NTSTATUS smbXsrv_open_global_traverse( int (*fn)(struct smbXsrv_open_global0 *, void *), void *private_data) { NTSTATUS status; int count = 0; struct smbXsrv_open_global_traverse_state state = { .fn = fn, .private_data = private_data, }; become_root(); status = smbXsrv_open_global_init(); if (!NT_STATUS_IS_OK(status)) { unbecome_root(); DEBUG(0, ("Failed to initialize open_global: %s\n", nt_errstr(status))); return status; } status = dbwrap_traverse_read(smbXsrv_open_global_db_ctx, smbXsrv_open_global_traverse_fn, &state, &count); unbecome_root(); return status; }
static bool acl_tdb_init(void) { char *dbname; if (acl_db) { ref_count++; return true; } dbname = state_path("file_ntacls.tdb"); if (dbname == NULL) { errno = ENOSYS; return false; } become_root(); acl_db = db_open(NULL, dbname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); unbecome_root(); if (acl_db == NULL) { #if defined(ENOTSUP) errno = ENOTSUP; #else errno = ENOSYS; #endif TALLOC_FREE(dbname); return false; } ref_count++; TALLOC_FREE(dbname); return true; }
WERROR regdb_open( void ) { WERROR result = WERR_OK; if ( regdb ) { DEBUG(10, ("regdb_open: incrementing refcount (%d->%d)\n", regdb_refcount, regdb_refcount+1)); regdb_refcount++; return WERR_OK; } become_root(); regdb = db_open(NULL, state_path("registry.tdb"), 0, REG_TDB_FLAGS, O_RDWR, 0600, DBWRAP_LOCK_ORDER_1); if ( !regdb ) { result = ntstatus_to_werror( map_nt_error_from_unix( errno ) ); DEBUG(0,("regdb_open: Failed to open %s! (%s)\n", state_path("registry.tdb"), strerror(errno) )); } unbecome_root(); regdb_refcount = 1; DEBUG(10, ("regdb_open: registry db opened. refcount reset (%d)\n", regdb_refcount)); return result; }
static int ad_conv_v22ea(const char *path, const struct stat *sp, const struct vol *vol) { EC_INIT; const char *adpath; int adflags = S_ISDIR(sp->st_mode) ? ADFLAGS_DIR : 0; become_root(); EC_ZERO( ad_conv_v22ea_hf(path, sp, vol) ); EC_ZERO( ad_conv_v22ea_rf(path, sp, vol) ); EC_NULL( adpath = ad_path(path, adflags) ); LOG(log_debug, logtype_default,"ad_conv_v22ea_hf(\"%s\"): deleting adouble:v2 file: \"%s\"", path, fullpathname(adpath)); unlink(adpath); EC_CLEANUP: if (errno == ENOENT) EC_STATUS(0); unbecome_root(); EC_EXIT; }
static NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle, const char *fname, DATA_BLOB *pblob) { connection_struct *conn = handle->conn; int ret; int saved_errno = 0; DEBUG(10,("store_acl_blob_pathname: storing blob " "length %u on file %s\n", (unsigned int)pblob->length, fname)); become_root(); ret = SMB_VFS_SETXATTR(conn, fname, XATTR_NTACL_NAME, pblob->data, pblob->length, 0); if (ret) { saved_errno = errno; } unbecome_root(); if (ret) { errno = saved_errno; DEBUG(5, ("store_acl_blob_pathname: setting attr failed " "for file %s with error %s\n", fname, strerror(errno) )); return map_nt_error_from_unix(errno); } return NT_STATUS_OK; }
static WERROR rcinit_status( const char *service, SERVICE_STATUS *status ) { char *command = NULL; int ret, fd; if (asprintf(&command, "%s/%s/%s status", get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, service) < 0) { return WERR_NOMEM; } /* we've already performed the access check when the service was opened */ /* assume as return code of 0 means that the service is ok. Anything else is STOPPED */ become_root(); ret = smbrun( command , &fd ); unbecome_root(); DEBUGADD(5, ("rcinit_start: [%s] returned [%d]\n", command, ret)); close(fd); SAFE_FREE(command); ZERO_STRUCTP( status ); status->type = 0x0020; status->state = (ret == 0 ) ? 0x0004 : 0x0001; status->controls_accepted = 0x0005; return WERR_OK; }
/*! * Remove hexencoded dots and slashes (":2e" and ":2f") */ static int ad_conv_dehex(const char *path, const struct stat *sp, const struct vol *vol, const char **newpathp) { EC_INIT; static char buf[MAXPATHLEN]; const char *adpath, *p; int adflags = S_ISDIR(sp->st_mode) ? ADFLAGS_DIR : 0; bstring newpath = NULL; LOG(log_debug, logtype_default,"ad_conv_dehex(\"%s\"): BEGIN", fullpathname(path)); *newpathp = NULL; if ((p = strchr(path, ':')) == NULL) goto EC_CLEANUP; EC_NULL( newpath = bfromcstr(path) ); EC_ZERO( bfindreplace(newpath, bfromcstr(":2e"), bfromcstr("."), 0) ); EC_ZERO( bfindreplace(newpath, bfromcstr(":2f"), bfromcstr(":"), 0) ); become_root(); if (adflags != ADFLAGS_DIR) rename(vol->ad_path(path, 0), vol->ad_path(bdata(newpath), 0)); rename(path, bdata(newpath)); unbecome_root(); strlcpy(buf, bdata(newpath), sizeof(buf)); *newpathp = buf; EC_CLEANUP: if (newpath) bdestroy(newpath); EC_EXIT; }
NTSTATUS srv_fssa_start(struct messaging_context *msg_ctx) { NTSTATUS status; fss_global.mem_ctx = talloc_named_const(NULL, 0, "parent fss rpc server ctx"); if (fss_global.mem_ctx == NULL) { return NT_STATUS_NO_MEMORY; } fss_global.db_path = lock_path(FSS_DB_NAME); if (fss_global.db_path == NULL) { talloc_free(fss_global.mem_ctx); return NT_STATUS_NO_MEMORY; } fss_global.min_vers = FSRVP_RPC_VERSION_1; fss_global.max_vers = FSRVP_RPC_VERSION_1; /* * The server MUST populate the GlobalShadowCopySetTable with the * ShadowCopySet entries read from the configuration store. */ if (lp_parm_bool(GLOBAL_SECTION_SNUM, "fss", "prune stale", false)) { fss_prune_stale(msg_ctx, fss_global.db_path); } become_root(); status = fss_state_retrieve(fss_global.mem_ctx, &fss_global.sc_sets, &fss_global.sc_sets_count, fss_global.db_path); unbecome_root(); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("failed to retrieve fss server state: %s\n", nt_errstr(status))); } return NT_STATUS_OK; }
static WERROR rcinit_stop( const char *service, SERVICE_STATUS *status ) { char *command = NULL; int ret, fd; if (asprintf(&command, "%s/%s/%s stop", get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, service) < 0) { return WERR_NOMEM; } /* we've already performed the access check when the service was opened */ become_root(); ret = smbrun( command , &fd ); unbecome_root(); DEBUGADD(5, ("rcinit_start: [%s] returned [%d]\n", command, ret)); close(fd); SAFE_FREE(command); ZERO_STRUCTP( status ); status->type = 0x0020; status->state = (ret == 0 ) ? 0x0001 : 0x0004; status->controls_accepted = 0x0005; return ( ret == 0 ) ? WERR_OK : WERR_ACCESS_DENIED; }
static void notify_deferred_opens(struct share_mode_lock *lck) { int i; for (i=0; i<lck->num_share_modes; i++) { struct share_mode_entry *e = &lck->share_modes[i]; if (!is_deferred_open_entry(e)) { continue; } if (procid_is_me(&e->pid)) { /* * We need to notify ourself to retry the open. Do * this by finding the queued SMB record, moving it to * the head of the queue and changing the wait time to * zero. */ schedule_deferred_open_smb_message(e->op_mid); } else { char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE]; share_mode_entry_to_message(msg, e); become_root(); message_send_pid(e->pid, MSG_SMB_OPEN_RETRY, msg, MSG_SMB_SHARE_MODE_ENTRY_SIZE, True); unbecome_root(); } } }
WERROR regdb_open( void ) { WERROR result = WERR_OK; if ( tdb_reg ) { DEBUG(10,("regdb_open: incrementing refcount (%d)\n", tdb_refcount)); tdb_refcount++; return WERR_OK; } become_root(); tdb_reg = tdb_open_log(lock_path("registry.tdb"), 0, TDB_DEFAULT, O_RDWR, 0600); if ( !tdb_reg ) { result = ntstatus_to_werror( map_nt_error_from_unix( errno ) ); DEBUG(0,("regdb_open: Failed to open %s! (%s)\n", lock_path("registry.tdb"), strerror(errno) )); } unbecome_root(); tdb_refcount = 1; DEBUG(10,("regdb_open: refcount reset (%d)\n", tdb_refcount)); return result; }
NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p, struct eventlog_ClearEventLogW *r) { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle ); if ( !info ) return NT_STATUS_INVALID_HANDLE; if (r->in.backupfile && r->in.backupfile->string) { DEBUG(8,( "_eventlog_ClearEventLogW: Using [%s] as the backup " "file name for log [%s].", r->in.backupfile->string, info->logname ) ); } /* check for WRITE access to the file */ if ( !(info->access_granted&SA_RIGHT_FILE_WRITE_DATA) ) return NT_STATUS_ACCESS_DENIED; /* Force a close and reopen */ elog_close_tdb( info->etdb, True ); become_root(); info->etdb = elog_open_tdb( info->logname, True, False ); unbecome_root(); if ( !info->etdb ) return NT_STATUS_ACCESS_DENIED; return NT_STATUS_OK; }
int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { char *p; int retval; DEBUG(10,("sys_getgrouplist: user [%s]\n", user)); /* see if we should disable winbindd lookups for local users */ if ( (p = strchr(user, *lp_winbind_separator())) == NULL ) { if ( !winbind_off() ) DEBUG(0,("sys_getgroup_list: Insufficient environment space for %s\n", WINBINDD_DONT_ENV)); else DEBUG(10,("sys_getgrouplist(): disabled winbindd for group lookup [user == %s]\n", user)); } #ifdef HAVE_GETGROUPLIST retval = getgrouplist(user, gid, groups, grpcnt); #else become_root(); retval = getgrouplist_internals(user, gid, groups, grpcnt); unbecome_root(); #endif /* allow winbindd lookups */ winbind_on(); return retval; }
static WERROR rcinit_status( const char *service, struct SERVICE_STATUS *status ) { char *command = NULL; int ret, fd; if (asprintf(&command, "%s/%s/%s status", get_dyn_MODULESDIR(), SVCCTL_SCRIPT_DIR, service) < 0) { return WERR_NOT_ENOUGH_MEMORY; } /* we've already performed the access check when the service was opened */ /* assume as return code of 0 means that the service is ok. Anything else is STOPPED */ become_root(); ret = smbrun(command, &fd, NULL); unbecome_root(); DEBUGADD(5, ("rcinit_start: [%s] returned [%d]\n", command, ret)); close(fd); SAFE_FREE(command); ZERO_STRUCTP( status ); status->type = SERVICE_TYPE_WIN32_SHARE_PROCESS; status->state = (ret == 0 ) ? SVCCTL_RUNNING : SVCCTL_STOPPED; status->controls_accepted = SVCCTL_ACCEPT_STOP | SVCCTL_ACCEPT_SHUTDOWN; return WERR_OK; }
static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, files_struct *fsp, DATA_BLOB *pblob) { int ret; int saved_errno = 0; DEBUG(10,("store_acl_blob_fsp: storing blob length %u on file %s\n", (unsigned int)pblob->length, fsp_str_dbg(fsp))); become_root(); if (fsp->fh->fd != -1) { ret = SMB_VFS_FSETXATTR(fsp, XATTR_NTACL_NAME, pblob->data, pblob->length, 0); } else { ret = SMB_VFS_SETXATTR(fsp->conn, fsp->fsp_name->base_name, XATTR_NTACL_NAME, pblob->data, pblob->length, 0); } if (ret) { saved_errno = errno; } unbecome_root(); if (ret) { DEBUG(5, ("store_acl_blob_fsp: setting attr failed for file %s" "with error %s\n", fsp_str_dbg(fsp), strerror(saved_errno) )); errno = saved_errno; return map_nt_error_from_unix(saved_errno); } return NT_STATUS_OK; }
static bool posix_eadb_init(int snum, struct tdb_wrap **p_db) { struct tdb_wrap *db; struct loadparm_context *lp_ctx; const char *eadb = lp_parm_const_string(snum, "posix", "eadb", NULL); if (!eadb) { DEBUG(0, ("Can not use vfs_posix_eadb without posix:eadb set\n")); return false; } lp_ctx = loadparm_init_s3(NULL, loadparm_s3_helpers()); become_root(); db = tdb_wrap_open(NULL, eadb, 50000, TDB_DEFAULT, O_RDWR|O_CREAT, 0600, lp_ctx); unbecome_root(); talloc_unlink(NULL, lp_ctx); /* now we know dbname is not NULL */ if (db == NULL) { #if defined(ENOTSUP) errno = ENOTSUP; #else errno = ENOSYS; #endif return false; } *p_db = db; return true; }
static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { int retval; bool winbind_env; DEBUG(10,("sys_getgrouplist: user [%s]\n", user)); /* This is only ever called for Unix users, remote memberships are * always determined by the info3 coming back from auth3 or the * PAC. */ winbind_env = winbind_env_set(); (void)winbind_off(); #ifdef HAVE_GETGROUPLIST retval = getgrouplist(user, gid, groups, grpcnt); #else #ifdef HAVE_GETGRSET retval = getgrouplist_getgrset(user, gid, groups, grpcnt); #else become_root(); retval = getgrouplist_internals(user, gid, groups, grpcnt); unbecome_root(); #endif /* HAVE_GETGRSET */ #endif /* HAVE_GETGROUPLIST */ /* allow winbindd lookups, but only if they were not already disabled */ if (!winbind_env) { (void)winbind_on(); } return retval; }
static void amgtar_restore( application_argument_t *argument) { char *cmd; GPtrArray *argv_ptr = g_ptr_array_new(); char **env; int j; char *e; if (!gnutar_path) { error(_("GNUTAR-PATH not defined")); } cmd = stralloc(gnutar_path); g_ptr_array_add(argv_ptr, stralloc(gnutar_path)); g_ptr_array_add(argv_ptr, stralloc("--numeric-owner")); if (gnutar_no_unquote) g_ptr_array_add(argv_ptr, stralloc("--no-unquote")); g_ptr_array_add(argv_ptr, stralloc("-xpGvf")); g_ptr_array_add(argv_ptr, stralloc("-")); for (j=1; j< argument->argc; j++) { g_ptr_array_add(argv_ptr, stralloc(argument->argv[j])); } g_ptr_array_add(argv_ptr, NULL); env = safe_env(); become_root(); execve(cmd, (char **)argv_ptr->pdata, env); e = strerror(errno); error(_("error [exec %s: %s]"), cmd, e); }
static bool acl_tdb_init(struct db_context **pp_db) { char *dbname; if (acl_db) { *pp_db = acl_db; ref_count++; return true; } dbname = state_path("file_ntacls.tdb"); if (dbname == NULL) { errno = ENOSYS; return false; } become_root(); *pp_db = db_open(NULL, dbname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); unbecome_root(); if (*pp_db == NULL) { #if defined(ENOTSUP) errno = ENOTSUP; #else errno = ENOSYS; #endif TALLOC_FREE(dbname); return false; } ref_count++; TALLOC_FREE(dbname); return true; }
static BOOL add_printers_by_registry( REGSUBKEY_CTR *subkeys ) { int i, num_keys, snum; char *printername; NT_PRINTER_INFO_LEVEL_2 info2; NT_PRINTER_INFO_LEVEL printer; ZERO_STRUCT( info2 ); printer.info_2 = &info2; num_keys = regsubkey_ctr_numkeys( subkeys ); become_root(); for ( i=0; i<num_keys; i++ ) { printername = regsubkey_ctr_specific_key( subkeys, i ); snum = find_service( printername ); /* just verify a valied snum for now */ if ( snum == -1 ) { fstrcpy( info2.printername, printername ); fstrcpy( info2.sharename, printername ); if ( !add_printer_hook( NULL, &printer ) ) { DEBUG(0,("add_printers_by_registry: Failed to add printer [%s]\n", printername)); } } } unbecome_root(); return True; }
/** * update the encrypted smbpasswd file from the plaintext username and password * * this ugly hack needs to die, but not quite yet, I think people still use it... **/ static BOOL update_smbpassword_file(const char *user, const char *password) { struct samu *sampass; BOOL ret; if ( !(sampass = samu_new( NULL )) ) { return False; } become_root(); ret = pdb_getsampwnam(sampass, user); unbecome_root(); if(ret == False) { DEBUG(0,("pdb_getsampwnam returned NULL\n")); TALLOC_FREE(sampass); return False; } /* * Remove the account disabled flag - we are updating the * users password from a login. */ if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) { TALLOC_FREE(sampass); return False; } if (!pdb_set_plaintext_passwd (sampass, password)) { TALLOC_FREE(sampass); return False; } /* Now write it into the file. */ become_root(); ret = NT_STATUS_IS_OK(pdb_update_sam_account (sampass)); unbecome_root(); if (ret) { DEBUG(3,("pdb_update_sam_account returned %d\n",ret)); } TALLOC_FREE(sampass); return ret; }
int main(int argc, char *argv[]) { become_root(); for (int k = 0; k < arraysize(cmds); ++k) runit(cmds[k], 120000); return 0; }
static BOOL get_md4pw(char *md4pw, char *mach_acct) { SAM_ACCOUNT *sampass = NULL; const uint8 *pass; BOOL ret; uint32 acct_ctrl; #if 0 /* * Currently this code is redundent as we already have a filter * by hostname list. What this code really needs to do is to * get a hosts allowed/hosts denied list from the SAM database * on a per user basis, and make the access decision there. * I will leave this code here for now as a reminder to implement * this at a later date. JRA. */ if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(), client_name(), client_addr())) { DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct)); return False; } #endif /* 0 */ if(!NT_STATUS_IS_OK(pdb_init_sam(&sampass))) return False; /* JRA. This is ok as it is only used for generating the challenge. */ become_root(); ret=pdb_getsampwnam(sampass, mach_acct); unbecome_root(); if (ret==False) { DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); pdb_free_sam(&sampass); return False; } acct_ctrl = pdb_get_acct_ctrl(sampass); if (!(acct_ctrl & ACB_DISABLED) && ((acct_ctrl & ACB_DOMTRUST) || (acct_ctrl & ACB_WSTRUST) || (acct_ctrl & ACB_SVRTRUST)) && ((pass=pdb_get_nt_passwd(sampass)) != NULL)) { memcpy(md4pw, pass, 16); dump_data(5, md4pw, 16); pdb_free_sam(&sampass); return True; } DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); pdb_free_sam(&sampass); return False; }
static int atalk_unlink_file(const char *path) { int ret = 0; become_root(); ret = unlink(path); unbecome_root(); return ret; }
static bool nfs4acl_smb4acl_set_fn(vfs_handle_struct *handle, files_struct *fsp, struct SMB4ACL_T *smb4acl) { struct nfs4acl_config *config = NULL; DATA_BLOB blob; NTSTATUS status; int saved_errno = 0; int ret; SMB_VFS_HANDLE_GET_DATA(handle, config, struct nfs4acl_config, return false); switch (config->encoding) { case NFS4ACL_ENCODING_NDR: status = nfs4acl_smb4acl_to_ndr_blob(handle, talloc_tos(), smb4acl, &blob); break; case NFS4ACL_ENCODING_XDR: status = nfs4acl_smb4acl_to_xdr_blob(handle, talloc_tos(), smb4acl, &blob); break; default: status = NT_STATUS_INTERNAL_ERROR; break; } if (!NT_STATUS_IS_OK(status)) { return false; } become_root(); if (fsp->fh->fd != -1) { ret = SMB_VFS_NEXT_FSETXATTR(handle, fsp, config->xattr_name, blob.data, blob.length, 0); } else { ret = SMB_VFS_NEXT_SETXATTR(handle, fsp->fsp_name, config->xattr_name, blob.data, blob.length, 0); } if (ret != 0) { saved_errno = errno; } unbecome_root(); data_blob_free(&blob); if (saved_errno != 0) { errno = saved_errno; } if (ret != 0) { DBG_ERR("can't store acl in xattr: %s\n", strerror(errno)); return false; } return true; }
static int getfsquota(const AFPObj *obj, struct vol *vol, const int uid, struct dqblk *dq) { struct dqblk dqg; #ifdef __svr4__ struct quotctl qc; #endif memset(dq, 0, sizeof(struct dqblk)); memset(&dqg, 0, sizeof(dqg)); #ifdef __svr4__ qc.op = Q_GETQUOTA; qc.uid = uid; qc.addr = (caddr_t)dq; if ( ioctl( vol->v_qfd, Q_QUOTACTL, &qc ) < 0 ) { return( AFPERR_PARAM ); } #else /* __svr4__ */ #ifdef ultrix if ( quota( Q_GETDLIM, uid, vol->v_gvs, dq ) != 0 ) { return( AFPERR_PARAM ); } #else /* ultrix */ #ifndef USRQUOTA #define USRQUOTA 0 #endif #ifndef QCMD #define QCMD(a,b) (a) #endif #ifndef TRU64 /* for group quotas. we only use these if the user belongs * to one group. */ #endif /* TRU64 */ #ifdef BSD4_4 become_root(); if ( quotactl( vol->v_path, QCMD(Q_GETQUOTA,USRQUOTA), uid, (char *)dq ) != 0 ) { /* try group quotas */ if (obj->ngroups >= 1) { if ( quotactl(vol->v_path, QCMD(Q_GETQUOTA, GRPQUOTA), obj->groups[0], (char *) &dqg) != 0 ) { unbecome_root(); return( AFPERR_PARAM ); } } } unbecome_root(); }
int file_ntimes(connection_struct *conn, const struct smb_filename *smb_fname, struct smb_file_time *ft) { int ret = -1; errno = 0; DEBUG(6, ("file_ntime: actime: %s", time_to_asc(convert_timespec_to_time_t(ft->atime)))); DEBUG(6, ("file_ntime: modtime: %s", time_to_asc(convert_timespec_to_time_t(ft->mtime)))); DEBUG(6, ("file_ntime: ctime: %s", time_to_asc(convert_timespec_to_time_t(ft->ctime)))); DEBUG(6, ("file_ntime: createtime: %s", time_to_asc(convert_timespec_to_time_t(ft->create_time)))); /* Don't update the time on read-only shares */ /* We need this as set_filetime (which can be called on close and other paths) can end up calling this function without the NEED_WRITE protection. Found by : Leo Weppelman <*****@*****.**> */ if (!CAN_WRITE(conn)) { return 0; } if(SMB_VFS_NTIMES(conn, smb_fname, ft) == 0) { return 0; } if((errno != EPERM) && (errno != EACCES)) { return -1; } if(!lp_dos_filetimes(SNUM(conn))) { return -1; } /* We have permission (given by the Samba admin) to break POSIX semantics and allow a user to change the time on a file they don't own but can write to (as DOS does). */ /* Check if we have write access. */ if (can_write_to_file(conn, smb_fname)) { /* We are allowed to become root and change the filetime. */ become_root(); ret = SMB_VFS_NTIMES(conn, smb_fname, ft); unbecome_root(); } return ret; }
void dump_core(void) { static bool called; if (called) { DEBUG(0, ("dump_core() called recursive\n")); exit(1); } called = true; /* Note that even if core dumping has been disabled, we still set up * the core path. This is to handle the case where core dumping is * turned on in smb.conf and the relevant daemon is not restarted. */ if (!lp_enable_core_files()) { DEBUG(0, ("Exiting on internal error (core file administratively disabled)\n")); exit(1); } #if DUMP_CORE /* If we're running as non root we might not be able to dump the core * file to the corepath. There must not be an unbecome_root() before * we call abort(). */ if (geteuid() != 0) { become_root(); } if (*corepath != '\0') { /* The chdir might fail if we dump core before we finish * processing the config file. */ if (chdir(corepath) != 0) { DEBUG(0, ("unable to change to %s\n", corepath)); DEBUGADD(0, ("refusing to dump core\n")); exit(1); } DEBUG(0,("dumping core in %s\n", corepath)); } umask(~(0700)); dbgflush(); /* Ensure we don't have a signal handler for abort. */ #ifdef SIGABRT CatchSignal(SIGABRT,SIGNAL_CAST SIG_DFL); #endif abort(); #else /* DUMP_CORE */ exit(1); #endif /* DUMP_CORE */ }
/* this must be the first dmapi call you make in Samba. It will initialise dmapi if available and tell you if you can get a dmapi session. This should be called in the client specific child process */ BOOL dmapi_have_session(void) { static BOOL initialised; if (!initialised) { initialised = true; become_root(); dmapi_init_session(); unbecome_root(); } return samba_dmapi_session != DM_NO_SESSION; }
BOOL check_lanman_password(char *user, uchar *pass1, uchar *pass2, struct smb_passwd **psmbpw) { static uchar null_pw[16]; uchar unenc_new_pw[16]; uchar unenc_old_pw[16]; struct smb_passwd *smbpw; *psmbpw = NULL; become_root(0); smbpw = getsmbpwnam(user); unbecome_root(0); if (smbpw == NULL) { DEBUG(0,("check_lanman_password: getsmbpwnam returned NULL\n")); return False; } if (smbpw->acct_ctrl & ACB_DISABLED) { DEBUG(0,("check_lanman_password: account %s disabled.\n", user)); return False; } if ((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ)) { uchar no_pw[14]; memset(no_pw, '\0', 14); E_P16(no_pw, null_pw); smbpw->smb_passwd = null_pw; } else if (smbpw->smb_passwd == NULL) { DEBUG(0,("check_lanman_password: no lanman password !\n")); return False; } /* Get the new lanman hash. */ D_P16(smbpw->smb_passwd, pass2, unenc_new_pw); /* Use this to get the old lanman hash. */ D_P16(unenc_new_pw, pass1, unenc_old_pw); /* Check that the two old passwords match. */ if (memcmp(smbpw->smb_passwd, unenc_old_pw, 16)) { DEBUG(0,("check_lanman_password: old password doesn't match.\n")); return False; } *psmbpw = smbpw; return True; }