int cli_errno(struct cli_state *cli) { NTSTATUS status; if (cli_is_nt_error(cli)) { status = cli_nt_error(cli); return map_errno_from_nt_status(status); } if (cli_is_dos_error(cli)) { uint8 eclass; uint32 ecode; cli_dos_error(cli, &eclass, &ecode); status = dos_to_ntstatus(eclass, ecode); return map_errno_from_nt_status(status); } /* * Yuck! A special case for this Vista error. Since its high-order * byte isn't 0xc0, it doesn't match cli_is_nt_error() above. */ status = cli_nt_error(cli); if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT)) { return EACCES; } /* for other cases */ return EINVAL; }
int onefs_lstat(vfs_handle_struct *handle, struct smb_filename *smb_fname) { struct smb_filename *smb_fname_onefs = NULL; NTSTATUS status; int ret; status = onefs_stream_prep_smb_fname(talloc_tos(), smb_fname, &smb_fname_onefs); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return -1; } /* * If the smb_fname has no stream or is :$DATA, then just stat the * base stream. Otherwise stat the stream. */ if (!is_ntfs_stream_smb_fname(smb_fname_onefs)) { ret = onefs_sys_lstat(smb_fname_onefs->base_name, &smb_fname->st); } else { ret = stat_stream(handle->conn, smb_fname_onefs->base_name, smb_fname_onefs->stream_name, &smb_fname->st, AT_SYMLINK_NOFOLLOW); } onefs_adjust_stat_time(handle->conn, smb_fname->base_name, &smb_fname->st); TALLOC_FREE(smb_fname_onefs); return ret; }
static int tsmsm_set_offline(struct vfs_handle_struct *handle, const struct smb_filename *fname) { struct tsmsm_struct *tsmd = (struct tsmsm_struct *) handle->data; int result = 0; char *command; NTSTATUS status; char *path; if (tsmd->hsmscript == NULL) { /* no script enabled */ DEBUG(1, ("tsmsm_set_offline: No 'tsmsm:hsm script' configured\n")); return 0; } status = get_full_smb_filename(talloc_tos(), fname, &path); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return false; } /* Now, call the script */ command = talloc_asprintf(tsmd, "%s offline \"%s\"", tsmd->hsmscript, path); if(!command) { DEBUG(1, ("tsmsm_set_offline: can't allocate memory to run hsm script")); return -1; } DEBUG(10, ("tsmsm_set_offline: Running [%s]\n", command)); if((result = smbrun(command, NULL)) != 0) { DEBUG(1,("tsmsm_set_offline: Running [%s] returned %d\n", command, result)); } TALLOC_FREE(command); return result; }
static int unlink_acl_tdb(vfs_handle_struct *handle, const struct smb_filename *smb_fname) { struct smb_filename *smb_fname_tmp = NULL; struct db_context *db = acl_db; NTSTATUS status; int ret = -1; status = copy_smb_filename(talloc_tos(), smb_fname, &smb_fname_tmp); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); goto out; } if (lp_posix_pathnames()) { ret = SMB_VFS_LSTAT(handle->conn, smb_fname_tmp); } else { ret = SMB_VFS_STAT(handle->conn, smb_fname_tmp); } if (ret == -1) { goto out; } ret = unlink_acl_common(handle, smb_fname_tmp); if (ret == -1) { goto out; } acl_tdb_delete(handle, db, &smb_fname_tmp->st); out: return ret; }
static int streams_xattr_stat(vfs_handle_struct *handle, struct smb_filename *smb_fname) { NTSTATUS status; int result = -1; char *xattr_name = NULL; if (!is_ntfs_stream_smb_fname(smb_fname)) { return SMB_VFS_NEXT_STAT(handle, smb_fname); } /* Note if lp_posix_paths() is true, we can never * get here as is_ntfs_stream_smb_fname() is * always false. So we never need worry about * not following links here. */ /* If the default stream is requested, just stat the base file. */ if (is_ntfs_default_stream_smb_fname(smb_fname)) { return streams_xattr_stat_base(handle, smb_fname, true); } /* Populate the stat struct with info from the base file. */ if (streams_xattr_stat_base(handle, smb_fname, true) == -1) { return -1; } /* Derive the xattr name to lookup. */ status = streams_xattr_get_name(handle, talloc_tos(), smb_fname->stream_name, &xattr_name); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return -1; } /* Augment the base file's stat information before returning. */ smb_fname->st.st_ex_size = get_xattr_size(handle->conn, smb_fname, xattr_name); if (smb_fname->st.st_ex_size == -1) { SET_STAT_INVALID(smb_fname->st); errno = ENOENT; result = -1; goto fail; } smb_fname->st.st_ex_ino = stream_inode(&smb_fname->st, xattr_name); smb_fname->st.st_ex_mode &= ~S_IFMT; smb_fname->st.st_ex_mode &= ~S_IFDIR; smb_fname->st.st_ex_mode |= S_IFREG; smb_fname->st.st_ex_blocks = smb_fname->st.st_ex_size / STAT_ST_BLOCKSIZE + 1; result = 0; fail: TALLOC_FREE(xattr_name); return result; }
static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, SMB_STRUCT_STAT *sbuf) { struct smb_filename *smb_fname_base = NULL; NTSTATUS status; int ret = -1; struct stream_io *io = (struct stream_io *) VFS_FETCH_FSP_EXTENSION(handle, fsp); DEBUG(10, ("streams_xattr_fstat called for %d\n", fsp->fh->fd)); if (io == NULL || fsp->base_fsp == NULL) { return SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf); } if (!streams_xattr_recheck(io)) { return -1; } /* Create an smb_filename with stream_name == NULL. */ status = create_synthetic_smb_fname(talloc_tos(), io->base, NULL, NULL, &smb_fname_base); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return -1; } if (lp_posix_pathnames()) { ret = SMB_VFS_LSTAT(handle->conn, smb_fname_base); } else { ret = SMB_VFS_STAT(handle->conn, smb_fname_base); } *sbuf = smb_fname_base->st; TALLOC_FREE(smb_fname_base); if (ret == -1) { return -1; } sbuf->st_ex_size = get_xattr_size(handle->conn, fsp->base_fsp, io->base, io->xattr_name); if (sbuf->st_ex_size == -1) { return -1; } DEBUG(10, ("sbuf->st_ex_size = %d\n", (int)sbuf->st_ex_size)); sbuf->st_ex_ino = stream_inode(sbuf, io->xattr_name); sbuf->st_ex_mode &= ~S_IFMT; sbuf->st_ex_mode |= S_IFREG; sbuf->st_ex_blocks = sbuf->st_ex_size / STAT_ST_BLOCKSIZE + 1; return 0; }
static SMB_STRUCT_DIR *opendir_acl_common(vfs_handle_struct *handle, const char *fname, const char *mask, uint32 attr) { NTSTATUS status = check_parent_acl_common(handle, fname, SEC_DIR_LIST, NULL); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return NULL; } return SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr); }
static int open_acl_xattr(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode) { uint32_t access_granted = 0; struct security_descriptor *pdesc = NULL; bool file_existed = true; NTSTATUS status = get_nt_acl_xattr_internal(handle, NULL, fname, (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION), &pdesc); if (NT_STATUS_IS_OK(status)) { /* See if we can access it. */ status = smb1_file_se_access_check(pdesc, handle->conn->server_info->ptok, fsp->access_mask, &access_granted); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("open_acl_xattr: file %s open " "refused with error %s\n", fname, nt_errstr(status) )); errno = map_errno_from_nt_status(status); return -1; } } else if (NT_STATUS_EQUAL(status,NT_STATUS_OBJECT_NAME_NOT_FOUND)) { file_existed = false; } DEBUG(10,("open_acl_xattr: get_nt_acl_attr_internal for " "file %s returned %s\n", fname, nt_errstr(status) )); fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode); if (!file_existed && fsp->fh->fd != -1) { /* File was created. Inherit from parent directory. */ string_set(&fsp->fsp_name, fname); inherit_new_acl(handle, fname, fsp, false); } return fsp->fh->fd; }
int onefs_vtimes_streams(vfs_handle_struct *handle, const struct smb_filename *smb_fname, int flags, struct timespec times[3]) { struct smb_filename *smb_fname_onefs = NULL; int ret; int dirfd; int saved_errno; NTSTATUS status; START_PROFILE(syscall_ntimes); if (!is_ntfs_stream_smb_fname(smb_fname)) { ret = vtimes(smb_fname->base_name, times, flags); return ret; } status = onefs_stream_prep_smb_fname(talloc_tos(), smb_fname, &smb_fname_onefs); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return -1; } /* Default stream (the ::$DATA was just stripped off). */ if (!is_ntfs_stream_smb_fname(smb_fname_onefs)) { ret = vtimes(smb_fname_onefs->base_name, times, flags); goto out; } dirfd = get_stream_dir_fd(handle->conn, smb_fname->base_name, NULL); if (dirfd < -1) { ret = -1; goto out; } ret = enc_vtimesat(dirfd, smb_fname_onefs->stream_name, ENC_DEFAULT, times, flags); saved_errno = errno; close(dirfd); errno = saved_errno; out: END_PROFILE(syscall_ntimes); TALLOC_FREE(smb_fname_onefs); return ret; }
ssize_t SMBC_write_ctx(SMBCCTX *context, SMBCFILE *file, const void *buf, size_t count) { off_t offset; TALLOC_CTX *frame = talloc_stackframe(); NTSTATUS status; /* First check all pointers before dereferencing them */ if (!context || !context->internal->initialized) { errno = EINVAL; TALLOC_FREE(frame); return -1; } if (!file || !SMBC_dlist_contains(context->internal->files, file)) { errno = EBADF; TALLOC_FREE(frame); return -1; } /* Check that the buffer exists ... */ if (buf == NULL) { errno = EINVAL; TALLOC_FREE(frame); return -1; } offset = file->offset; /* See "offset" comment in SMBC_read_ctx() */ status = cli_writeall(file->targetcli, file->cli_fd, 0, (const uint8_t *)buf, offset, count, NULL); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); TALLOC_FREE(frame); return -1; } file->offset += count; TALLOC_FREE(frame); return count; /* Success, 0 bytes of data ... */ }
static int streams_xattr_unlink(vfs_handle_struct *handle, const struct smb_filename *smb_fname) { NTSTATUS status; int ret = -1; char *xattr_name = NULL; if (!is_ntfs_stream_smb_fname(smb_fname)) { return SMB_VFS_NEXT_UNLINK(handle, smb_fname); } /* If the default stream is requested, just open the base file. */ if (is_ntfs_default_stream_smb_fname(smb_fname)) { struct smb_filename *smb_fname_base = NULL; smb_fname_base = cp_smb_filename(talloc_tos(), smb_fname); if (smb_fname_base == NULL) { errno = ENOMEM; return -1; } ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname_base); TALLOC_FREE(smb_fname_base); return ret; } status = streams_xattr_get_name(handle, talloc_tos(), smb_fname->stream_name, &xattr_name); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); goto fail; } ret = SMB_VFS_REMOVEXATTR(handle->conn, smb_fname, xattr_name); if ((ret == -1) && (errno == ENOATTR)) { errno = ENOENT; goto fail; } ret = 0; fail: TALLOC_FREE(xattr_name); return ret; }
int onefs_unlink(vfs_handle_struct *handle, const struct smb_filename *smb_fname) { struct smb_filename *smb_fname_onefs = NULL; int ret; int dir_fd, saved_errno; NTSTATUS status; /* Not a stream. */ if (!is_ntfs_stream_smb_fname(smb_fname)) { return SMB_VFS_NEXT_UNLINK(handle, smb_fname); } status = onefs_stream_prep_smb_fname(talloc_tos(), smb_fname, &smb_fname_onefs); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return -1; } /* Default stream (the ::$DATA was just stripped off). */ if (!is_ntfs_stream_smb_fname(smb_fname_onefs)) { ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname_onefs); goto out; } dir_fd = get_stream_dir_fd(handle->conn, smb_fname_onefs->base_name, NULL); if (dir_fd < 0) { ret = -1; goto out; } ret = enc_unlinkat(dir_fd, smb_fname_onefs->stream_name, ENC_DEFAULT, 0); saved_errno = errno; close(dir_fd); errno = saved_errno; out: TALLOC_FREE(smb_fname_onefs); return ret; }
static int fake_acls_stat(vfs_handle_struct *handle, struct smb_filename *smb_fname) { int ret = -1; ret = SMB_VFS_NEXT_STAT(handle, smb_fname); if (ret == 0) { TALLOC_CTX *frame = talloc_stackframe(); char *path; struct smb_filename smb_fname_base = { .base_name = smb_fname->base_name }; NTSTATUS status; /* * As we're calling getxattr directly here * we need to use only the base_name, not * the full name containing any stream name. */ status = get_full_smb_filename(frame, &smb_fname_base, &path); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); TALLOC_FREE(frame); return -1; } ret = fake_acls_uid(handle, path, &smb_fname->st.st_ex_uid); if (ret != 0) { TALLOC_FREE(frame); return ret; } ret = fake_acls_gid(handle, path, &smb_fname->st.st_ex_gid); if (ret != 0) { TALLOC_FREE(frame); return ret; } TALLOC_FREE(frame); } return ret; }
static int fake_acls_lstat(vfs_handle_struct *handle, struct smb_filename *smb_fname) { int ret = -1; ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname); if (ret == 0) { TALLOC_CTX *frame = talloc_stackframe(); char *path; struct smb_filename smb_fname_base = { .base_name = smb_fname->base_name }; NTSTATUS status; /* * As we're calling getxattr directly here * we need to use only the base_name, not * the full name containing any stream name. */ status = get_full_smb_filename(frame, &smb_fname_base, &path); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); TALLOC_FREE(frame); return -1; } /* This isn't quite right (calling getxattr not * lgetxattr), but for the test purposes of this * module (fake NT ACLs from windows clients), it is * close enough. We removed the l*xattr functions * because linux doesn't support using them, but we * could fake them in xattr_tdb if we really wanted * to. We ignore errors because the link might not point anywhere */ fake_acls_uid(handle, path, &smb_fname->st.st_ex_uid); fake_acls_gid(handle, path, &smb_fname->st.st_ex_gid); TALLOC_FREE(frame); } return ret; }
static int mkdir_acl_common(vfs_handle_struct *handle, const char *path, mode_t mode) { int ret; NTSTATUS status; SMB_STRUCT_STAT sbuf; ret = vfs_stat_smb_fname(handle->conn, path, &sbuf); if (ret == -1 && errno == ENOENT) { struct security_descriptor *parent_desc = NULL; struct security_descriptor *psd = NULL; /* We're creating a new directory. */ status = check_parent_acl_common(handle, path, SEC_DIR_ADD_SUBDIR, &parent_desc); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return -1; } /* Cache the parent security descriptor for * later use. We don't have an fsp here so * use the handle. */ /* Attach this to the conn, move from talloc_tos(). */ psd = (struct security_descriptor *)talloc_move(handle->conn, &parent_desc); if (!psd) { return -1; } SMB_VFS_HANDLE_SET_DATA(handle, psd, free_sd_common, struct security_descriptor *, return -1); } return SMB_VFS_NEXT_MKDIR(handle, path, mode); }
static int streams_xattr_open(vfs_handle_struct *handle, struct smb_filename *smb_fname, files_struct *fsp, int flags, mode_t mode) { NTSTATUS status; struct streams_xattr_config *config = NULL; struct stream_io *sio = NULL; struct ea_struct ea; char *xattr_name = NULL; int pipe_fds[2]; int fakefd = -1; int ret; SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config, return -1); DEBUG(10, ("streams_xattr_open called for %s with flags 0x%x\n", smb_fname_str_dbg(smb_fname), flags)); if (!is_ntfs_stream_smb_fname(smb_fname)) { return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode); } /* If the default stream is requested, just open the base file. */ if (is_ntfs_default_stream_smb_fname(smb_fname)) { char *tmp_stream_name; tmp_stream_name = smb_fname->stream_name; smb_fname->stream_name = NULL; ret = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode); smb_fname->stream_name = tmp_stream_name; return ret; } status = streams_xattr_get_name(handle, talloc_tos(), smb_fname->stream_name, &xattr_name); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); goto fail; } /* * Return a valid fd, but ensure any attempt to use it returns an error * (EPIPE). */ ret = pipe(pipe_fds); if (ret != 0) { goto fail; } close(pipe_fds[1]); pipe_fds[1] = -1; fakefd = pipe_fds[0]; status = get_ea_value(talloc_tos(), handle->conn, NULL, smb_fname, xattr_name, &ea); DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status))); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { /* * The base file is not there. This is an error even if we got * O_CREAT, the higher levels should have created the base * file for us. */ DEBUG(10, ("streams_xattr_open: base file %s not around, " "returning ENOENT\n", smb_fname->base_name)); errno = ENOENT; goto fail; } if ((!NT_STATUS_IS_OK(status) && (flags & O_CREAT)) || (flags & O_TRUNC)) { /* * The attribute does not exist or needs to be truncated */ /* * Darn, xattrs need at least 1 byte */ char null = '\0'; DEBUG(10, ("creating or truncating attribute %s on file %s\n", xattr_name, smb_fname->base_name)); ret = SMB_VFS_SETXATTR(fsp->conn, smb_fname, xattr_name, &null, sizeof(null), flags & O_EXCL ? XATTR_CREATE : 0); if (ret != 0) { goto fail; } } sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL); if (sio == NULL) { errno = ENOMEM; goto fail; } sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp), xattr_name); /* * so->base needs to be a copy of fsp->fsp_name->base_name, * making it identical to streams_xattr_recheck(). If the * open is changing directories, fsp->fsp_name->base_name * will be the full path from the share root, whilst * smb_fname will be relative to the $cwd. */ sio->base = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp), fsp->fsp_name->base_name); sio->fsp_name_ptr = fsp->fsp_name; sio->handle = handle; sio->fsp = fsp; if ((sio->xattr_name == NULL) || (sio->base == NULL)) { errno = ENOMEM; goto fail; } return fakefd; fail: if (fakefd >= 0) { close(fakefd); fakefd = -1; } return -1; }
static SMBCSRV * SMBC_server_internal(TALLOC_CTX *ctx, SMBCCTX *context, bool connect_if_not_found, const char *server, uint16_t port, const char *share, char **pp_workgroup, char **pp_username, char **pp_password, bool *in_cache) { SMBCSRV *srv=NULL; char *workgroup = NULL; struct cli_state *c = NULL; const char *server_n = server; int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0); uint32_t fs_attrs = 0; const char *username_used; NTSTATUS status; char *newserver, *newshare; int flags = 0; struct smbXcli_tcon *tcon = NULL; int signing_state = SMB_SIGNING_DEFAULT; ZERO_STRUCT(c); *in_cache = false; if (server[0] == 0) { errno = EPERM; return NULL; } /* Look for a cached connection */ srv = SMBC_find_server(ctx, context, server, share, pp_workgroup, pp_username, pp_password); /* * If we found a connection and we're only allowed one share per * server... */ if (srv && share != NULL && *share != '\0' && smbc_getOptionOneSharePerServer(context)) { /* * ... then if there's no current connection to the share, * connect to it. SMBC_find_server(), or rather the function * pointed to by context->get_cached_srv_fn which * was called by SMBC_find_server(), will have issued a tree * disconnect if the requested share is not the same as the * one that was already connected. */ /* * Use srv->cli->desthost and srv->cli->share instead of * server and share below to connect to the actual share, * i.e., a normal share or a referred share from * 'msdfs proxy' share. */ if (!cli_state_has_tcon(srv->cli)) { /* Ensure we have accurate auth info */ SMBC_call_auth_fn(ctx, context, smbXcli_conn_remote_name(srv->cli->conn), srv->cli->share, pp_workgroup, pp_username, pp_password); if (!*pp_workgroup || !*pp_username || !*pp_password) { errno = ENOMEM; cli_shutdown(srv->cli); srv->cli = NULL; smbc_getFunctionRemoveCachedServer(context)(context, srv); return NULL; } /* * We don't need to renegotiate encryption * here as the encryption context is not per * tid. */ status = cli_tree_connect(srv->cli, srv->cli->share, "?????", *pp_password, strlen(*pp_password)+1); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); cli_shutdown(srv->cli); srv->cli = NULL; smbc_getFunctionRemoveCachedServer(context)(context, srv); srv = NULL; } /* Determine if this share supports case sensitivity */ if (is_ipc) { DEBUG(4, ("IPC$ so ignore case sensitivity\n")); status = NT_STATUS_OK; } else { status = cli_get_fs_attr_info(c, &fs_attrs); } if (!NT_STATUS_IS_OK(status)) { DEBUG(4, ("Could not retrieve " "case sensitivity flag: %s.\n", nt_errstr(status))); /* * We can't determine the case sensitivity of * the share. We have no choice but to use the * user-specified case sensitivity setting. */ if (smbc_getOptionCaseSensitive(context)) { cli_set_case_sensitive(c, True); } else { cli_set_case_sensitive(c, False); } } else if (!is_ipc) { DEBUG(4, ("Case sensitive: %s\n", (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? "True" : "False"))); cli_set_case_sensitive( c, (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? True : False)); } /* * Regenerate the dev value since it's based on both * server and share */ if (srv) { const char *remote_name = smbXcli_conn_remote_name(srv->cli->conn); srv->dev = (dev_t)(str_checksum(remote_name) ^ str_checksum(srv->cli->share)); } } } /* If we have a connection... */ if (srv) { /* ... then we're done here. Give 'em what they came for. */ *in_cache = true; goto done; } /* If we're not asked to connect when a connection doesn't exist... */ if (! connect_if_not_found) { /* ... then we're done here. */ return NULL; } if (!*pp_workgroup || !*pp_username || !*pp_password) { errno = ENOMEM; return NULL; } DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server)); DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server)); status = NT_STATUS_UNSUCCESSFUL; if (smbc_getOptionUseKerberos(context)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS; } if (smbc_getOptionFallbackAfterKerberos(context)) { flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } if (smbc_getOptionUseCCache(context)) { flags |= CLI_FULL_CONNECTION_USE_CCACHE; } if (smbc_getOptionUseNTHash(context)) { flags |= CLI_FULL_CONNECTION_USE_NT_HASH; } if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { signing_state = SMB_SIGNING_REQUIRED; } if (port == 0) { if (share == NULL || *share == '\0' || is_ipc) { /* * Try 139 first for IPC$ */ status = cli_connect_nb(server_n, NULL, NBT_SMB_PORT, 0x20, smbc_getNetbiosName(context), signing_state, flags, &c); } } if (!NT_STATUS_IS_OK(status)) { /* * No IPC$ or 139 did not work */ status = cli_connect_nb(server_n, NULL, port, 0x20, smbc_getNetbiosName(context), signing_state, flags, &c); } if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return NULL; } cli_set_timeout(c, smbc_getTimeout(context)); status = smbXcli_negprot(c->conn, c->timeout, lp_client_min_protocol(), lp_client_max_protocol()); if (!NT_STATUS_IS_OK(status)) { cli_shutdown(c); errno = ETIMEDOUT; return NULL; } if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) { /* Ensure we ask for some initial credits. */ smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS); } username_used = *pp_username; if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used, *pp_password, strlen(*pp_password), *pp_password, strlen(*pp_password), *pp_workgroup))) { /* Failed. Try an anonymous login, if allowed by flags. */ username_used = ""; if (smbc_getOptionNoAutoAnonymousLogin(context) || !NT_STATUS_IS_OK(cli_session_setup(c, username_used, *pp_password, 1, *pp_password, 0, *pp_workgroup))) { cli_shutdown(c); errno = EPERM; return NULL; } } DEBUG(4,(" session setup ok\n")); /* here's the fun part....to support 'msdfs proxy' shares (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL here before trying to connect to the original share. cli_check_msdfs_proxy() will fail if it is a normal share. */ if (smbXcli_conn_dfs_supported(c->conn) && cli_check_msdfs_proxy(ctx, c, share, &newserver, &newshare, /* FIXME: cli_check_msdfs_proxy() does not support smbc_smb_encrypt_level type */ context->internal->smb_encryption_level ? true : false, *pp_username, *pp_password, *pp_workgroup)) { cli_shutdown(c); srv = SMBC_server_internal(ctx, context, connect_if_not_found, newserver, port, newshare, pp_workgroup, pp_username, pp_password, in_cache); TALLOC_FREE(newserver); TALLOC_FREE(newshare); return srv; } /* must be a normal share */ status = cli_tree_connect(c, share, "?????", *pp_password, strlen(*pp_password)+1); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); cli_shutdown(c); return NULL; } DEBUG(4,(" tconx ok\n")); if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) { tcon = c->smb2.tcon; } else { tcon = c->smb1.tcon; } /* Determine if this share supports case sensitivity */ if (is_ipc) { DEBUG(4, ("IPC$ so ignore case sensitivity\n")); status = NT_STATUS_OK; } else { status = cli_get_fs_attr_info(c, &fs_attrs); } if (!NT_STATUS_IS_OK(status)) { DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n", nt_errstr(status))); /* * We can't determine the case sensitivity of the share. We * have no choice but to use the user-specified case * sensitivity setting. */ if (smbc_getOptionCaseSensitive(context)) { cli_set_case_sensitive(c, True); } else { cli_set_case_sensitive(c, False); } } else if (!is_ipc) { DEBUG(4, ("Case sensitive: %s\n", (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? "True" : "False"))); smbXcli_tcon_set_fs_attributes(tcon, fs_attrs); } if (context->internal->smb_encryption_level) { /* Attempt UNIX smb encryption. */ if (!NT_STATUS_IS_OK(cli_force_encryption(c, username_used, *pp_password, *pp_workgroup))) { /* * context->smb_encryption_level == 1 * means don't fail if encryption can't be negotiated, * == 2 means fail if encryption can't be negotiated. */ DEBUG(4,(" SMB encrypt failed\n")); if (context->internal->smb_encryption_level == 2) { cli_shutdown(c); errno = EPERM; return NULL; } } DEBUG(4,(" SMB encrypt ok\n")); } /* * Ok, we have got a nice connection * Let's allocate a server structure. */ srv = SMB_MALLOC_P(SMBCSRV); if (!srv) { cli_shutdown(c); errno = ENOMEM; return NULL; } ZERO_STRUCTP(srv); DLIST_ADD(srv->cli, c); srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share)); srv->no_pathinfo = False; srv->no_pathinfo2 = False; srv->no_pathinfo3 = False; srv->no_nt_session = False; done: if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) { workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context)); } else { workgroup = *pp_workgroup; } if(!workgroup) { if (c != NULL) { cli_shutdown(c); } SAFE_FREE(srv); return NULL; } /* set the credentials to make DFS work */ smbc_set_credentials_with_fallback(context, workgroup, *pp_username, *pp_password); return srv; }
static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp) { connection_struct *conn = fsp->conn; struct smb_filename *smb_dname = fsp->fsp_name; int ret; SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname)); /* Might be a symlink. */ if(SMB_VFS_LSTAT(conn, smb_dname) != 0) { return map_nt_error_from_unix(errno); } if (S_ISLNK(smb_dname->st.st_ex_mode)) { /* Is what it points to a directory ? */ if(SMB_VFS_STAT(conn, smb_dname) != 0) { return map_nt_error_from_unix(errno); } if (!(S_ISDIR(smb_dname->st.st_ex_mode))) { return NT_STATUS_NOT_A_DIRECTORY; } ret = SMB_VFS_UNLINK(conn, smb_dname); } else { ret = SMB_VFS_RMDIR(conn, smb_dname->base_name); } if (ret == 0) { notify_fname(conn, NOTIFY_ACTION_REMOVED, FILE_NOTIFY_CHANGE_DIR_NAME, smb_dname->base_name); return NT_STATUS_OK; } if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) { /* * Check to see if the only thing in this directory are * vetoed files/directories. If so then delete them and * retry. If we fail to delete any of them (and we *don't* * do a recursive delete) then fail the rmdir. */ SMB_STRUCT_STAT st; const char *dname = NULL; char *talloced = NULL; long dirpos = 0; struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, smb_dname->base_name, NULL, 0); if(dir_hnd == NULL) { errno = ENOTEMPTY; goto err; } while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) { if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0)) { TALLOC_FREE(talloced); continue; } if (!is_visible_file(conn, smb_dname->base_name, dname, &st, false)) { TALLOC_FREE(talloced); continue; } if(!IS_VETO_PATH(conn, dname)) { TALLOC_FREE(dir_hnd); TALLOC_FREE(talloced); errno = ENOTEMPTY; goto err; } TALLOC_FREE(talloced); } /* We only have veto files/directories. * Are we allowed to delete them ? */ if(!lp_recursive_veto_delete(SNUM(conn))) { TALLOC_FREE(dir_hnd); errno = ENOTEMPTY; goto err; } /* Do a recursive delete. */ RewindDir(dir_hnd,&dirpos); while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) { struct smb_filename *smb_dname_full = NULL; char *fullname = NULL; bool do_break = true; NTSTATUS status; if (ISDOT(dname) || ISDOTDOT(dname)) { TALLOC_FREE(talloced); continue; } if (!is_visible_file(conn, smb_dname->base_name, dname, &st, false)) { TALLOC_FREE(talloced); continue; } fullname = talloc_asprintf(ctx, "%s/%s", smb_dname->base_name, dname); if(!fullname) { errno = ENOMEM; goto err_break; } status = create_synthetic_smb_fname(talloc_tos(), fullname, NULL, NULL, &smb_dname_full); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); goto err_break; } if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) { goto err_break; } if(smb_dname_full->st.st_ex_mode & S_IFDIR) { if(!recursive_rmdir(ctx, conn, smb_dname_full)) { goto err_break; } if(SMB_VFS_RMDIR(conn, smb_dname_full->base_name) != 0) { goto err_break; } } else if(SMB_VFS_UNLINK(conn, smb_dname_full) != 0) { goto err_break; } /* Successful iteration. */ do_break = false; err_break: TALLOC_FREE(fullname); TALLOC_FREE(smb_dname_full); TALLOC_FREE(talloced); if (do_break) break; } TALLOC_FREE(dir_hnd); /* Retry the rmdir */ ret = SMB_VFS_RMDIR(conn, smb_dname->base_name); } err: if (ret != 0) { DEBUG(3,("rmdir_internals: couldn't remove directory %s : " "%s\n", smb_fname_str_dbg(smb_dname), strerror(errno))); return map_nt_error_from_unix(errno); } notify_fname(conn, NOTIFY_ACTION_REMOVED, FILE_NOTIFY_CHANGE_DIR_NAME, smb_dname->base_name); return NT_STATUS_OK; }
int main(int argc,const char *argv[]) { /* shall I run as a daemon */ bool is_daemon = false; bool interactive = false; bool Fork = true; bool no_process_group = false; bool log_stdout = false; char *ports = NULL; char *profile_level = NULL; int opt; poptContext pc; bool print_build_options = False; enum { OPT_DAEMON = 1000, OPT_INTERACTIVE, OPT_FORK, OPT_NO_PROCESS_GROUP, OPT_LOG_STDOUT }; struct poptOption long_options[] = { POPT_AUTOHELP {"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)" }, {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)"}, {"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in foreground (for daemontools, etc.)" }, {"no-process-group", '\0', POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" }, {"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" }, {"build-options", 'b', POPT_ARG_NONE, NULL, 'b', "Print build options" }, {"port", 'p', POPT_ARG_STRING, &ports, 0, "Listen on the specified ports"}, {"profiling-level", 'P', POPT_ARG_STRING, &profile_level, 0, "Set profiling level","PROFILE_LEVEL"}, POPT_COMMON_SAMBA POPT_TABLEEND }; struct smbd_parent_context *parent = NULL; TALLOC_CTX *frame; NTSTATUS status; struct tevent_context *ev_ctx; struct messaging_context *msg_ctx; struct server_id server_id; struct tevent_signal *se; int profiling_level; char *np_dir = NULL; static const struct smbd_shim smbd_shim_fns = { .cancel_pending_lock_requests_by_fid = smbd_cancel_pending_lock_requests_by_fid, .send_stat_cache_delete_message = smbd_send_stat_cache_delete_message, .change_to_root_user = smbd_change_to_root_user, .become_authenticated_pipe_user = smbd_become_authenticated_pipe_user, .unbecome_authenticated_pipe_user = smbd_unbecome_authenticated_pipe_user, .contend_level2_oplocks_begin = smbd_contend_level2_oplocks_begin, .contend_level2_oplocks_end = smbd_contend_level2_oplocks_end, .become_root = smbd_become_root, .unbecome_root = smbd_unbecome_root, .exit_server = smbd_exit_server, .exit_server_cleanly = smbd_exit_server_cleanly, }; /* * Do this before any other talloc operation */ talloc_enable_null_tracking(); frame = talloc_stackframe(); setup_logging(argv[0], DEBUG_DEFAULT_STDOUT); smb_init_locale(); set_smbd_shim(&smbd_shim_fns); smbd_init_globals(); TimeInit(); #ifdef HAVE_SET_AUTH_PARAMETERS set_auth_parameters(argc,argv); #endif pc = poptGetContext("smbd", argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { case OPT_DAEMON: is_daemon = true; break; case OPT_INTERACTIVE: interactive = true; break; case OPT_FORK: Fork = false; break; case OPT_NO_PROCESS_GROUP: no_process_group = true; break; case OPT_LOG_STDOUT: log_stdout = true; break; case 'b': print_build_options = True; break; default: d_fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); exit(1); } } poptFreeContext(pc); if (interactive) { Fork = False; log_stdout = True; } if (log_stdout) { setup_logging(argv[0], DEBUG_STDOUT); } else { setup_logging(argv[0], DEBUG_FILE); } if (print_build_options) { build_options(True); /* Display output to screen as well as debug */ exit(0); } #ifdef HAVE_SETLUID /* needed for SecureWare on SCO */ setluid(0); #endif set_remote_machine_name("smbd", False); if (interactive && (DEBUGLEVEL >= 9)) { talloc_enable_leak_report(); } if (log_stdout && Fork) { DEBUG(0,("ERROR: Can't log to stdout (-S) unless daemon is in foreground (-F) or interactive (-i)\n")); exit(1); } /* we want to re-seed early to prevent time delays causing client problems at a later date. (tridge) */ generate_random_buffer(NULL, 0); /* get initial effective uid and gid */ sec_init(); /* make absolutely sure we run as root - to handle cases where people are crazy enough to have it setuid */ gain_root_privilege(); gain_root_group_privilege(); fault_setup(); dump_core_setup("smbd", lp_logfile(talloc_tos())); /* we are never interested in SIGPIPE */ BlockSignals(True,SIGPIPE); #if defined(SIGFPE) /* we are never interested in SIGFPE */ BlockSignals(True,SIGFPE); #endif #if defined(SIGUSR2) /* We are no longer interested in USR2 */ BlockSignals(True,SIGUSR2); #endif /* POSIX demands that signals are inherited. If the invoking process has * these signals masked, we will have problems, as we won't recieve them. */ BlockSignals(False, SIGHUP); BlockSignals(False, SIGUSR1); BlockSignals(False, SIGTERM); /* Ensure we leave no zombies until we * correctly set up child handling below. */ CatchChild(); /* we want total control over the permissions on created files, so set our umask to 0 */ umask(0); reopen_logs(); DEBUG(0,("smbd version %s started.\n", samba_version_string())); DEBUGADD(0,("%s\n", COPYRIGHT_STARTUP_MESSAGE)); DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n", (int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid())); /* Output the build options to the debug log */ build_options(False); if (sizeof(uint16_t) < 2 || sizeof(uint32_t) < 4) { DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n")); exit(1); } if (!lp_load_initial_only(get_dyn_CONFIGFILE())) { DEBUG(0, ("error opening config file '%s'\n", get_dyn_CONFIGFILE())); exit(1); } if (!cluster_probe_ok()) { exit(1); } /* Init the security context and global current_user */ init_sec_ctx(); /* * Initialize the event context. The event context needs to be * initialized before the messaging context, cause the messaging * context holds an event context. * FIXME: This should be s3_tevent_context_init() */ ev_ctx = server_event_context(); if (ev_ctx == NULL) { exit(1); } /* * Init the messaging context * FIXME: This should only call messaging_init() */ msg_ctx = server_messaging_context(); if (msg_ctx == NULL) { exit(1); } /* * Reloading of the printers will not work here as we don't have a * server info and rpc services set up. It will be called later. */ if (!reload_services(NULL, NULL, false)) { exit(1); } if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC && !lp_parm_bool(-1, "server role check", "inhibit", false)) { DEBUG(0, ("server role = 'active directory domain controller' not compatible with running smbd standalone. \n")); DEBUGADD(0, ("You should start 'samba' instead, and it will control starting smbd if required\n")); exit(1); } /* ...NOTE... Log files are working from this point! */ DEBUG(3,("loaded services\n")); init_structs(); if (!profile_setup(msg_ctx, False)) { DEBUG(0,("ERROR: failed to setup profiling\n")); return -1; } if (profile_level != NULL) { profiling_level = atoi(profile_level); } else { profiling_level = lp_smbd_profiling_level(); } set_profile_level(profiling_level, messaging_server_id(msg_ctx)); if (!is_daemon && !is_a_socket(0)) { if (!interactive) { DEBUG(3, ("Standard input is not a socket, " "assuming -D option\n")); } /* * Setting is_daemon here prevents us from eventually calling * the open_sockets_inetd() */ is_daemon = True; } if (is_daemon && !interactive) { DEBUG(3, ("Becoming a daemon.\n")); become_daemon(Fork, no_process_group, log_stdout); } #if HAVE_SETPGID /* * If we're interactive we want to set our own process group for * signal management. */ if (interactive && !no_process_group) setpgid( (pid_t)0, (pid_t)0); #endif if (!directory_exist(lp_lock_directory())) mkdir(lp_lock_directory(), 0755); if (!directory_exist(lp_pid_directory())) mkdir(lp_pid_directory(), 0755); if (is_daemon) pidfile_create(lp_pid_directory(), "smbd"); status = reinit_after_fork(msg_ctx, ev_ctx, false, NULL); if (!NT_STATUS_IS_OK(status)) { exit_daemon("reinit_after_fork() failed", map_errno_from_nt_status(status)); } if (!interactive) { /* * Do not initialize the parent-child-pipe before becoming a * daemon: this is used to detect a died parent in the child * process. */ status = init_before_fork(); if (!NT_STATUS_IS_OK(status)) { exit_daemon(nt_errstr(status), map_errno_from_nt_status(status)); } } parent = talloc_zero(ev_ctx, struct smbd_parent_context); if (!parent) { exit_server("talloc(struct smbd_parent_context) failed"); } parent->interactive = interactive; parent->ev_ctx = ev_ctx; parent->msg_ctx = msg_ctx; am_parent = parent; se = tevent_add_signal(parent->ev_ctx, parent, SIGTERM, 0, smbd_parent_sig_term_handler, parent); if (!se) { exit_server("failed to setup SIGTERM handler"); } se = tevent_add_signal(parent->ev_ctx, parent, SIGHUP, 0, smbd_parent_sig_hup_handler, parent); if (!se) { exit_server("failed to setup SIGHUP handler"); } /* Setup all the TDB's - including CLEAR_IF_FIRST tdb's. */ if (smbd_memcache() == NULL) { exit_daemon("no memcache available", EACCES); } memcache_set_global(smbd_memcache()); /* Initialise the password backed before the global_sam_sid to ensure that we fetch from ldap before we make a domain sid up */ if(!initialize_password_db(false, ev_ctx)) exit(1); if (!secrets_init()) { exit_daemon("smbd can not open secrets.tdb", EACCES); } if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) { struct loadparm_context *lp_ctx = loadparm_init_s3(NULL, loadparm_s3_helpers()); if (!open_schannel_session_store(NULL, lp_ctx)) { exit_daemon("ERROR: Samba cannot open schannel store for secured NETLOGON operations.", EACCES); } TALLOC_FREE(lp_ctx); } if(!get_global_sam_sid()) { exit_daemon("Samba cannot create a SAM SID", EACCES); } server_id = messaging_server_id(msg_ctx); status = smbXsrv_version_global_init(&server_id); if (!NT_STATUS_IS_OK(status)) { exit_daemon("Samba cannot init server context", EACCES); } status = smbXsrv_session_global_init(); if (!NT_STATUS_IS_OK(status)) { exit_daemon("Samba cannot init session context", EACCES); } status = smbXsrv_tcon_global_init(); if (!NT_STATUS_IS_OK(status)) { exit_daemon("Samba cannot init tcon context", EACCES); } if (!locking_init()) exit_daemon("Samba cannot init locking", EACCES); if (!leases_db_init(false)) { exit_daemon("Samba cannot init leases", EACCES); } if (!smbd_notifyd_init(msg_ctx, interactive)) { exit_daemon("Samba cannot init notification", EACCES); } if (!messaging_parent_dgm_cleanup_init(msg_ctx)) { exit(1); } if (!smbd_scavenger_init(NULL, msg_ctx, ev_ctx)) { exit_daemon("Samba cannot init scavenging", EACCES); } if (!serverid_parent_init(ev_ctx)) { exit_daemon("Samba cannot init server id", EACCES); } if (!W_ERROR_IS_OK(registry_init_full())) exit_daemon("Samba cannot init registry", EACCES); /* Open the share_info.tdb here, so we don't have to open after the fork on every single connection. This is a small performance improvment and reduces the total number of system fds used. */ if (!share_info_db_init()) { exit_daemon("ERROR: failed to load share info db.", EACCES); } status = init_system_session_info(); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("ERROR: failed to setup system user info: %s.\n", nt_errstr(status))); return -1; } if (!init_guest_info()) { DEBUG(0,("ERROR: failed to setup guest info.\n")); return -1; } if (!file_init_global()) { DEBUG(0, ("ERROR: file_init_global() failed\n")); return -1; } status = smbXsrv_open_global_init(); if (!NT_STATUS_IS_OK(status)) { exit_daemon("Samba cannot init global open", map_errno_from_nt_status(status)); } /* This MUST be done before start_epmd() because otherwise * start_epmd() forks and races against dcesrv_ep_setup() to * call directory_create_or_exist() */ if (!directory_create_or_exist(lp_ncalrpc_dir(), 0755)) { DEBUG(0, ("Failed to create pipe directory %s - %s\n", lp_ncalrpc_dir(), strerror(errno))); return -1; } np_dir = talloc_asprintf(talloc_tos(), "%s/np", lp_ncalrpc_dir()); if (!np_dir) { DEBUG(0, ("%s: Out of memory\n", __location__)); return -1; } if (!directory_create_or_exist_strict(np_dir, geteuid(), 0700)) { DEBUG(0, ("Failed to create pipe directory %s - %s\n", np_dir, strerror(errno))); return -1; } if (is_daemon && !interactive) { if (rpc_epmapper_daemon() == RPC_DAEMON_FORK) { start_epmd(ev_ctx, msg_ctx); } } if (!dcesrv_ep_setup(ev_ctx, msg_ctx)) { exit_daemon("Samba cannot setup ep pipe", EACCES); } if (is_daemon && !interactive) { daemon_ready("smbd"); } /* only start other daemons if we are running as a daemon * -- bad things will happen if smbd is launched via inetd * and we fork a copy of ourselves here */ if (is_daemon && !interactive) { if (rpc_lsasd_daemon() == RPC_DAEMON_FORK) { start_lsasd(ev_ctx, msg_ctx); } if (rpc_fss_daemon() == RPC_DAEMON_FORK) { start_fssd(ev_ctx, msg_ctx); } if (!lp__disable_spoolss() && (rpc_spoolss_daemon() != RPC_DAEMON_DISABLED)) { bool bgq = lp_parm_bool(-1, "smbd", "backgroundqueue", true); if (!printing_subsystem_init(ev_ctx, msg_ctx, true, bgq)) { exit_daemon("Samba failed to init printing subsystem", EACCES); } } #ifdef WITH_SPOTLIGHT if ((rpc_mdssvc_mode() == RPC_SERVICE_MODE_EXTERNAL) && (rpc_mdssd_daemon() == RPC_DAEMON_FORK)) { start_mdssd(ev_ctx, msg_ctx); } #endif } else if (!lp__disable_spoolss() && (rpc_spoolss_daemon() != RPC_DAEMON_DISABLED)) { if (!printing_subsystem_init(ev_ctx, msg_ctx, false, false)) { exit(1); } } if (!is_daemon) { int sock; /* inetd mode */ TALLOC_FREE(frame); /* Started from inetd. fd 0 is the socket. */ /* We will abort gracefully when the client or remote system goes away */ sock = dup(0); /* close stdin, stdout (if not logging to it), but not stderr */ close_low_fds(true, !debug_get_output_is_stdout(), false); #ifdef HAVE_ATEXIT atexit(killkids); #endif /* Stop zombies */ smbd_setup_sig_chld_handler(parent); smbd_process(ev_ctx, msg_ctx, sock, true); exit_server_cleanly(NULL); return(0); } if (!open_sockets_smbd(parent, ev_ctx, msg_ctx, ports)) exit_server("open_sockets_smbd() failed"); /* do a printer update now that all messaging has been set up, * before we allow clients to start connecting */ if (!lp__disable_spoolss() && (rpc_spoolss_daemon() != RPC_DAEMON_DISABLED)) { printing_subsystem_update(ev_ctx, msg_ctx, false); } TALLOC_FREE(frame); /* make sure we always have a valid stackframe */ frame = talloc_stackframe(); if (!Fork) { /* if we are running in the foreground then look for EOF on stdin, and exit if it happens. This allows us to die if the parent process dies Only do this on a pipe or socket, no other device. */ struct stat st; if (fstat(0, &st) != 0) { return false; } if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) { tevent_add_fd(ev_ctx, parent, 0, TEVENT_FD_READ, smbd_stdin_handler, NULL); } } smbd_parent_loop(ev_ctx, parent); exit_server_cleanly(NULL); TALLOC_FREE(frame); return(0); }
static bool tsmsm_is_offline(struct vfs_handle_struct *handle, const struct smb_filename *fname, SMB_STRUCT_STAT *stbuf) { struct tsmsm_struct *tsmd = (struct tsmsm_struct *) handle->data; const dm_sessid_t *dmsession_id; void *dmhandle = NULL; size_t dmhandle_len = 0; size_t rlen; dm_attrname_t dmname; int ret, lerrno; bool offline; char *buf = NULL; size_t buflen; NTSTATUS status; char *path; status = get_full_smb_filename(talloc_tos(), fname, &path); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return false; } /* if the file has more than FILE_IS_ONLINE_RATIO of blocks available, then assume it is not offline (it may not be 100%, as it could be sparse) */ if (512 * stbuf->st_ex_blocks >= stbuf->st_ex_size * tsmd->online_ratio) { DEBUG(10,("%s not offline: st_blocks=%llu st_size=%llu " "online_ratio=%.2f\n", path, (unsigned long long)stbuf->st_ex_blocks, (unsigned long long)stbuf->st_ex_size, tsmd->online_ratio)); return false; } dmsession_id = dmapi_get_current_session(); if (dmsession_id == NULL) { DEBUG(2, ("tsmsm_is_offline: no DMAPI session available? " "Assume file is online.\n")); return false; } /* using POSIX capabilities does not work here. It's a slow path, so * become_root() is just as good anyway (tridge) */ /* Also, AIX has DMAPI but no POSIX capablities support. In this case, * we need to be root to do DMAPI manipulations. */ become_root(); /* go the slow DMAPI route */ if (dm_path_to_handle((char*)path, &dmhandle, &dmhandle_len) != 0) { DEBUG(2,("dm_path_to_handle failed - assuming offline (%s) - %s\n", path, strerror(errno))); offline = true; goto done; } memset(&dmname, 0, sizeof(dmname)); strlcpy((char *)&dmname.an_chars[0], tsmd->attrib_name, sizeof(dmname.an_chars)); if (tsmd->attrib_value != NULL) { buflen = strlen(tsmd->attrib_value); } else { buflen = 1; } buf = talloc_zero_size(tsmd, buflen); if (buf == NULL) { DEBUG(0,("out of memory in tsmsm_is_offline -- assuming online (%s)\n", path)); errno = ENOMEM; offline = false; goto done; } do { lerrno = 0; ret = dm_get_dmattr(*dmsession_id, dmhandle, dmhandle_len, DM_NO_TOKEN, &dmname, buflen, buf, &rlen); if (ret == -1 && errno == EINVAL) { DEBUG(0, ("Stale DMAPI session, re-creating it.\n")); lerrno = EINVAL; if (dmapi_new_session()) { dmsession_id = dmapi_get_current_session(); } else { DEBUG(0, ("Unable to re-create DMAPI session, assuming offline (%s) - %s\n", path, strerror(errno))); offline = true; dm_handle_free(dmhandle, dmhandle_len); goto done; } } } while (ret == -1 && lerrno == EINVAL); /* check if we need a specific attribute value */ if (tsmd->attrib_value != NULL) { offline = (ret == 0 && rlen == buflen && memcmp(buf, tsmd->attrib_value, buflen) == 0); } else { /* its offline if the specified DMAPI attribute exists */ offline = (ret == 0 || (ret == -1 && errno == E2BIG)); } DEBUG(10,("dm_get_dmattr %s ret=%d (%s)\n", path, ret, strerror(errno))); ret = 0; dm_handle_free(dmhandle, dmhandle_len); done: talloc_free(buf); unbecome_root(); return offline; }
int onefs_rename(vfs_handle_struct *handle, const struct smb_filename *smb_fname_src, const struct smb_filename *smb_fname_dst) { struct smb_filename *smb_fname_src_onefs = NULL; struct smb_filename *smb_fname_dst_onefs = NULL; NTSTATUS status; int saved_errno; int dir_fd = -1; int ret = -1; START_PROFILE(syscall_rename_at); if (!is_ntfs_stream_smb_fname(smb_fname_src) && !is_ntfs_stream_smb_fname(smb_fname_dst)) { ret = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst); goto done; } /* For now don't allow renames from or to the default stream. */ if (is_ntfs_default_stream_smb_fname(smb_fname_src) || is_ntfs_default_stream_smb_fname(smb_fname_dst)) { DEBUG(3, ("Unable to rename to/from a default stream: %s -> " "%s\n", smb_fname_str_dbg(smb_fname_src), smb_fname_str_dbg(smb_fname_dst))); errno = ENOSYS; goto done; } /* prep stream smb_filename structs. */ status = onefs_stream_prep_smb_fname(talloc_tos(), smb_fname_src, &smb_fname_src_onefs); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); goto done; } status = onefs_stream_prep_smb_fname(talloc_tos(), smb_fname_dst, &smb_fname_dst_onefs); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); goto done; } dir_fd = get_stream_dir_fd(handle->conn, smb_fname_src->base_name, NULL); if (dir_fd < -1) { goto done; } DEBUG(8, ("onefs_rename called for %s => %s\n", smb_fname_str_dbg(smb_fname_src_onefs), smb_fname_str_dbg(smb_fname_dst_onefs))); /* Handle rename of stream to default stream specially. */ if (smb_fname_dst_onefs->stream_name == NULL) { ret = enc_renameat(dir_fd, smb_fname_src_onefs->stream_name, ENC_DEFAULT, AT_FDCWD, smb_fname_dst_onefs->base_name, ENC_DEFAULT); } else { ret = enc_renameat(dir_fd, smb_fname_src_onefs->stream_name, ENC_DEFAULT, dir_fd, smb_fname_dst_onefs->stream_name, ENC_DEFAULT); } done: END_PROFILE(syscall_rename_at); TALLOC_FREE(smb_fname_src_onefs); TALLOC_FREE(smb_fname_dst_onefs); saved_errno = errno; if (dir_fd >= 0) { close(dir_fd); } errno = saved_errno; return ret; }
static SMBCSRV * SMBC_server_internal(TALLOC_CTX *ctx, SMBCCTX *context, bool connect_if_not_found, const char *server, const char *share, char **pp_workgroup, char **pp_username, char **pp_password, bool *in_cache) { SMBCSRV *srv=NULL; char *workgroup = NULL; struct cli_state *c; struct nmb_name called, calling; const char *server_n = server; struct sockaddr_storage ss; int tried_reverse = 0; int port_try_first; int port_try_next; int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0); uint32 fs_attrs = 0; const char *username_used; NTSTATUS status; char *newserver, *newshare; zero_sockaddr(&ss); ZERO_STRUCT(c); *in_cache = false; if (server[0] == 0) { errno = EPERM; return NULL; } /* Look for a cached connection */ srv = SMBC_find_server(ctx, context, server, share, pp_workgroup, pp_username, pp_password); /* * If we found a connection and we're only allowed one share per * server... */ if (srv && *share != '\0' && smbc_getOptionOneSharePerServer(context)) { /* * ... then if there's no current connection to the share, * connect to it. SMBC_find_server(), or rather the function * pointed to by context->get_cached_srv_fn which * was called by SMBC_find_server(), will have issued a tree * disconnect if the requested share is not the same as the * one that was already connected. */ /* * Use srv->cli->desthost and srv->cli->share instead of * server and share below to connect to the actual share, * i.e., a normal share or a referred share from * 'msdfs proxy' share. */ if (srv->cli->cnum == (uint16) -1) { /* Ensure we have accurate auth info */ SMBC_call_auth_fn(ctx, context, srv->cli->desthost, srv->cli->share, pp_workgroup, pp_username, pp_password); if (!*pp_workgroup || !*pp_username || !*pp_password) { errno = ENOMEM; cli_shutdown(srv->cli); srv->cli = NULL; smbc_getFunctionRemoveCachedServer(context)(context, srv); return NULL; } /* * We don't need to renegotiate encryption * here as the encryption context is not per * tid. */ status = cli_tcon_andx(srv->cli, srv->cli->share, "?????", *pp_password, strlen(*pp_password)+1); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); cli_shutdown(srv->cli); srv->cli = NULL; smbc_getFunctionRemoveCachedServer(context)(context, srv); srv = NULL; } /* Determine if this share supports case sensitivity */ if (is_ipc) { DEBUG(4, ("IPC$ so ignore case sensitivity\n")); } else if (!cli_get_fs_attr_info(c, &fs_attrs)) { DEBUG(4, ("Could not retrieve " "case sensitivity flag: %s.\n", cli_errstr(c))); /* * We can't determine the case sensitivity of * the share. We have no choice but to use the * user-specified case sensitivity setting. */ if (smbc_getOptionCaseSensitive(context)) { cli_set_case_sensitive(c, True); } else { cli_set_case_sensitive(c, False); } } else { DEBUG(4, ("Case sensitive: %s\n", (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? "True" : "False"))); cli_set_case_sensitive( c, (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? True : False)); } /* * Regenerate the dev value since it's based on both * server and share */ if (srv) { srv->dev = (dev_t)(str_checksum(srv->cli->desthost) ^ str_checksum(srv->cli->share)); } } } /* If we have a connection... */ if (srv) { /* ... then we're done here. Give 'em what they came for. */ *in_cache = true; goto done; } /* If we're not asked to connect when a connection doesn't exist... */ if (! connect_if_not_found) { /* ... then we're done here. */ return NULL; } if (!*pp_workgroup || !*pp_username || !*pp_password) { errno = ENOMEM; return NULL; } make_nmb_name(&calling, smbc_getNetbiosName(context), 0x0); make_nmb_name(&called , server, 0x20); DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server)); DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server)); again: zero_sockaddr(&ss); /* have to open a new connection */ if ((c = cli_initialise()) == NULL) { errno = ENOMEM; return NULL; } if (smbc_getOptionUseKerberos(context)) { c->use_kerberos = True; } if (smbc_getOptionFallbackAfterKerberos(context)) { c->fallback_after_kerberos = True; } if (smbc_getOptionUseCCache(context)) { c->use_ccache = True; } c->timeout = smbc_getTimeout(context); /* * Force use of port 139 for first try if share is $IPC, empty, or * null, so browse lists can work */ if (share == NULL || *share == '\0' || is_ipc) { port_try_first = 139; port_try_next = 445; } else { port_try_first = 445; port_try_next = 139; } c->port = port_try_first; status = cli_connect(c, server_n, &ss); if (!NT_STATUS_IS_OK(status)) { /* First connection attempt failed. Try alternate port. */ c->port = port_try_next; status = cli_connect(c, server_n, &ss); if (!NT_STATUS_IS_OK(status)) { cli_shutdown(c); errno = ETIMEDOUT; return NULL; } } if (!cli_session_request(c, &calling, &called)) { cli_shutdown(c); if (strcmp(called.name, "*SMBSERVER")) { make_nmb_name(&called , "*SMBSERVER", 0x20); goto again; } else { /* Try one more time, but ensure we don't loop */ /* Only try this if server is an IP address ... */ if (is_ipaddress(server) && !tried_reverse) { fstring remote_name; struct sockaddr_storage rem_ss; if (!interpret_string_addr(&rem_ss, server, NI_NUMERICHOST)) { DEBUG(4, ("Could not convert IP address " "%s to struct sockaddr_storage\n", server)); errno = ETIMEDOUT; return NULL; } tried_reverse++; /* Yuck */ if (name_status_find("*", 0, 0, &rem_ss, remote_name)) { make_nmb_name(&called, remote_name, 0x20); goto again; } } } errno = ETIMEDOUT; return NULL; } DEBUG(4,(" session request ok\n")); status = cli_negprot(c); if (!NT_STATUS_IS_OK(status)) { cli_shutdown(c); errno = ETIMEDOUT; return NULL; } username_used = *pp_username; if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used, *pp_password, strlen(*pp_password), *pp_password, strlen(*pp_password), *pp_workgroup))) { fprintf(stderr, "JerryLin: Libsmb_server.c->SMBC_server_internal: cli_session_setup fail with username=[%s], password=[%s]\n", username_used, *pp_password); /* Failed. Try an anonymous login, if allowed by flags. */ username_used = ""; if (smbc_getOptionNoAutoAnonymousLogin(context) || !NT_STATUS_IS_OK(cli_session_setup(c, username_used, *pp_password, 1, *pp_password, 0, *pp_workgroup))) { cli_shutdown(c); errno = EPERM; return NULL; } } status = cli_init_creds(c, username_used, *pp_workgroup, *pp_password); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); cli_shutdown(c); return NULL; } DEBUG(4,(" session setup ok\n")); /* here's the fun part....to support 'msdfs proxy' shares (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL here before trying to connect to the original share. cli_check_msdfs_proxy() will fail if it is a normal share. */ if ((c->capabilities & CAP_DFS) && cli_check_msdfs_proxy(ctx, c, share, &newserver, &newshare, /* FIXME: cli_check_msdfs_proxy() does not support smbc_smb_encrypt_level type */ context->internal->smb_encryption_level ? true : false, *pp_username, *pp_password, *pp_workgroup)) { cli_shutdown(c); srv = SMBC_server_internal(ctx, context, connect_if_not_found, newserver, newshare, pp_workgroup, pp_username, pp_password, in_cache); TALLOC_FREE(newserver); TALLOC_FREE(newshare); return srv; } /* must be a normal share */ status = cli_tcon_andx(c, share, "?????", *pp_password, strlen(*pp_password)+1); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); fprintf(stderr, "JerryLin: Libsmb_server.c->SMBC_server_internal: cli_tcon_andx return %08X, errno=[%d]\n", NT_STATUS_V(status), errno); cli_shutdown(c); return NULL; } DEBUG(4,(" tconx ok\n")); /* Determine if this share supports case sensitivity */ if (is_ipc) { DEBUG(4, ("IPC$ so ignore case sensitivity\n")); } else if (!cli_get_fs_attr_info(c, &fs_attrs)) { DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n", cli_errstr(c))); /* * We can't determine the case sensitivity of the share. We * have no choice but to use the user-specified case * sensitivity setting. */ if (smbc_getOptionCaseSensitive(context)) { cli_set_case_sensitive(c, True); } else { cli_set_case_sensitive(c, False); } } else { DEBUG(4, ("Case sensitive: %s\n", (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? "True" : "False"))); cli_set_case_sensitive(c, (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? True : False)); } if (context->internal->smb_encryption_level) { /* Attempt UNIX smb encryption. */ if (!NT_STATUS_IS_OK(cli_force_encryption(c, username_used, *pp_password, *pp_workgroup))) { /* * context->smb_encryption_level == 1 * means don't fail if encryption can't be negotiated, * == 2 means fail if encryption can't be negotiated. */ DEBUG(4,(" SMB encrypt failed\n")); if (context->internal->smb_encryption_level == 2) { cli_shutdown(c); errno = EPERM; return NULL; } } DEBUG(4,(" SMB encrypt ok\n")); } /* * Ok, we have got a nice connection * Let's allocate a server structure. */ srv = SMB_MALLOC_P(SMBCSRV); if (!srv) { cli_shutdown(c); errno = ENOMEM; return NULL; } ZERO_STRUCTP(srv); srv->cli = c; srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share)); srv->no_pathinfo = False; srv->no_pathinfo2 = False; srv->no_nt_session = False; done: if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) { workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context)); } else { workgroup = *pp_workgroup; } if(!workgroup) { return NULL; } /* set the credentials to make DFS work */ smbc_set_credentials_with_fallback(context, workgroup, *pp_username, *pp_password); return srv; }
ssize_t SMBC_write_ctx(SMBCCTX *context, SMBCFILE *file, const void *buf, size_t count) { off_t offset; char *server = NULL, *share = NULL, *user = NULL, *password = NULL; char *path = NULL; char *targetpath = NULL; struct cli_state *targetcli = NULL; TALLOC_CTX *frame = talloc_stackframe(); NTSTATUS status; /* First check all pointers before dereferencing them */ if (!context || !context->internal->initialized) { errno = EINVAL; TALLOC_FREE(frame); return -1; } if (!file || !SMBC_dlist_contains(context->internal->files, file)) { errno = EBADF; TALLOC_FREE(frame); return -1; } /* Check that the buffer exists ... */ if (buf == NULL) { errno = EINVAL; TALLOC_FREE(frame); return -1; } offset = file->offset; /* See "offset" comment in SMBC_read_ctx() */ /*d_printf(">>>write: parsing %s\n", file->fname);*/ if (SMBC_parse_path(frame, context, file->fname, NULL, &server, &share, &path, &user, &password, NULL)) { errno = EINVAL; TALLOC_FREE(frame); return -1; } /*d_printf(">>>write: resolving %s\n", path);*/ status = cli_resolve_path(frame, "", context->internal->auth_info, file->srv->cli, path, &targetcli, &targetpath); if (!NT_STATUS_IS_OK(status)) { d_printf("Could not resolve %s\n", path); errno = ENOENT; TALLOC_FREE(frame); return -1; } /*d_printf(">>>write: resolved path as %s\n", targetpath);*/ status = cli_writeall(targetcli, file->cli_fd, 0, (const uint8_t *)buf, offset, count, NULL); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); TALLOC_FREE(frame); return -1; } file->offset += count; TALLOC_FREE(frame); return count; /* Success, 0 bytes of data ... */ }
int main(int argc, const char *argv[]) { bool is_daemon = false; bool opt_interactive = false; bool Fork = true; bool no_process_group = false; bool log_stdout = false; poptContext pc; char *p_lmhosts = NULL; int opt; struct messaging_context *msg; enum { OPT_DAEMON = 1000, OPT_INTERACTIVE, OPT_FORK, OPT_NO_PROCESS_GROUP, OPT_LOG_STDOUT }; struct poptOption long_options[] = { POPT_AUTOHELP {"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon(default)" }, {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)" }, {"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in foreground (for daemontools & etc)" }, {"no-process-group", 0, POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" }, {"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" }, {"hosts", 'H', POPT_ARG_STRING, &p_lmhosts, 0, "Load a netbios hosts file"}, {"port", 'p', POPT_ARG_INT, &global_nmb_port, 0, "Listen on the specified port" }, POPT_COMMON_SAMBA POPT_COMMON_DYNCONFIG POPT_TABLEEND }; TALLOC_CTX *frame; NTSTATUS status; bool ok; /* * Do this before any other talloc operation */ talloc_enable_null_tracking(); frame = talloc_stackframe(); /* * We want total control over the permissions on created files, * so set our umask to 0. */ umask(0); setup_logging(argv[0], DEBUG_DEFAULT_STDOUT); load_case_tables(); global_nmb_port = NMB_PORT; pc = poptGetContext("nmbd", argc, argv, long_options, 0); while ((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { case OPT_DAEMON: is_daemon = true; break; case OPT_INTERACTIVE: opt_interactive = true; break; case OPT_FORK: Fork = false; break; case OPT_NO_PROCESS_GROUP: no_process_group = true; break; case OPT_LOG_STDOUT: log_stdout = true; break; default: d_fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); exit(1); } }; poptFreeContext(pc); global_in_nmbd = true; StartupTime = time(NULL); sys_srandom(time(NULL) ^ getpid()); if (!override_logfile) { char *lfile = NULL; if (asprintf(&lfile, "%s/log.nmbd", get_dyn_LOGFILEBASE()) < 0) { exit(1); } lp_set_logfile(lfile); SAFE_FREE(lfile); } fault_setup(); dump_core_setup("nmbd", lp_logfile(talloc_tos())); /* POSIX demands that signals are inherited. If the invoking process has * these signals masked, we will have problems, as we won't receive them. */ BlockSignals(False, SIGHUP); BlockSignals(False, SIGUSR1); BlockSignals(False, SIGTERM); #if defined(SIGFPE) /* we are never interested in SIGFPE */ BlockSignals(True,SIGFPE); #endif /* We no longer use USR2... */ #if defined(SIGUSR2) BlockSignals(True, SIGUSR2); #endif /* Ignore children - no zombies. */ CatchChild(); if ( opt_interactive ) { Fork = False; log_stdout = True; } if ( log_stdout && Fork ) { DEBUG(0,("ERROR: Can't log to stdout (-S) unless daemon is in foreground (-F) or interactive (-i)\n")); exit(1); } if (log_stdout) { setup_logging(argv[0], DEBUG_STDOUT); } else { setup_logging( argv[0], DEBUG_FILE); } reopen_logs(); DEBUG(0,("nmbd version %s started.\n", samba_version_string())); DEBUGADD(0,("%s\n", COPYRIGHT_STARTUP_MESSAGE)); if (!lp_load_initial_only(get_dyn_CONFIGFILE())) { DEBUG(0, ("error opening config file '%s'\n", get_dyn_CONFIGFILE())); exit(1); } reopen_logs(); if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC && !lp_parm_bool(-1, "server role check", "inhibit", false)) { /* TODO: when we have a merged set of defaults for * loadparm, we could possibly check if the internal * nbt server is in the list, and allow a startup if disabled */ DEBUG(0, ("server role = 'active directory domain controller' not compatible with running nmbd standalone. \n")); DEBUGADD(0, ("You should start 'samba' instead, and it will control starting the internal nbt server\n")); exit(1); } msg = messaging_init(NULL, server_event_context()); if (msg == NULL) { return 1; } if ( !reload_nmbd_services(False) ) return(-1); if(!init_names()) return -1; reload_nmbd_services( True ); if (strequal(lp_workgroup(),"*")) { DEBUG(0,("ERROR: a workgroup name of * is no longer supported\n")); exit(1); } set_samba_nb_type(); if (!is_daemon && !is_a_socket(0)) { DEBUG(0,("standard input is not a socket, assuming -D option\n")); is_daemon = True; } if (is_daemon && !opt_interactive) { DEBUG( 2, ( "Becoming a daemon.\n" ) ); become_daemon(Fork, no_process_group, log_stdout); } #if HAVE_SETPGID /* * If we're interactive we want to set our own process group for * signal management. */ if (opt_interactive && !no_process_group) setpgid( (pid_t)0, (pid_t)0 ); #endif #ifndef SYNC_DNS /* Setup the async dns. We do it here so it doesn't have all the other stuff initialised and thus chewing memory and sockets */ if(lp_we_are_a_wins_server() && lp_wins_dns_proxy()) { start_async_dns(msg); } #endif ok = directory_create_or_exist(lp_lockdir(), geteuid(), 0755); if (!ok) { exit_daemon("Failed to create directory for lock files, check 'lock directory'", errno); } ok = directory_create_or_exist(lp_piddir(), geteuid(), 0755); if (!ok) { exit_daemon("Failed to create directory for pid files, check 'pid directory'", errno); } pidfile_create(lp_piddir(), "nmbd"); status = reinit_after_fork(msg, nmbd_event_context(), false); if (!NT_STATUS_IS_OK(status)) { exit_daemon("reinit_after_fork() failed", map_errno_from_nt_status(status)); } /* * Do not initialize the parent-child-pipe before becoming * a daemon: this is used to detect a died parent in the child * process. */ status = init_before_fork(); if (!NT_STATUS_IS_OK(status)) { exit_daemon(nt_errstr(status), map_errno_from_nt_status(status)); } if (!nmbd_setup_sig_term_handler(msg)) exit_daemon("NMBD failed to setup signal handler", EINVAL); if (!nmbd_setup_stdin_handler(msg, !Fork)) exit_daemon("NMBD failed to setup stdin handler", EINVAL); if (!nmbd_setup_sig_hup_handler(msg)) exit_daemon("NMBD failed to setup SIGHUP handler", EINVAL); /* get broadcast messages */ if (!serverid_register(messaging_server_id(msg), FLAG_MSG_GENERAL | FLAG_MSG_NMBD | FLAG_MSG_DBWRAP)) { exit_daemon("Could not register NMBD process in serverid.tdb", EACCES); } messaging_register(msg, NULL, MSG_FORCE_ELECTION, nmbd_message_election); #if 0 /* Until winsrepl is done. */ messaging_register(msg, NULL, MSG_WINS_NEW_ENTRY, nmbd_wins_new_entry); #endif messaging_register(msg, NULL, MSG_SHUTDOWN, nmbd_terminate); messaging_register(msg, NULL, MSG_SMB_CONF_UPDATED, msg_reload_nmbd_services); messaging_register(msg, NULL, MSG_SEND_PACKET, msg_nmbd_send_packet); TimeInit(); DEBUG( 3, ( "Opening sockets %d\n", global_nmb_port ) ); if ( !open_sockets( is_daemon, global_nmb_port ) ) { kill_async_dns_child(); return 1; } /* Determine all the IP addresses we have. */ load_interfaces(); /* Create an nmbd subnet record for each of the above. */ if( False == create_subnets() ) { kill_async_dns_child(); exit_daemon("NMBD failed when creating subnet lists", EACCES); } /* Load in any static local names. */ if (p_lmhosts) { set_dyn_LMHOSTSFILE(p_lmhosts); } load_lmhosts_file(get_dyn_LMHOSTSFILE()); DEBUG(3,("Loaded hosts file %s\n", get_dyn_LMHOSTSFILE())); /* If we are acting as a WINS server, initialise data structures. */ if( !initialise_wins() ) { kill_async_dns_child(); exit_daemon( "NMBD failed when initialising WINS server.", EACCES); } /* * Register nmbd primary workgroup and nmbd names on all * the broadcast subnets, and on the WINS server (if specified). * Also initiate the startup of our primary workgroup (start * elections if we are setup as being able to be a local * master browser. */ if( False == register_my_workgroup_and_names() ) { kill_async_dns_child(); exit_daemon( "NMBD failed when creating my workgroup.", EACCES); } if (!initialize_nmbd_proxy_logon()) { kill_async_dns_child(); exit_daemon( "NMBD failed to setup nmbd_proxy_logon.", EACCES); } if (!nmbd_init_packet_server()) { kill_async_dns_child(); exit_daemon( "NMBD failed to setup packet server.", EACCES); } if (is_daemon && !opt_interactive) { daemon_ready("nmbd"); } TALLOC_FREE(frame); process(msg); kill_async_dns_child(); return(0); }
static int streams_xattr_rename(vfs_handle_struct *handle, const struct smb_filename *smb_fname_src, const struct smb_filename *smb_fname_dst) { NTSTATUS status; int ret = -1; char *src_xattr_name = NULL; char *dst_xattr_name = NULL; bool src_is_stream, dst_is_stream; ssize_t oret; ssize_t nret; struct ea_struct ea; src_is_stream = is_ntfs_stream_smb_fname(smb_fname_src); dst_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst); if (!src_is_stream && !dst_is_stream) { return SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst); } /* For now don't allow renames from or to the default stream. */ if (is_ntfs_default_stream_smb_fname(smb_fname_src) || is_ntfs_default_stream_smb_fname(smb_fname_dst)) { errno = ENOSYS; goto done; } /* Don't rename if the streams are identical. */ if (strcasecmp_m(smb_fname_src->stream_name, smb_fname_dst->stream_name) == 0) { goto done; } /* Get the xattr names. */ status = streams_xattr_get_name(handle, talloc_tos(), smb_fname_src->stream_name, &src_xattr_name); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); goto fail; } status = streams_xattr_get_name(handle, talloc_tos(), smb_fname_dst->stream_name, &dst_xattr_name); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); goto fail; } /* read the old stream */ status = get_ea_value(talloc_tos(), handle->conn, NULL, smb_fname_src, src_xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { errno = ENOENT; goto fail; } /* (over)write the new stream */ nret = SMB_VFS_SETXATTR(handle->conn, smb_fname_src, dst_xattr_name, ea.value.data, ea.value.length, 0); if (nret < 0) { if (errno == ENOATTR) { errno = ENOENT; } goto fail; } /* remove the old stream */ oret = SMB_VFS_REMOVEXATTR(handle->conn, smb_fname_src, src_xattr_name); if (oret < 0) { if (errno == ENOATTR) { errno = ENOENT; } goto fail; } done: errno = 0; ret = 0; fail: TALLOC_FREE(src_xattr_name); TALLOC_FREE(dst_xattr_name); return ret; }
int file_set_dosmode(connection_struct *conn, struct smb_filename *smb_fname, uint32 dosmode, const char *parent_dir, bool newfile) { int mask=0; mode_t tmp; mode_t unixmode; int ret = -1, lret = -1; uint32_t old_mode; struct timespec new_create_timespec; files_struct *fsp = NULL; bool need_close = false; NTSTATUS status; if (!CAN_WRITE(conn)) { errno = EROFS; return -1; } /* We only allow READONLY|HIDDEN|SYSTEM|DIRECTORY|ARCHIVE here. */ dosmode &= (SAMBA_ATTRIBUTES_MASK | FILE_ATTRIBUTE_OFFLINE); DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n", dosmode, smb_fname_str_dbg(smb_fname))); unixmode = smb_fname->st.st_ex_mode; get_acl_group_bits(conn, smb_fname->base_name, &smb_fname->st.st_ex_mode); if (S_ISDIR(smb_fname->st.st_ex_mode)) dosmode |= FILE_ATTRIBUTE_DIRECTORY; else dosmode &= ~FILE_ATTRIBUTE_DIRECTORY; new_create_timespec = smb_fname->st.st_ex_btime; old_mode = dos_mode(conn, smb_fname); if ((dosmode & FILE_ATTRIBUTE_OFFLINE) && !(old_mode & FILE_ATTRIBUTE_OFFLINE)) { lret = SMB_VFS_SET_OFFLINE(conn, smb_fname); if (lret == -1) { if (errno == ENOTSUP) { DEBUG(10, ("Setting FILE_ATTRIBUTE_OFFLINE for " "%s/%s is not supported.\n", parent_dir, smb_fname_str_dbg(smb_fname))); } else { DEBUG(0, ("An error occurred while setting " "FILE_ATTRIBUTE_OFFLINE for " "%s/%s: %s", parent_dir, smb_fname_str_dbg(smb_fname), strerror(errno))); } } } dosmode &= ~FILE_ATTRIBUTE_OFFLINE; old_mode &= ~FILE_ATTRIBUTE_OFFLINE; smb_fname->st.st_ex_btime = new_create_timespec; /* Store the DOS attributes in an EA by preference. */ if (lp_store_dos_attributes(SNUM(conn))) { /* * Don't fall back to using UNIX modes. Finally * follow the smb.conf manpage. */ if (!set_ea_dos_attribute(conn, smb_fname, dosmode)) { return -1; } if (!newfile) { notify_fname(conn, NOTIFY_ACTION_MODIFIED, FILE_NOTIFY_CHANGE_ATTRIBUTES, smb_fname->base_name); } smb_fname->st.st_ex_mode = unixmode; return 0; } unixmode = unix_mode(conn, dosmode, smb_fname, parent_dir); /* preserve the file type bits */ mask |= S_IFMT; /* preserve the s bits */ mask |= (S_ISUID | S_ISGID); /* preserve the t bit */ #ifdef S_ISVTX mask |= S_ISVTX; #endif /* possibly preserve the x bits */ if (!MAP_ARCHIVE(conn)) mask |= S_IXUSR; if (!MAP_SYSTEM(conn)) mask |= S_IXGRP; if (!MAP_HIDDEN(conn)) mask |= S_IXOTH; unixmode |= (smb_fname->st.st_ex_mode & mask); /* if we previously had any r bits set then leave them alone */ if ((tmp = smb_fname->st.st_ex_mode & (S_IRUSR|S_IRGRP|S_IROTH))) { unixmode &= ~(S_IRUSR|S_IRGRP|S_IROTH); unixmode |= tmp; } /* if we previously had any w bits set then leave them alone whilst adding in the new w bits, if the new mode is not rdonly */ if (!IS_DOS_READONLY(dosmode)) { unixmode |= (smb_fname->st.st_ex_mode & (S_IWUSR|S_IWGRP|S_IWOTH)); } /* * From the chmod 2 man page: * * "If the calling process is not privileged, and the group of the file * does not match the effective group ID of the process or one of its * supplementary group IDs, the S_ISGID bit will be turned off, but * this will not cause an error to be returned." * * Simply refuse to do the chmod in this case. */ if (S_ISDIR(smb_fname->st.st_ex_mode) && (unixmode & S_ISGID) && geteuid() != sec_initial_uid() && !current_user_in_group(conn, smb_fname->st.st_ex_gid)) { DEBUG(3,("file_set_dosmode: setgid bit cannot be " "set for directory %s\n", smb_fname_str_dbg(smb_fname))); errno = EPERM; return -1; } ret = SMB_VFS_CHMOD(conn, smb_fname->base_name, unixmode); if (ret == 0) { if(!newfile || (lret != -1)) { notify_fname(conn, NOTIFY_ACTION_MODIFIED, FILE_NOTIFY_CHANGE_ATTRIBUTES, smb_fname->base_name); } smb_fname->st.st_ex_mode = unixmode; return 0; } if((errno != EPERM) && (errno != EACCES)) return -1; if(!lp_dos_filemode(SNUM(conn))) return -1; /* We want DOS semantics, ie allow non owner with write permission to change the bits on a file. Just like file_ntimes below. */ if (!can_write_to_file(conn, smb_fname)) { errno = EACCES; return -1; } /* * We need to get an open file handle to do the * metadata operation under root. */ status = get_file_handle_for_metadata(conn, smb_fname, &fsp, &need_close); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return -1; } become_root(); ret = SMB_VFS_FCHMOD(fsp, unixmode); unbecome_root(); if (need_close) { close_file(NULL, fsp, NORMAL_CLOSE); } if (!newfile) { notify_fname(conn, NOTIFY_ACTION_MODIFIED, FILE_NOTIFY_CHANGE_ATTRIBUTES, smb_fname->base_name); } if (ret == 0) { smb_fname->st.st_ex_mode = unixmode; } return( ret ); }
static int open_acl_common(vfs_handle_struct *handle, struct smb_filename *smb_fname, files_struct *fsp, int flags, mode_t mode) { uint32_t access_granted = 0; struct security_descriptor *pdesc = NULL; struct security_descriptor *parent_desc = NULL; bool file_existed = true; char *fname = NULL; NTSTATUS status; if (fsp->base_fsp) { /* Stream open. Base filename open already did the ACL check. */ DEBUG(10,("open_acl_common: stream open on %s\n", fsp_str_dbg(fsp) )); return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode); } status = get_full_smb_filename(talloc_tos(), smb_fname, &fname); if (!NT_STATUS_IS_OK(status)) { goto err; } status = get_nt_acl_internal(handle, NULL, fname, (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION), &pdesc); if (NT_STATUS_IS_OK(status)) { /* See if we can access it. */ status = smb1_file_se_access_check(handle->conn, pdesc, handle->conn->server_info->ptok, fsp->access_mask, &access_granted); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("open_acl_xattr: %s open " "refused with error %s\n", fsp_str_dbg(fsp), nt_errstr(status) )); goto err; } } else if (NT_STATUS_EQUAL(status,NT_STATUS_OBJECT_NAME_NOT_FOUND)) { file_existed = false; /* * If O_CREAT is true then we're trying to create a file. * Check the parent directory ACL will allow this. */ if (flags & O_CREAT) { struct security_descriptor *psd = NULL; status = check_parent_acl_common(handle, fname, SEC_DIR_ADD_FILE, &parent_desc); if (!NT_STATUS_IS_OK(status)) { goto err; } /* Cache the parent security descriptor for * later use. We do have an fsp here, but to * keep the code consistent with the directory * case which doesn't, use the handle. */ /* Attach this to the conn, move from talloc_tos(). */ psd = (struct security_descriptor *)talloc_move(handle->conn, &parent_desc); if (!psd) { status = NT_STATUS_NO_MEMORY; goto err; } status = NT_STATUS_NO_MEMORY; SMB_VFS_HANDLE_SET_DATA(handle, psd, free_sd_common, struct security_descriptor *, goto err); status = NT_STATUS_OK; } } DEBUG(10,("open_acl_xattr: get_nt_acl_attr_internal for " "%s returned %s\n", fsp_str_dbg(fsp), nt_errstr(status) )); fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode); return fsp->fh->fd; err: errno = map_errno_from_nt_status(status); return -1; }