security_descriptor *psd = NULL;
status = check_parent_acl_common(handle, fname,
SEC_DIR_ADD_FILE, &parent_desc);
if (!NT_STATUS_IS_OK(status)) {
goto err;
}
/* Cache the parent security descriptor for
* later use. We do have an fsp here, but to
* keep the code consistent with the directory
* case which doesn't, use the handle. */
/* Attach this to the conn, move from talloc_tos(). */
psd = (struct security_descriptor *)talloc_move(handle->conn,
&parent_desc);
if (!psd) {
status = NT_STATUS_NO_MEMORY;
goto err;
}
status = NT_STATUS_NO_MEMORY;
SMB_VFS_HANDLE_SET_DATA(handle, psd, free_sd_common,
struct security_descriptor *, goto err);
status = NT_STATUS_OK;
}
}
DEBUG(10,("open_acl_xattr: get_nt_acl_attr_internal for "
"%s returned %s\n",
fsp_str_dbg(fsp),
nt_errstr(status) ));
fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
return fsp->fh->fd;
err:
errno = map_errno_from_nt_status(status);
return -1;
}
