Esempio n. 1
0
bool is_share_read_only_for_token(const char *username,
				  const char *domain,
				  const struct nt_user_token *token,
				  connection_struct *conn)
{
	int snum = SNUM(conn);
	bool result = conn->read_only;

	if (lp_readlist(snum) != NULL) {
		if (token_contains_name_in_list(username, domain,
						lp_servicename(snum), token,
						lp_readlist(snum))) {
			result = True;
		}
	}

	if (lp_writelist(snum) != NULL) {
		if (token_contains_name_in_list(username, domain,
						lp_servicename(snum), token,
						lp_writelist(snum))) {
			result = False;
		}
	}

	DEBUG(10,("is_share_read_only_for_user: share %s is %s for unix user "
		  "%s\n", lp_servicename(snum),
		  result ? "read-only" : "read-write", username));

	return result;
}
Esempio n. 2
0
/****************************************************************************
delete a printer queue entry
****************************************************************************/
void del_printqueue(int cnum,int snum,int jobid)
{
  char *lprm_command = lp_lprmcommand(snum);
  char *printername = PRINTERNAME(snum);
  pstring syscmd;
  char jobstr[20];
  int ret;

  if (!printername || !*printername)
    {
      DEBUG(6,("replacing printer name with service (snum=(%s,%d))\n",
	    lp_servicename(snum),snum));
      printername = lp_servicename(snum);
    }
    
  if (!lprm_command || !(*lprm_command))
    {
      DEBUG(5,("No lprm command\n"));
      return;
    }
    
  slprintf(jobstr,sizeof(jobstr)-1,"%d",jobid);

  pstrcpy(syscmd,lprm_command);
  string_sub(syscmd,"%p",printername);
  string_sub(syscmd,"%j",jobstr);
  standard_sub(cnum,syscmd);

  ret = smbrun(syscmd,NULL,False);
  DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret));  
  lpq_reset(snum); /* queue has changed */
}
Esempio n. 3
0
void fill_share_2(SHARE_INFO_1 *sh1, int snum)
{
	StrnCpy(sh1[0].shi1_netname, "tmp", 13);
	sh1[0].shi1_type = STYPE_DISKTREE;
	sh1[0].shi1_remark = "some weird comment";

	lp_comment(snum);
	lp_pathname(snum);
	StrnCpy(p, lp_servicename(snum), 13);

	type = STYPE_DISKTREE;
	if (lp_print_ok(snum))
		type = STYPE_PRINTQ;
	if (strequal("IPC$", lp_servicename(snum)))
		type = STYPE_IPC;
	lp_comment(snum);
#endif

void fill_share_1(SHARE_INFO_1 *sh1, int snum)
{
	StrnCpy(sh1->shi1_netname, lp_servicename(snum), 13);
	sh1->shi1_remark = lp_comment(snum);
	sh1->shi1_type = STYPE_DISKTREE;
	if (lp_print_ok(snum))
		sh1->shi1_type = STYPE_PRINTQ;
	if (strequal("IPC$", lp_servicename(snum)))
		sh1->shi1_type = STYPE_IPC;
}
Esempio n. 4
0
/****************************************************************************
change status of a printer queue entry
****************************************************************************/
void status_printjob(int cnum,int snum,int jobid,int status)
{
  char *lpstatus_command = 
    (status==LPQ_PAUSED?lp_lppausecommand(snum):lp_lpresumecommand(snum));
  char *printername = PRINTERNAME(snum);
  pstring syscmd;
  char jobstr[20];
  int ret;

  if (!printername || !*printername)
    {
      DEBUG(6,("replacing printer name with service (snum=(%s,%d))\n",
	    lp_servicename(snum),snum));
      printername = lp_servicename(snum);
    }
    
  if (!lpstatus_command || !(*lpstatus_command))
    {
      DEBUG(5,("No lpstatus command to %s job\n",
	       (status==LPQ_PAUSED?"pause":"resume")));
      return;
    }
    
  slprintf(jobstr,sizeof(jobstr)-1,"%d",jobid);

  pstrcpy(syscmd,lpstatus_command);
  string_sub(syscmd,"%p",printername);
  string_sub(syscmd,"%j",jobstr);
  standard_sub(cnum,syscmd);

  ret = smbrun(syscmd,NULL,False);
  DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret));  
  lpq_reset(snum); /* queue has changed */
}
Esempio n. 5
0
/* return true if access should be allowed to a service*/
BOOL check_access(int snum)
{
  char *denyl,*allowl;
  BOOL ret = False;

  denyl = lp_hostsdeny(snum);
  if (denyl) denyl = strdup(denyl);

  allowl = lp_hostsallow(snum);
  if (allowl) allowl = strdup(allowl);

  if ((!denyl || *denyl==0) && (!allowl || *allowl==0))
    ret = True;

  if (!ret)
    {
      if (allow_access(denyl,allowl,client_name(),client_addr()))
	{
	  if (snum >= 0)
	    DEBUG(2,("Allowed connection from %s (%s) to %s\n",
		     client_name(),client_addr(),
		     lp_servicename(snum)));
	  ret = True;
	}
      else
	if (snum >= 0)
	  DEBUG(0,("%s Denied connection from %s (%s) to %s\n",
		   timestring(), client_name(),client_addr(),
		   lp_servicename(snum)));
    }

  if (denyl) free(denyl);
  if (allowl) free(allowl);
  return(ret);
}
Esempio n. 6
0
void close_cnum(connection_struct *conn, uint16 vuid)
{
	file_close_conn(conn);

	if (!IS_IPC(conn)) {
		dptr_closecnum(conn);
	}

	change_to_root_user();

	DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n",
				 get_remote_machine_name(),
				 tsocket_address_string(conn->sconn->remote_address,
							talloc_tos()),
				 lp_servicename(SNUM(conn))));

	/* Call VFS disconnect hook */    
	SMB_VFS_DISCONNECT(conn);

	yield_connection(conn, lp_servicename(SNUM(conn)));

	/* make sure we leave the directory available for unmount */
	vfs_ChDir(conn, "/");

	/* execute any "postexec = " line */
	if (*lp_postexec(SNUM(conn)) && 
	    change_to_user(conn, vuid))  {
		char *cmd = talloc_sub_advanced(talloc_tos(),
					lp_servicename(SNUM(conn)),
					conn->session_info->unix_info->unix_name,
					conn->connectpath,
					conn->session_info->unix_token->gid,
					conn->session_info->unix_info->sanitized_username,
					conn->session_info->info->domain_name,
					lp_postexec(SNUM(conn)));
		smbrun(cmd,NULL);
		TALLOC_FREE(cmd);
		change_to_root_user();
	}

	change_to_root_user();
	/* execute any "root postexec = " line */
	if (*lp_rootpostexec(SNUM(conn)))  {
		char *cmd = talloc_sub_advanced(talloc_tos(),
					lp_servicename(SNUM(conn)),
					conn->session_info->unix_info->unix_name,
					conn->connectpath,
					conn->session_info->unix_token->gid,
					conn->session_info->unix_info->sanitized_username,
					conn->session_info->info->domain_name,
					lp_rootpostexec(SNUM(conn)));
		smbrun(cmd,NULL);
		TALLOC_FREE(cmd);
	}

	conn_free(conn);
}
Esempio n. 7
0
static void standard_sub_advanced(int snum, const char *user, 
				  const char *connectpath, gid_t gid, 
				  const char *smb_name, char *str, size_t len)
{
	char *p, *s, *home;

	for (s=str; (p=strchr_m(s, '%'));s=p) {
		int l = (int)len - (int)(p-str);
	
		if (l < 0)
			l = 0;
	
		switch (*(p+1)) {
		case 'N' :
			string_sub(p,"%N", automount_server(user),l);
			break;
		case 'H':
			if ((home = get_user_home_dir(user)))
				string_sub(p,"%H",home, l);
			else
				p += 2;
			break;
		case 'P': 
			string_sub(p,"%P", connectpath, l); 
			break;
		case 'S': 
			string_sub(p,"%S", lp_servicename(snum), l); 
			break;
		case 'g': 
			string_sub(p,"%g", gidtoname(gid), l); 
			break;
		case 'u': 
			string_sub(p,"%u", user, l); 
			break;
			
			/* Patch from [email protected] Left the %N (NIS
			 * server name) in standard_sub_basic as it is
			 * a feature for logon servers, hence uses the
			 * username.  The %p (NIS server path) code is
			 * here as it is used instead of the default
			 * "path =" string in [homes] and so needs the
			 * service name, not the username.  */
		case 'p': 
			string_sub(p,"%p", automount_path(lp_servicename(snum)), l); 
			break;
		case '\0': 
			p++; 
			break; /* don't run off the end of the string */
			
		default: p+=2; 
			break;
		}
	}

	standard_sub_basic(smb_name, str, len);
}
Esempio n. 8
0
void close_cnum(connection_struct *conn, uint16 vuid)
{
	if (IS_IPC(conn)) {
		pipe_close_conn(conn);
	} else {
		file_close_conn(conn);
		dptr_closecnum(conn);
	}

	change_to_root_user();

	DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n",
				 get_remote_machine_name(),
				 conn->client_address,
				 lp_servicename(SNUM(conn))));

	/* Call VFS disconnect hook */    
	SMB_VFS_DISCONNECT(conn);

	yield_connection(conn, lp_servicename(SNUM(conn)));

	/* make sure we leave the directory available for unmount */
	vfs_ChDir(conn, "/");

	/* execute any "postexec = " line */
	if (*lp_postexec(SNUM(conn)) && 
	    change_to_user(conn, vuid))  {
		pstring cmd;
		pstrcpy(cmd,lp_postexec(SNUM(conn)));
		standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user,
				      conn->connectpath, conn->gid,
				      get_current_username(),
				      current_user_info.domain,
				      cmd, sizeof(cmd));
		smbrun(cmd,NULL);
		change_to_root_user();
	}

	change_to_root_user();
	/* execute any "root postexec = " line */
	if (*lp_rootpostexec(SNUM(conn)))  {
		pstring cmd;
		pstrcpy(cmd,lp_rootpostexec(SNUM(conn)));
		standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user,
				      conn->connectpath, conn->gid,
				      get_current_username(),
				      current_user_info.domain,
				      cmd, sizeof(cmd));
		smbrun(cmd,NULL);
	}

	conn_free(conn);
}
Esempio n. 9
0
static bool user_ok(const char *user, int snum)
{
	char **valid, **invalid;
	bool ret;

	valid = invalid = NULL;
	ret = True;

	if (lp_invalid_users(snum)) {
		invalid = str_list_copy(talloc_tos(), lp_invalid_users(snum));
		if (invalid &&
		    str_list_substitute(invalid, "%S", lp_servicename(snum))) {

			/* This is used in sec=share only, so no current user
			 * around to pass to str_list_sub_basic() */

			if ( invalid && str_list_sub_basic(invalid, "", "") ) {
				ret = !user_in_list(user,
						    (const char **)invalid);
			}
		}
	}
	TALLOC_FREE(invalid);

	if (ret && lp_valid_users(snum)) {
		valid = str_list_copy(talloc_tos(), lp_valid_users(snum));
		if ( valid &&
		     str_list_substitute(valid, "%S", lp_servicename(snum)) ) {

			/* This is used in sec=share only, so no current user
			 * around to pass to str_list_sub_basic() */

			if ( valid && str_list_sub_basic(valid, "", "") ) {
				ret = user_in_list(user, (const char **)valid);
			}
		}
	}
	TALLOC_FREE(valid);

	if (ret && lp_onlyuser(snum)) {
		char **user_list = str_list_make_v3(
			talloc_tos(), lp_username(snum), NULL);
		if (user_list &&
		    str_list_substitute(user_list, "%S",
					lp_servicename(snum))) {
			ret = user_in_list(user, (const char **)user_list);
		}
		TALLOC_FREE(user_list);
	}

	return(ret);
}
Esempio n. 10
0
File: uid.c Progetto: Arkhont/samba
bool change_to_user(connection_struct *conn, uint16_t vuid)
{
	const struct auth_serversupplied_info *session_info = NULL;
	user_struct *vuser;
	int snum = SNUM(conn);

	if (!conn) {
		DEBUG(2,("Connection not open\n"));
		return(False);
	}

	vuser = get_valid_user_struct(conn->sconn, vuid);

	/*
	 * We need a separate check in security=share mode due to vuid
	 * always being UID_FIELD_INVALID. If we don't do this then
	 * in share mode security we are *always* changing uid's between
	 * SMB's - this hurts performance - Badly.
	 */

	if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
	   (current_user.ut.uid == conn->session_info->utok.uid)) {
		DEBUG(4,("Skipping user change - already "
			 "user\n"));
		return(True);
	} else if ((current_user.conn == conn) &&
		   (vuser != NULL) && (current_user.vuid == vuid) &&
		   (current_user.ut.uid == vuser->session_info->utok.uid)) {
		DEBUG(4,("Skipping user change - already "
			 "user\n"));
		return(True);
	}

	session_info = vuser ? vuser->session_info : conn->session_info;

	if (session_info == NULL) {
		/* Invalid vuid sent - even with security = share. */
		DEBUG(2,("Invalid vuid %d used on "
			 "share %s.\n", vuid, lp_servicename(snum) ));
		return false;
	}

	/* security = share sets force_user. */
	if (!conn->force_user && vuser == NULL) {
		DEBUG(2,("Invalid vuid used %d in accessing "
			"share %s.\n", vuid, lp_servicename(snum) ));
		return False;
	}

	return change_to_user_internal(conn, session_info, vuid);
}
Esempio n. 11
0
static BOOL user_ok(const char *user, int snum)
{
	char **valid, **invalid;
	BOOL ret;

	valid = invalid = NULL;
	ret = True;

	if (lp_invalid_users(snum)) {
		str_list_copy(&invalid, lp_invalid_users(snum));
		if (invalid &&
		    str_list_substitute(invalid, "%S", lp_servicename(snum))) {
			if ( invalid &&
			     str_list_sub_basic(invalid,
						current_user_info.smb_name) ) {
				ret = !user_in_list(user,
						    (const char **)invalid);
			}
		}
	}
	if (invalid)
		str_list_free (&invalid);

	if (ret && lp_valid_users(snum)) {
		str_list_copy(&valid, lp_valid_users(snum));
		if ( valid &&
		     str_list_substitute(valid, "%S", lp_servicename(snum)) ) {
			if ( valid &&
			     str_list_sub_basic(valid,
						current_user_info.smb_name) ) {
				ret = user_in_list(user, (const char **)valid);
			}
		}
	}
	if (valid)
		str_list_free (&valid);

	if (ret && lp_onlyuser(snum)) {
		char **user_list = str_list_make (lp_username(snum), NULL);
		if (user_list &&
		    str_list_substitute(user_list, "%S",
					lp_servicename(snum))) {
			ret = user_in_list(user, (const char **)user_list);
		}
		if (user_list) str_list_free (&user_list);
	}

	return(ret);
}
Esempio n. 12
0
connection_struct *make_connection_with_chdir(const char *service_in,
					      DATA_BLOB password, 
					      const char *dev, uint16 vuid,
					      NTSTATUS *status)
{
	connection_struct *conn = NULL;
	
	conn = make_connection(service_in, password, dev, vuid, status);
	
	/*
	 * make_connection() does not change the directory for us any more
	 * so we have to do it as a separate step  --jerry
	 */
	 
	if ( conn && vfs_ChDir(conn,conn->connectpath) != 0 ) {
		DEBUG(0,("move_driver_to_download_area: Can't change "
			 "directory to %s for [print$] (%s)\n",
			 conn->connectpath,strerror(errno)));
		yield_connection(conn, lp_servicename(SNUM(conn)));
		conn_free(conn);
		*status = NT_STATUS_UNSUCCESSFUL;
		return NULL;
	}
	
	return conn;
}
Esempio n. 13
0
static uint32_t create_share_access_mask(int snum,
				bool readonly_share,
				const struct security_token *token)
{
	uint32_t share_access = 0;

	share_access_check(token,
			lp_servicename(talloc_tos(), snum),
			MAXIMUM_ALLOWED_ACCESS,
			&share_access);

	if (readonly_share) {
		share_access &=
			~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
			  SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
			  SEC_DIR_DELETE_CHILD );
	}

	if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
		share_access |= SEC_FLAG_SYSTEM_SECURITY;
	}
	if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
		share_access |= SEC_RIGHTS_PRIV_RESTORE;
	}
	if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
		share_access |= SEC_RIGHTS_PRIV_BACKUP;
	}
	if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
		share_access |= SEC_STD_WRITE_OWNER;
	}

	return share_access;
}
Esempio n. 14
0
bool change_to_user(connection_struct *conn, uint64_t vuid)
{
	struct user_struct *vuser;
	int snum = SNUM(conn);

	if (!conn) {
		DEBUG(2,("Connection not open\n"));
		return(False);
	}

	vuser = get_valid_user_struct(conn->sconn, vuid);

	if ((current_user.conn == conn) &&
		   (vuser != NULL) && (current_user.vuid == vuid) &&
		   (current_user.ut.uid == vuser->session_info->unix_token->uid)) {
		DEBUG(4,("Skipping user change - already "
			 "user\n"));
		return(True);
	}

	if (vuser == NULL) {
		/* Invalid vuid sent */
		DEBUG(2,("Invalid vuid %llu used on share %s.\n",
			 (unsigned long long)vuid, lp_servicename(talloc_tos(),
								  snum)));
		return false;
	}

	return change_to_user_internal(conn, vuser->session_info, vuid);
}
Esempio n. 15
0
/* display a servce, ready for editing */
static void show_service(int snum, int allparameters)
{
	int i = 0;
	pstring label, value;
	char *sname;

	if (snum == GLOBALS_SNUM) 
		sname = SGLOBAL;
	else if (snum == DEFAULTS_SNUM)
		sname = SDEFAULTS;
	else sname = lp_servicename(snum);

	printf("\n<p><table border=0>\n<tr>\n<td></td><td>\n\n");
	printf("<form method=POST>\n");
	printf("<H3>%s</H3>\n", sname);
	printf("<input type=hidden name=service value=\"%s\">\n", sname);
	printf("<input type=submit name=request value=Change>\n");
	printf("<input type=submit name=request value=Rename>\n");
	printf("<input type=submit name=request value=Copy>\n");
	printf("<input type=submit name=request value=Remove>\n");
	printf("<br><input name=newvalue><br>\n");
	printf("<select name=parameter size=5>\n");
	
	while (lp_next_parameter(snum, &i, label, value, allparameters)) {
		printf("<option value=\"%s\">%s = %s\n", 
		       label, label, value);
	}

	printf("</select>\n");
	printf("</form>\n</td>\n</tr>\n</table>\n");

	printf("<p>\n");
}
Esempio n. 16
0
static void recycle_disconnect(vfs_handle_struct *handle)
{
	DEBUG(10,("recycle_disconnect() connect to service[%s].\n",
		lp_servicename(SNUM(handle->conn))));

	SMB_VFS_NEXT_DISCONNECT(handle);
}
Esempio n. 17
0
/*
  return filesystem attribute info
*/
static NTSTATUS svfs_fsattr(struct ntvfs_module_context *ntvfs,
			    struct ntvfs_request *req, union smb_fsattr *fs)
{
	struct stat st;
	struct svfs_private *p = ntvfs->private_data;

	if (fs->generic.level != RAW_FSATTR_GENERIC) {
		return ntvfs_map_fsattr(ntvfs, req, fs);
	}

	if (stat(p->connectpath, &st) == -1) {
		return map_nt_error_from_unix(errno);
	}

	unix_to_nt_time(&fs->generic.out.create_time, st.st_ctime);
	fs->generic.out.fs_attr = 
		FILE_CASE_PRESERVED_NAMES | 
		FILE_CASE_SENSITIVE_SEARCH | 
		FILE_PERSISTENT_ACLS;
	fs->generic.out.max_file_component_length = 255;
	fs->generic.out.serial_number = 1;
	fs->generic.out.fs_type = talloc_strdup(req, "NTFS");
	fs->generic.out.volume_name = talloc_strdup(req, 
						    lp_servicename(req->tcon->service));

	return NT_STATUS_OK;
}
Esempio n. 18
0
void conn_force_tdis(struct smbd_server_connection *sconn, const char *sharename)
{
	connection_struct *conn, *next;
	bool close_all = false;

	if (strcmp(sharename, "*") == 0) {
		close_all = true;
		DEBUG(1, ("conn_force_tdis: Forcing close of all shares\n"));
	}

	/* SMB1 and SMB 2*/
	for (conn = sconn->connections; conn; conn = next) {
		struct smbXsrv_tcon *tcon;
		bool do_close = false;
		NTSTATUS status;
		uint64_t vuid = UID_FIELD_INVALID;

		next = conn->next;

		if (conn->tcon == NULL) {
			continue;
		}
		tcon = conn->tcon;

		if (close_all) {
			do_close = true;
		} else if (strequal(lp_servicename(talloc_tos(), SNUM(conn)),
				    sharename)) {
			DEBUG(1, ("conn_force_tdis: Forcing close of "
				  "share '%s' (wire_id=0x%08x)\n",
				  tcon->global->share_name,
				  tcon->global->tcon_wire_id));
			do_close = true;
		}

		if (!do_close) {
			continue;
		}

		if (sconn->using_smb2) {
			vuid = conn->vuid;
		}

		conn = NULL;
		status = smbXsrv_tcon_disconnect(tcon, vuid);
		if (!NT_STATUS_IS_OK(status)) {
			DEBUG(0, ("conn_force_tdis: "
				  "smbXsrv_tcon_disconnect() of share '%s' "
				  "(wire_id=0x%08x) failed: %s\n",
				  tcon->global->share_name,
				  tcon->global->tcon_wire_id,
				  nt_errstr(status)));
		}

		TALLOC_FREE(tcon);
	}

	change_to_root_user();
	reload_services(sconn, conn_snum_used, true);
}
Esempio n. 19
0
static int greyhole_open(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode)
{
	int result;
	FILE *spoolf;
	char filename[38];
	struct timeval tp;

	result = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);

	if (result >= 0) {
		if ((flags & O_WRONLY) || (flags & O_RDWR)) {
			gettimeofday(&tp, (struct timezone *) NULL);
			snprintf(filename, 37, "/var/spool/greyhole/%.0f", ((double) (tp.tv_sec)*1000000.0) + (((double) tp.tv_usec)));
			spoolf = fopen(filename, "wt");
			fprintf(spoolf, "open\n%s\n%s\n%d\n%s\n",
				lp_servicename(handle->conn->params->service),
				fname,
				result,
				"for writing ");
			fclose(spoolf);
		}
	}

	return result;
}
Esempio n. 20
0
BOOL delete_share_security(const struct share_params *params)
{
	TDB_DATA kbuf;
	fstring key;

	slprintf(key, sizeof(key)-1, "SECDESC/%s",
		 lp_servicename(params->service));
	kbuf.dptr = key;
	kbuf.dsize = strlen(key)+1;

	if (tdb_trans_delete(share_tdb, kbuf) != 0) {
		DEBUG(0,("delete_share_security: Failed to delete entry for share %s\n",
			 lp_servicename(params->service) ));
		return False;
	}

	return True;
}
Esempio n. 21
0
void notify_printer_status(struct tevent_context *ev,
			   struct messaging_context *msg_ctx,
			   int snum, uint32 status)
{
	const char *sharename = lp_servicename(talloc_tos(), snum);

	if (sharename)
		notify_printer_status_byname(ev, msg_ctx, sharename, status);
}
Esempio n. 22
0
bool user_ok_token(const char *username, const char *domain,
		   const struct nt_user_token *token, int snum)
{
	if (lp_invalid_users(snum) != NULL) {
		if (token_contains_name_in_list(username, domain,
						lp_servicename(snum),
						token,
						lp_invalid_users(snum))) {
			DEBUG(10, ("User %s in 'invalid users'\n", username));
			return False;
		}
	}

	if (lp_valid_users(snum) != NULL) {
		if (!token_contains_name_in_list(username, domain,
						 lp_servicename(snum), token,
						 lp_valid_users(snum))) {
			DEBUG(10, ("User %s not in 'valid users'\n",
				   username));
			return False;
		}
	}

	if (lp_onlyuser(snum)) {
		const char *list[2];
		list[0] = lp_username(snum);
		list[1] = NULL;
		if ((list[0] == NULL) || (*list[0] == '\0')) {
			DEBUG(0, ("'only user = yes' and no 'username ='******'username'\n", username));
			return False;
		}
	}

	DEBUG(10, ("user_ok_token: share %s is ok for unix user %s\n",
		   lp_servicename(snum), username));

	return True;
}
Esempio n. 23
0
static NTSTATUS create_connection_session_info(struct smbd_server_connection *sconn,
					      TALLOC_CTX *mem_ctx, int snum,
                                              struct auth_session_info *session_info,
                                              struct auth_session_info **presult)
{
	struct auth_session_info *result;

        if (lp_guest_only(snum)) {
                return make_session_info_guest(mem_ctx, presult);
        }

	/*
	 * This is the normal security != share case where we have a
	 * valid vuid from the session setup.                 */

	if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
		if (!lp_guest_ok(snum)) {
			DEBUG(2, ("guest user (from session setup) "
				  "not permitted to access this share "
				  "(%s)\n", lp_servicename(talloc_tos(), snum)));
			return NT_STATUS_ACCESS_DENIED;
		}
	} else {
		if (!user_ok_token(session_info->unix_info->unix_name,
				   session_info->info->domain_name,
				   session_info->security_token, snum)) {
			DEBUG(2, ("user '%s' (from session setup) not "
				  "permitted to access this share "
				  "(%s)\n",
				  session_info->unix_info->unix_name,
				  lp_servicename(talloc_tos(), snum)));
			return NT_STATUS_ACCESS_DENIED;
		}
	}

	result = copy_session_info(mem_ctx, session_info);
	if (result == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	*presult = result;
	return NT_STATUS_OK;
}
Esempio n. 24
0
void notify_printer_comment(struct tevent_context *ev,
			    struct messaging_context *msg_ctx,
			    int snum, const char *comment)
{
	const char *sharename = lp_servicename(talloc_tos(), snum);

	send_notify_field_buffer(
		ev, msg_ctx,
		sharename, PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_FIELD_COMMENT,
		snum, strlen(comment) + 1, comment);
}
Esempio n. 25
0
void notify_printer_port(struct tevent_context *ev,
			 struct messaging_context *msg_ctx,
			 int snum, const char *port_name)
{
	const char *sharename = lp_servicename(talloc_tos(), snum);

	send_notify_field_buffer(
		ev, msg_ctx,
		sharename, PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_FIELD_PORT_NAME,
		snum, strlen(port_name) + 1, port_name);
}
Esempio n. 26
0
void notify_printer_location(struct tevent_context *ev,
			     struct messaging_context *msg_ctx,
			     int snum, const char *location)
{
	const char *sharename = lp_servicename(talloc_tos(), snum);

	send_notify_field_buffer(
		ev, msg_ctx,
		sharename, PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_FIELD_LOCATION,
		snum, strlen(location) + 1, location);
}
Esempio n. 27
0
void notify_printer_sepfile(struct tevent_context *ev,
			    struct messaging_context *msg_ctx,
			    int snum, const char *sepfile)
{
	const char *sharename = lp_servicename(talloc_tos(), snum);

	send_notify_field_buffer(
		ev, msg_ctx,
		sharename, PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_FIELD_SEPFILE,
		snum, strlen(sepfile) + 1, sepfile);
}
Esempio n. 28
0
/****************************************************************************
close a cnum
****************************************************************************/
void close_cnum(connection_struct *conn, uint16 vuid)
{
	DirCacheFlush(SNUM(conn));

	unbecome_user();

	DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n",
				 remote_machine,conn->client_address,
				 lp_servicename(SNUM(conn))));

	yield_connection(conn,
			 lp_servicename(SNUM(conn)),
			 lp_max_connections(SNUM(conn)));

	if (lp_status(SNUM(conn)))
		yield_connection(conn,"STATUS.",MAXSTATUS);

	file_close_conn(conn);
	dptr_closecnum(conn);

	/* execute any "postexec = " line */
	if (*lp_postexec(SNUM(conn)) && 
	    become_user(conn, vuid))  {
		pstring cmd;
		pstrcpy(cmd,lp_postexec(SNUM(conn)));
		standard_sub(conn,cmd);
		smbrun(cmd,NULL,False);
		unbecome_user();
	}

	unbecome_user();
	/* execute any "root postexec = " line */
	if (*lp_rootpostexec(SNUM(conn)))  {
		pstring cmd;
		pstrcpy(cmd,lp_rootpostexec(SNUM(conn)));
		standard_sub(conn,cmd);
		smbrun(cmd,NULL,False);
	}
	
	conn_free(conn);
}
static int greyhole_close(vfs_handle_struct *handle, files_struct *fsp)
{
	int result;

	result = SMB_VFS_NEXT_CLOSE(handle, fsp);

	if (result >= 0) {
		gh_spoolf("close\n%s\n%d\n\n",
			lp_servicename(talloc_tos(), handle->conn->params->service),
			fsp->fh->fd);
	}

	return result;
}
static int greyhole_unlink(vfs_handle_struct *handle, const struct smb_filename *path)
{
	int result;

	result = SMB_VFS_NEXT_UNLINK(handle, path);

	if (result >= 0) {
		gh_spoolf("unlink\n%s\n%s\n\n",
			lp_servicename(talloc_tos(), handle->conn->params->service),
			path->base_name);
	}

	return result;
}