NTSTATUS smbXsrv_open_global_traverse(
int (*fn)(struct smbXsrv_open_global0 *, void *),
void *private_data)
{
NTSTATUS status;
int count = 0;
struct smbXsrv_open_global_traverse_state state = {
.fn = fn,
.private_data = private_data,
};
become_root();
status = smbXsrv_open_global_init();
if (!NT_STATUS_IS_OK(status)) {
unbecome_root();
DEBUG(0, ("Failed to initialize open_global: %s\n",
nt_errstr(status)));
return status;
}
status = dbwrap_traverse_read(smbXsrv_open_global_db_ctx,
smbXsrv_open_global_traverse_fn,
&state,
&count);
unbecome_root();
return status;
}
static bool acl_tdb_init(void)
{
char *dbname;
if (acl_db) {
ref_count++;
return true;
}
dbname = state_path("file_ntacls.tdb");
if (dbname == NULL) {
errno = ENOSYS;
return false;
}
become_root();
acl_db = db_open(NULL, dbname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600,
DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
unbecome_root();
if (acl_db == NULL) {
#if defined(ENOTSUP)
errno = ENOTSUP;
#else
errno = ENOSYS;
#endif
TALLOC_FREE(dbname);
return false;
}
ref_count++;
TALLOC_FREE(dbname);
return true;
}
WERROR regdb_open( void )
{
WERROR result = WERR_OK;
if ( regdb ) {
DEBUG(10, ("regdb_open: incrementing refcount (%d->%d)\n",
regdb_refcount, regdb_refcount+1));
regdb_refcount++;
return WERR_OK;
}
become_root();
regdb = db_open(NULL, state_path("registry.tdb"), 0,
REG_TDB_FLAGS, O_RDWR, 0600,
DBWRAP_LOCK_ORDER_1);
if ( !regdb ) {
result = ntstatus_to_werror( map_nt_error_from_unix( errno ) );
DEBUG(0,("regdb_open: Failed to open %s! (%s)\n",
state_path("registry.tdb"), strerror(errno) ));
}
unbecome_root();
regdb_refcount = 1;
DEBUG(10, ("regdb_open: registry db opened. refcount reset (%d)\n",
regdb_refcount));
return result;
}
static int ad_conv_v22ea(const char *path, const struct stat *sp, const struct vol *vol)
{
EC_INIT;
const char *adpath;
int adflags = S_ISDIR(sp->st_mode) ? ADFLAGS_DIR : 0;
become_root();
EC_ZERO( ad_conv_v22ea_hf(path, sp, vol) );
EC_ZERO( ad_conv_v22ea_rf(path, sp, vol) );
EC_NULL( adpath = ad_path(path, adflags) );
LOG(log_debug, logtype_default,"ad_conv_v22ea_hf(\"%s\"): deleting adouble:v2 file: \"%s\"",
path, fullpathname(adpath));
unlink(adpath);
EC_CLEANUP:
if (errno == ENOENT)
EC_STATUS(0);
unbecome_root();
EC_EXIT;
}
static NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle,
const char *fname,
DATA_BLOB *pblob)
{
connection_struct *conn = handle->conn;
int ret;
int saved_errno = 0;
DEBUG(10,("store_acl_blob_pathname: storing blob "
"length %u on file %s\n",
(unsigned int)pblob->length, fname));
become_root();
ret = SMB_VFS_SETXATTR(conn, fname,
XATTR_NTACL_NAME,
pblob->data, pblob->length, 0);
if (ret) {
saved_errno = errno;
}
unbecome_root();
if (ret) {
errno = saved_errno;
DEBUG(5, ("store_acl_blob_pathname: setting attr failed "
"for file %s with error %s\n",
fname,
strerror(errno) ));
return map_nt_error_from_unix(errno);
}
return NT_STATUS_OK;
}
static WERROR rcinit_status( const char *service, SERVICE_STATUS *status )
{
char *command = NULL;
int ret, fd;
if (asprintf(&command, "%s/%s/%s status",
get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, service) < 0) {
return WERR_NOMEM;
}
/* we've already performed the access check when the service was opened */
/* assume as return code of 0 means that the service is ok. Anything else
is STOPPED */
become_root();
ret = smbrun( command , &fd );
unbecome_root();
DEBUGADD(5, ("rcinit_start: [%s] returned [%d]\n", command, ret));
close(fd);
SAFE_FREE(command);
ZERO_STRUCTP( status );
status->type = 0x0020;
status->state = (ret == 0 ) ? 0x0004 : 0x0001;
status->controls_accepted = 0x0005;
return WERR_OK;
}
/*!
* Remove hexencoded dots and slashes (":2e" and ":2f")
*/
static int ad_conv_dehex(const char *path, const struct stat *sp, const struct vol *vol, const char **newpathp)
{
EC_INIT;
static char buf[MAXPATHLEN];
const char *adpath, *p;
int adflags = S_ISDIR(sp->st_mode) ? ADFLAGS_DIR : 0;
bstring newpath = NULL;
LOG(log_debug, logtype_default,"ad_conv_dehex(\"%s\"): BEGIN", fullpathname(path));
*newpathp = NULL;
if ((p = strchr(path, ':')) == NULL)
goto EC_CLEANUP;
EC_NULL( newpath = bfromcstr(path) );
EC_ZERO( bfindreplace(newpath, bfromcstr(":2e"), bfromcstr("."), 0) );
EC_ZERO( bfindreplace(newpath, bfromcstr(":2f"), bfromcstr(":"), 0) );
become_root();
if (adflags != ADFLAGS_DIR)
rename(vol->ad_path(path, 0), vol->ad_path(bdata(newpath), 0));
rename(path, bdata(newpath));
unbecome_root();
strlcpy(buf, bdata(newpath), sizeof(buf));
*newpathp = buf;
EC_CLEANUP:
if (newpath)
bdestroy(newpath);
EC_EXIT;
}
NTSTATUS srv_fssa_start(struct messaging_context *msg_ctx)
{
NTSTATUS status;
fss_global.mem_ctx = talloc_named_const(NULL, 0,
"parent fss rpc server ctx");
if (fss_global.mem_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
fss_global.db_path = lock_path(FSS_DB_NAME);
if (fss_global.db_path == NULL) {
talloc_free(fss_global.mem_ctx);
return NT_STATUS_NO_MEMORY;
}
fss_global.min_vers = FSRVP_RPC_VERSION_1;
fss_global.max_vers = FSRVP_RPC_VERSION_1;
/*
* The server MUST populate the GlobalShadowCopySetTable with the
* ShadowCopySet entries read from the configuration store.
*/
if (lp_parm_bool(GLOBAL_SECTION_SNUM, "fss", "prune stale", false)) {
fss_prune_stale(msg_ctx, fss_global.db_path);
}
become_root();
status = fss_state_retrieve(fss_global.mem_ctx, &fss_global.sc_sets,
&fss_global.sc_sets_count,
fss_global.db_path);
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("failed to retrieve fss server state: %s\n",
nt_errstr(status)));
}
return NT_STATUS_OK;
}
static WERROR rcinit_stop( const char *service, SERVICE_STATUS *status )
{
char *command = NULL;
int ret, fd;
if (asprintf(&command, "%s/%s/%s stop",
get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, service) < 0) {
return WERR_NOMEM;
}
/* we've already performed the access check when the service was opened */
become_root();
ret = smbrun( command , &fd );
unbecome_root();
DEBUGADD(5, ("rcinit_start: [%s] returned [%d]\n", command, ret));
close(fd);
SAFE_FREE(command);
ZERO_STRUCTP( status );
status->type = 0x0020;
status->state = (ret == 0 ) ? 0x0001 : 0x0004;
status->controls_accepted = 0x0005;
return ( ret == 0 ) ? WERR_OK : WERR_ACCESS_DENIED;
}
static void notify_deferred_opens(struct share_mode_lock *lck)
{
int i;
for (i=0; i<lck->num_share_modes; i++) {
struct share_mode_entry *e = &lck->share_modes[i];
if (!is_deferred_open_entry(e)) {
continue;
}
if (procid_is_me(&e->pid)) {
/*
* We need to notify ourself to retry the open. Do
* this by finding the queued SMB record, moving it to
* the head of the queue and changing the wait time to
* zero.
*/
schedule_deferred_open_smb_message(e->op_mid);
} else {
char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
share_mode_entry_to_message(msg, e);
become_root();
message_send_pid(e->pid, MSG_SMB_OPEN_RETRY,
msg, MSG_SMB_SHARE_MODE_ENTRY_SIZE, True);
unbecome_root();
}
}
}
WERROR regdb_open( void )
{
WERROR result = WERR_OK;
if ( tdb_reg ) {
DEBUG(10,("regdb_open: incrementing refcount (%d)\n", tdb_refcount));
tdb_refcount++;
return WERR_OK;
}
become_root();
tdb_reg = tdb_open_log(lock_path("registry.tdb"), 0, TDB_DEFAULT, O_RDWR, 0600);
if ( !tdb_reg ) {
result = ntstatus_to_werror( map_nt_error_from_unix( errno ) );
DEBUG(0,("regdb_open: Failed to open %s! (%s)\n",
lock_path("registry.tdb"), strerror(errno) ));
}
unbecome_root();
tdb_refcount = 1;
DEBUG(10,("regdb_open: refcount reset (%d)\n", tdb_refcount));
return result;
}
NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p,
struct eventlog_ClearEventLogW *r)
{
EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
if ( !info )
return NT_STATUS_INVALID_HANDLE;
if (r->in.backupfile && r->in.backupfile->string) {
DEBUG(8,( "_eventlog_ClearEventLogW: Using [%s] as the backup "
"file name for log [%s].",
r->in.backupfile->string, info->logname ) );
}
/* check for WRITE access to the file */
if ( !(info->access_granted&SA_RIGHT_FILE_WRITE_DATA) )
return NT_STATUS_ACCESS_DENIED;
/* Force a close and reopen */
elog_close_tdb( info->etdb, True );
become_root();
info->etdb = elog_open_tdb( info->logname, True, False );
unbecome_root();
if ( !info->etdb )
return NT_STATUS_ACCESS_DENIED;
return NT_STATUS_OK;
}
int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
{
char *p;
int retval;
DEBUG(10,("sys_getgrouplist: user [%s]\n", user));
/* see if we should disable winbindd lookups for local users */
if ( (p = strchr(user, *lp_winbind_separator())) == NULL ) {
if ( !winbind_off() )
DEBUG(0,("sys_getgroup_list: Insufficient environment space for %s\n",
WINBINDD_DONT_ENV));
else
DEBUG(10,("sys_getgrouplist(): disabled winbindd for group lookup [user == %s]\n",
user));
}
#ifdef HAVE_GETGROUPLIST
retval = getgrouplist(user, gid, groups, grpcnt);
#else
become_root();
retval = getgrouplist_internals(user, gid, groups, grpcnt);
unbecome_root();
#endif
/* allow winbindd lookups */
winbind_on();
return retval;
}
static WERROR rcinit_status( const char *service, struct SERVICE_STATUS *status )
{
char *command = NULL;
int ret, fd;
if (asprintf(&command, "%s/%s/%s status",
get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, service) < 0) {
return WERR_NOT_ENOUGH_MEMORY;
}
/* we've already performed the access check when the service was opened */
/* assume as return code of 0 means that the service is ok. Anything else
is STOPPED */
become_root();
ret = smbrun(command, &fd, NULL);
unbecome_root();
DEBUGADD(5, ("rcinit_start: [%s] returned [%d]\n", command, ret));
close(fd);
SAFE_FREE(command);
ZERO_STRUCTP( status );
status->type = SERVICE_TYPE_WIN32_SHARE_PROCESS;
status->state = (ret == 0 ) ? SVCCTL_RUNNING : SVCCTL_STOPPED;
status->controls_accepted = SVCCTL_ACCEPT_STOP |
SVCCTL_ACCEPT_SHUTDOWN;
return WERR_OK;
}
static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
files_struct *fsp,
DATA_BLOB *pblob)
{
int ret;
int saved_errno = 0;
DEBUG(10,("store_acl_blob_fsp: storing blob length %u on file %s\n",
(unsigned int)pblob->length, fsp_str_dbg(fsp)));
become_root();
if (fsp->fh->fd != -1) {
ret = SMB_VFS_FSETXATTR(fsp, XATTR_NTACL_NAME,
pblob->data, pblob->length, 0);
} else {
ret = SMB_VFS_SETXATTR(fsp->conn, fsp->fsp_name->base_name,
XATTR_NTACL_NAME,
pblob->data, pblob->length, 0);
}
if (ret) {
saved_errno = errno;
}
unbecome_root();
if (ret) {
DEBUG(5, ("store_acl_blob_fsp: setting attr failed for file %s"
"with error %s\n",
fsp_str_dbg(fsp),
strerror(saved_errno) ));
errno = saved_errno;
return map_nt_error_from_unix(saved_errno);
}
return NT_STATUS_OK;
}
static bool posix_eadb_init(int snum, struct tdb_wrap **p_db)
{
struct tdb_wrap *db;
struct loadparm_context *lp_ctx;
const char *eadb = lp_parm_const_string(snum, "posix", "eadb", NULL);
if (!eadb) {
DEBUG(0, ("Can not use vfs_posix_eadb without posix:eadb set\n"));
return false;
}
lp_ctx = loadparm_init_s3(NULL, loadparm_s3_helpers());
become_root();
db = tdb_wrap_open(NULL, eadb, 50000,
TDB_DEFAULT, O_RDWR|O_CREAT, 0600,
lp_ctx);
unbecome_root();
talloc_unlink(NULL, lp_ctx);
/* now we know dbname is not NULL */
if (db == NULL) {
#if defined(ENOTSUP)
errno = ENOTSUP;
#else
errno = ENOSYS;
#endif
return false;
}
*p_db = db;
return true;
}
static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
{
int retval;
bool winbind_env;
DEBUG(10,("sys_getgrouplist: user [%s]\n", user));
/* This is only ever called for Unix users, remote memberships are
* always determined by the info3 coming back from auth3 or the
* PAC. */
winbind_env = winbind_env_set();
(void)winbind_off();
#ifdef HAVE_GETGROUPLIST
retval = getgrouplist(user, gid, groups, grpcnt);
#else
#ifdef HAVE_GETGRSET
retval = getgrouplist_getgrset(user, gid, groups, grpcnt);
#else
become_root();
retval = getgrouplist_internals(user, gid, groups, grpcnt);
unbecome_root();
#endif /* HAVE_GETGRSET */
#endif /* HAVE_GETGROUPLIST */
/* allow winbindd lookups, but only if they were not already disabled */
if (!winbind_env) {
(void)winbind_on();
}
return retval;
}
static void
amgtar_restore(
application_argument_t *argument)
{
char *cmd;
GPtrArray *argv_ptr = g_ptr_array_new();
char **env;
int j;
char *e;
if (!gnutar_path) {
error(_("GNUTAR-PATH not defined"));
}
cmd = stralloc(gnutar_path);
g_ptr_array_add(argv_ptr, stralloc(gnutar_path));
g_ptr_array_add(argv_ptr, stralloc("--numeric-owner"));
if (gnutar_no_unquote)
g_ptr_array_add(argv_ptr, stralloc("--no-unquote"));
g_ptr_array_add(argv_ptr, stralloc("-xpGvf"));
g_ptr_array_add(argv_ptr, stralloc("-"));
for (j=1; j< argument->argc; j++) {
g_ptr_array_add(argv_ptr, stralloc(argument->argv[j]));
}
g_ptr_array_add(argv_ptr, NULL);
env = safe_env();
become_root();
execve(cmd, (char **)argv_ptr->pdata, env);
e = strerror(errno);
error(_("error [exec %s: %s]"), cmd, e);
}
static bool acl_tdb_init(struct db_context **pp_db)
{
char *dbname;
if (acl_db) {
*pp_db = acl_db;
ref_count++;
return true;
}
dbname = state_path("file_ntacls.tdb");
if (dbname == NULL) {
errno = ENOSYS;
return false;
}
become_root();
*pp_db = db_open(NULL, dbname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
unbecome_root();
if (*pp_db == NULL) {
#if defined(ENOTSUP)
errno = ENOTSUP;
#else
errno = ENOSYS;
#endif
TALLOC_FREE(dbname);
return false;
}
ref_count++;
TALLOC_FREE(dbname);
return true;
}
static BOOL add_printers_by_registry( REGSUBKEY_CTR *subkeys )
{
int i, num_keys, snum;
char *printername;
NT_PRINTER_INFO_LEVEL_2 info2;
NT_PRINTER_INFO_LEVEL printer;
ZERO_STRUCT( info2 );
printer.info_2 = &info2;
num_keys = regsubkey_ctr_numkeys( subkeys );
become_root();
for ( i=0; i<num_keys; i++ ) {
printername = regsubkey_ctr_specific_key( subkeys, i );
snum = find_service( printername );
/* just verify a valied snum for now */
if ( snum == -1 ) {
fstrcpy( info2.printername, printername );
fstrcpy( info2.sharename, printername );
if ( !add_printer_hook( NULL, &printer ) ) {
DEBUG(0,("add_printers_by_registry: Failed to add printer [%s]\n",
printername));
}
}
}
unbecome_root();
return True;
}
/**
* update the encrypted smbpasswd file from the plaintext username and password
*
* this ugly hack needs to die, but not quite yet, I think people still use it...
**/
static BOOL update_smbpassword_file(const char *user, const char *password)
{
struct samu *sampass;
BOOL ret;
if ( !(sampass = samu_new( NULL )) ) {
return False;
}
become_root();
ret = pdb_getsampwnam(sampass, user);
unbecome_root();
if(ret == False) {
DEBUG(0,("pdb_getsampwnam returned NULL\n"));
TALLOC_FREE(sampass);
return False;
}
/*
* Remove the account disabled flag - we are updating the
* users password from a login.
*/
if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) {
TALLOC_FREE(sampass);
return False;
}
if (!pdb_set_plaintext_passwd (sampass, password)) {
TALLOC_FREE(sampass);
return False;
}
/* Now write it into the file. */
become_root();
ret = NT_STATUS_IS_OK(pdb_update_sam_account (sampass));
unbecome_root();
if (ret) {
DEBUG(3,("pdb_update_sam_account returned %d\n",ret));
}
TALLOC_FREE(sampass);
return ret;
}
int main(int argc, char *argv[])
{
become_root();
for (int k = 0; k < arraysize(cmds); ++k)
runit(cmds[k], 120000);
return 0;
}
static BOOL get_md4pw(char *md4pw, char *mach_acct)
{
SAM_ACCOUNT *sampass = NULL;
const uint8 *pass;
BOOL ret;
uint32 acct_ctrl;
#if 0
/*
* Currently this code is redundent as we already have a filter
* by hostname list. What this code really needs to do is to
* get a hosts allowed/hosts denied list from the SAM database
* on a per user basis, and make the access decision there.
* I will leave this code here for now as a reminder to implement
* this at a later date. JRA.
*/
if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
client_name(), client_addr()))
{
DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
return False;
}
#endif /* 0 */
if(!NT_STATUS_IS_OK(pdb_init_sam(&sampass)))
return False;
/* JRA. This is ok as it is only used for generating the challenge. */
become_root();
ret=pdb_getsampwnam(sampass, mach_acct);
unbecome_root();
if (ret==False) {
DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
pdb_free_sam(&sampass);
return False;
}
acct_ctrl = pdb_get_acct_ctrl(sampass);
if (!(acct_ctrl & ACB_DISABLED) &&
((acct_ctrl & ACB_DOMTRUST) ||
(acct_ctrl & ACB_WSTRUST) ||
(acct_ctrl & ACB_SVRTRUST)) &&
((pass=pdb_get_nt_passwd(sampass)) != NULL)) {
memcpy(md4pw, pass, 16);
dump_data(5, md4pw, 16);
pdb_free_sam(&sampass);
return True;
}
DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
pdb_free_sam(&sampass);
return False;
}
static int atalk_unlink_file(const char *path)
{
int ret = 0;
become_root();
ret = unlink(path);
unbecome_root();
return ret;
}
static bool nfs4acl_smb4acl_set_fn(vfs_handle_struct *handle,
files_struct *fsp,
struct SMB4ACL_T *smb4acl)
{
struct nfs4acl_config *config = NULL;
DATA_BLOB blob;
NTSTATUS status;
int saved_errno = 0;
int ret;
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct nfs4acl_config,
return false);
switch (config->encoding) {
case NFS4ACL_ENCODING_NDR:
status = nfs4acl_smb4acl_to_ndr_blob(handle, talloc_tos(),
smb4acl, &blob);
break;
case NFS4ACL_ENCODING_XDR:
status = nfs4acl_smb4acl_to_xdr_blob(handle, talloc_tos(),
smb4acl, &blob);
break;
default:
status = NT_STATUS_INTERNAL_ERROR;
break;
}
if (!NT_STATUS_IS_OK(status)) {
return false;
}
become_root();
if (fsp->fh->fd != -1) {
ret = SMB_VFS_NEXT_FSETXATTR(handle, fsp, config->xattr_name,
blob.data, blob.length, 0);
} else {
ret = SMB_VFS_NEXT_SETXATTR(handle, fsp->fsp_name,
config->xattr_name,
blob.data, blob.length, 0);
}
if (ret != 0) {
saved_errno = errno;
}
unbecome_root();
data_blob_free(&blob);
if (saved_errno != 0) {
errno = saved_errno;
}
if (ret != 0) {
DBG_ERR("can't store acl in xattr: %s\n", strerror(errno));
return false;
}
return true;
}
static int getfsquota(const AFPObj *obj, struct vol *vol, const int uid, struct dqblk *dq)
{
struct dqblk dqg;
#ifdef __svr4__
struct quotctl qc;
#endif
memset(dq, 0, sizeof(struct dqblk));
memset(&dqg, 0, sizeof(dqg));
#ifdef __svr4__
qc.op = Q_GETQUOTA;
qc.uid = uid;
qc.addr = (caddr_t)dq;
if ( ioctl( vol->v_qfd, Q_QUOTACTL, &qc ) < 0 ) {
return( AFPERR_PARAM );
}
#else /* __svr4__ */
#ifdef ultrix
if ( quota( Q_GETDLIM, uid, vol->v_gvs, dq ) != 0 ) {
return( AFPERR_PARAM );
}
#else /* ultrix */
#ifndef USRQUOTA
#define USRQUOTA 0
#endif
#ifndef QCMD
#define QCMD(a,b) (a)
#endif
#ifndef TRU64
/* for group quotas. we only use these if the user belongs
* to one group. */
#endif /* TRU64 */
#ifdef BSD4_4
become_root();
if ( quotactl( vol->v_path, QCMD(Q_GETQUOTA,USRQUOTA),
uid, (char *)dq ) != 0 ) {
/* try group quotas */
if (obj->ngroups >= 1) {
if ( quotactl(vol->v_path, QCMD(Q_GETQUOTA, GRPQUOTA),
obj->groups[0], (char *) &dqg) != 0 ) {
unbecome_root();
return( AFPERR_PARAM );
}
}
}
unbecome_root();
}
int file_ntimes(connection_struct *conn, const struct smb_filename *smb_fname,
struct smb_file_time *ft)
{
int ret = -1;
errno = 0;
DEBUG(6, ("file_ntime: actime: %s",
time_to_asc(convert_timespec_to_time_t(ft->atime))));
DEBUG(6, ("file_ntime: modtime: %s",
time_to_asc(convert_timespec_to_time_t(ft->mtime))));
DEBUG(6, ("file_ntime: ctime: %s",
time_to_asc(convert_timespec_to_time_t(ft->ctime))));
DEBUG(6, ("file_ntime: createtime: %s",
time_to_asc(convert_timespec_to_time_t(ft->create_time))));
/* Don't update the time on read-only shares */
/* We need this as set_filetime (which can be called on
close and other paths) can end up calling this function
without the NEED_WRITE protection. Found by :
Leo Weppelman <*****@*****.**>
*/
if (!CAN_WRITE(conn)) {
return 0;
}
if(SMB_VFS_NTIMES(conn, smb_fname, ft) == 0) {
return 0;
}
if((errno != EPERM) && (errno != EACCES)) {
return -1;
}
if(!lp_dos_filetimes(SNUM(conn))) {
return -1;
}
/* We have permission (given by the Samba admin) to
break POSIX semantics and allow a user to change
the time on a file they don't own but can write to
(as DOS does).
*/
/* Check if we have write access. */
if (can_write_to_file(conn, smb_fname)) {
/* We are allowed to become root and change the filetime. */
become_root();
ret = SMB_VFS_NTIMES(conn, smb_fname, ft);
unbecome_root();
}
return ret;
}
void dump_core(void)
{
static bool called;
if (called) {
DEBUG(0, ("dump_core() called recursive\n"));
exit(1);
}
called = true;
/* Note that even if core dumping has been disabled, we still set up
* the core path. This is to handle the case where core dumping is
* turned on in smb.conf and the relevant daemon is not restarted.
*/
if (!lp_enable_core_files()) {
DEBUG(0, ("Exiting on internal error (core file administratively disabled)\n"));
exit(1);
}
#if DUMP_CORE
/* If we're running as non root we might not be able to dump the core
* file to the corepath. There must not be an unbecome_root() before
* we call abort(). */
if (geteuid() != 0) {
become_root();
}
if (*corepath != '\0') {
/* The chdir might fail if we dump core before we finish
* processing the config file.
*/
if (chdir(corepath) != 0) {
DEBUG(0, ("unable to change to %s\n", corepath));
DEBUGADD(0, ("refusing to dump core\n"));
exit(1);
}
DEBUG(0,("dumping core in %s\n", corepath));
}
umask(~(0700));
dbgflush();
/* Ensure we don't have a signal handler for abort. */
#ifdef SIGABRT
CatchSignal(SIGABRT,SIGNAL_CAST SIG_DFL);
#endif
abort();
#else /* DUMP_CORE */
exit(1);
#endif /* DUMP_CORE */
}
/*
this must be the first dmapi call you make in Samba. It will initialise dmapi
if available and tell you if you can get a dmapi session. This should be called in
the client specific child process
*/
BOOL dmapi_have_session(void)
{
static BOOL initialised;
if (!initialised) {
initialised = true;
become_root();
dmapi_init_session();
unbecome_root();
}
return samba_dmapi_session != DM_NO_SESSION;
}
BOOL check_lanman_password(char *user, uchar *pass1,
uchar *pass2, struct smb_passwd **psmbpw)
{
static uchar null_pw[16];
uchar unenc_new_pw[16];
uchar unenc_old_pw[16];
struct smb_passwd *smbpw;
*psmbpw = NULL;
become_root(0);
smbpw = getsmbpwnam(user);
unbecome_root(0);
if (smbpw == NULL)
{
DEBUG(0,("check_lanman_password: getsmbpwnam returned NULL\n"));
return False;
}
if (smbpw->acct_ctrl & ACB_DISABLED)
{
DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
return False;
}
if ((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
{
uchar no_pw[14];
memset(no_pw, '\0', 14);
E_P16(no_pw, null_pw);
smbpw->smb_passwd = null_pw;
} else if (smbpw->smb_passwd == NULL) {
DEBUG(0,("check_lanman_password: no lanman password !\n"));
return False;
}
/* Get the new lanman hash. */
D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
/* Use this to get the old lanman hash. */
D_P16(unenc_new_pw, pass1, unenc_old_pw);
/* Check that the two old passwords match. */
if (memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
{
DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
return False;
}
*psmbpw = smbpw;
return True;
}
