static void dump_service_stats(void)
{
int is = 0;
if (service_stats_setup(True) && service_h->count > 0) {
d_printf("\n%-15s %-21s%-21s\n", "Share", "OpCount", "ByteCount");
d_printf("-------------------------------------------------------------------\n");
for (is = 0; is < service_h->count && lp_const_servicename(is); is++)
d_printf("%-15s %-21qu %-21qu\n",
lp_servicename(is),
service_c[is].op_count,
service_c[is].byte_count);
} else {
fprintf(stderr,"\nFailed to initialise service_stats memory\n");
}
}
NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
{
NTSTATUS status;
if (*lp_force_user(talloc_tos(), snum)) {
/*
* Replace conn->session_info with a completely faked up one
* from the username we are forced into :-)
*/
char *fuser;
char *sanitized_username;
struct auth_session_info *forced_serverinfo;
bool guest;
fuser = talloc_string_sub(conn, lp_force_user(talloc_tos(), snum), "%S",
lp_const_servicename(snum));
if (fuser == NULL) {
return NT_STATUS_NO_MEMORY;
}
guest = security_session_user_level(conn->session_info, NULL) < SECURITY_USER;
status = make_session_info_from_username(
conn, fuser,
guest,
&forced_serverinfo);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* We don't want to replace the original sanitized_username
as it is the original user given in the connect attempt.
This is used in '%U' substitutions. */
sanitized_username = discard_const_p(char,
forced_serverinfo->unix_info->sanitized_username);
TALLOC_FREE(sanitized_username);
forced_serverinfo->unix_info->sanitized_username =
talloc_move(forced_serverinfo->unix_info,
&conn->session_info->unix_info->sanitized_username);
TALLOC_FREE(conn->session_info);
conn->session_info = forced_serverinfo;
conn->force_user = true;
DEBUG(3,("Forced user %s\n", fuser));
}
/*
* If force group is true, then override
* any groupid stored for the connecting user.
*/
if (*lp_force_group(talloc_tos(), snum)) {
status = find_forced_group(
conn->force_user, snum, conn->session_info->unix_info->unix_name,
&conn->session_info->security_token->sids[1],
&conn->session_info->unix_token->gid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/*
* We need to cache this gid, to use within
* change_to_user() separately from the conn->session_info
* struct. We only use conn->session_info directly if
* "force_user" was set.
*/
conn->force_group_gid = conn->session_info->unix_token->gid;
}
return NT_STATUS_OK;
}
/**
* @brief Purge stale printers and reload from pre-populated pcap cache.
*
* This function should normally only be called as a callback on a successful
* pcap_cache_reload().
*
* This function can cause DELETION of printers and drivers from our registry,
* so calling it on a failed pcap reload may REMOVE permanently all printers
* and drivers.
*
* @param[in] ev The event context.
*
* @param[in] msg_ctx The messaging context.
*/
static void delete_and_reload_printers_full(struct tevent_context *ev,
struct messaging_context *msg_ctx)
{
struct auth_session_info *session_info = NULL;
struct spoolss_PrinterInfo2 *pinfo2 = NULL;
int n_services;
int pnum;
int snum;
const char *pname;
const char *sname;
NTSTATUS status;
n_services = lp_numservices();
pnum = lp_servicenumber(PRINTERS_NAME);
status = make_session_info_system(talloc_tos(), &session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("reload_printers: "
"Could not create system session_info\n"));
/* can't remove stale printers before we
* are fully initilized */
return;
}
/*
* Add default config for printers added to smb.conf file and remove
* stale printers
*/
for (snum = 0; snum < n_services; snum++) {
/* avoid removing PRINTERS_NAME */
if (snum == pnum) {
continue;
}
/* skip no-printer services */
if (!snum_is_shared_printer(snum)) {
continue;
}
sname = lp_const_servicename(snum);
pname = lp_printername(session_info, snum);
/* check printer, but avoid removing non-autoloaded printers */
if (lp_autoloaded(snum) && !pcap_printername_ok(pname)) {
DEBUG(3, ("removing stale printer %s\n", pname));
if (is_printer_published(session_info, session_info,
msg_ctx,
NULL,
lp_servicename(session_info,
snum),
&pinfo2)) {
nt_printer_publish(session_info,
session_info,
msg_ctx,
pinfo2,
DSPRINT_UNPUBLISH);
TALLOC_FREE(pinfo2);
}
nt_printer_remove(session_info, session_info, msg_ctx,
pname);
} else {
DEBUG(8, ("Adding default registry entry for printer "
"[%s], if it doesn't exist.\n", sname));
nt_printer_add(session_info, session_info, msg_ctx,
sname);
}
}
/* finally, purge old snums */
delete_and_reload_printers();
TALLOC_FREE(session_info);
}
static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
struct tevent_context *ev,
struct messaging_context *msg,
connection_struct **pconn,
int snum,
const char *path,
const struct auth_session_info *session_info)
{
connection_struct *conn;
char *connpath;
const char *vfs_user;
struct smbd_server_connection *sconn;
const char *servicename = lp_const_servicename(snum);
sconn = talloc_zero(ctx, struct smbd_server_connection);
if (sconn == NULL) {
return NT_STATUS_NO_MEMORY;
}
sconn->ev_ctx = ev;
sconn->msg_ctx = msg;
sconn->sock = -1;
sconn->smb1.echo_handler.trusted_fd = -1;
sconn->smb1.echo_handler.socket_lock_fd = -1;
conn = conn_new(sconn);
if (conn == NULL) {
TALLOC_FREE(sconn);
return NT_STATUS_NO_MEMORY;
}
/* Now we have conn, we need to make sconn a child of conn,
* for a proper talloc tree */
talloc_steal(conn, sconn);
if (snum == -1 && servicename == NULL) {
servicename = "Unknown Service (snum == -1)";
}
connpath = talloc_strdup(conn, path);
if (!connpath) {
TALLOC_FREE(conn);
return NT_STATUS_NO_MEMORY;
}
connpath = talloc_string_sub(conn,
connpath,
"%S",
servicename);
if (!connpath) {
TALLOC_FREE(conn);
return NT_STATUS_NO_MEMORY;
}
/* needed for smbd_vfs_init() */
conn->params->service = snum;
conn->cnum = TID_FIELD_INVALID;
if (session_info != NULL) {
conn->session_info = copy_session_info(conn, session_info);
if (conn->session_info == NULL) {
DEBUG(0, ("copy_serverinfo failed\n"));
TALLOC_FREE(conn);
return NT_STATUS_NO_MEMORY;
}
vfs_user = conn->session_info->unix_info->unix_name;
} else {
/* use current authenticated user in absence of session_info */
vfs_user = get_current_username();
}
set_conn_connectpath(conn, connpath);
/*
* New code to check if there's a share security descripter
* added from NT server manager. This is done after the
* smb.conf checks are done as we need a uid and token. JRA.
*
*/
if (conn->session_info) {
share_access_check(conn->session_info->security_token,
servicename,
MAXIMUM_ALLOWED_ACCESS,
&conn->share_access);
if ((conn->share_access & FILE_WRITE_DATA) == 0) {
if ((conn->share_access & FILE_READ_DATA) == 0) {
/* No access, read or write. */
DEBUG(0,("create_conn_struct: connection to %s "
"denied due to security "
"descriptor.\n",
servicename));
conn_free(conn);
return NT_STATUS_ACCESS_DENIED;
} else {
conn->read_only = true;
}
}
} else {
conn->share_access = 0;
conn->read_only = true;
}
if (!smbd_vfs_init(conn)) {
NTSTATUS status = map_nt_error_from_unix(errno);
DEBUG(0,("create_conn_struct: smbd_vfs_init failed.\n"));
conn_free(conn);
return status;
}
/* this must be the first filesystem operation that we do */
if (SMB_VFS_CONNECT(conn, servicename, vfs_user) < 0) {
DEBUG(0,("VFS connect failed!\n"));
conn_free(conn);
return NT_STATUS_UNSUCCESSFUL;
}
conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn, &conn->ts_res);
*pconn = conn;
return NT_STATUS_OK;
}
