const char *s = connectpath;
bool start_of_name_component = true;
- destname = SMB_STRDUP(connectpath);
+ if (connectpath == NULL || connectpath[0] == '\0') {
+ return false;
+ }
+
+ /* Allocate for strlen + '\0' + possible leading '/' */
+ destname = SMB_MALLOC(strlen(connectpath) + 2);
if (!destname) {
return false;
}
if (do_chdir &&
vfs_ChDir(conn,conn->connectpath) != 0 &&
vfs_ChDir(conn,conn->origpath) != 0) {
- DEBUG(0,("chdir (%s) failed\n",
- conn->connectpath));
+ DEBUG(((errno!=EACCES)?0:3),("chdir (%s) failed, reason: %s\n",
+ conn->connectpath, strerror(errno)));
return(False);
}
{
int iHomeService;
- if (!service || !homedir)
+ if (!service || !homedir || homedir[0] == '\0')
return -1;
if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) {
if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) < 0) {
iPrinterService = load_registry_service(PRINTERS_NAME);
}
- if (iPrinterService) {
+ if (iPrinterService >= 0) {
DEBUG(3,("checking whether %s is a valid printer name...\n", service));
if (pcap_printername_ok(service)) {
DEBUG(3,("%s is a valid printer name\n", service));
connecting user if appropriate.
****************************************************************************/
-static connection_struct *make_connection_snum(
- struct smbd_server_connection *sconn,
+connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
int snum, user_struct *vuser,
DATA_BLOB password,
const char *pdev,
NTSTATUS *pstatus)
{
connection_struct *conn;
- SMB_STRUCT_STAT st;
+ struct smb_filename *smb_fname_cpath = NULL;
fstring dev;
int ret;
char addr[INET6_ADDRSTRLEN];
- bool on_err_call_dis_hook = false;
NTSTATUS status;
fstrcpy(dev, pdev);
- SET_STAT_INVALID(st);
if (NT_STATUS_IS_ERR(*pstatus = share_sanity_checks(snum, dev))) {
return NULL;
DEBUG(1, ("create_connection_server_info failed: %s\n",
nt_errstr(status)));
*pstatus = status;
- conn_free(sconn, conn);
+ conn_free(conn);
return NULL;
}
conn->printer = (strncmp(dev,"LPT",3) == 0);
conn->ipc = ( (strncmp(dev,"IPC",3) == 0) ||
( lp_enable_asu_support() && strequal(dev,"ADMIN$")) );
- conn->dirptr = NULL;
/* Case options for the share. */
if (lp_casesensitive(snum) == Auto) {
conn->hide_list = NULL;
conn->veto_oplock_list = NULL;
conn->aio_write_behind_list = NULL;
- string_set(&conn->dirpath,"");
conn->read_only = lp_readonly(SNUM(conn));
conn->admin_user = False;
fuser = talloc_string_sub(conn, lp_force_user(snum), "%S",
lp_servicename(snum));
if (fuser == NULL) {
- conn_free(sconn, conn);
+ conn_free(conn);
*pstatus = NT_STATUS_NO_MEMORY;
return NULL;
}
conn, fuser, conn->server_info->guest,
&forced_serverinfo);
if (!NT_STATUS_IS_OK(status)) {
- conn_free(sconn, conn);
+ conn_free(conn);
*pstatus = status;
return NULL;
}
+ /* We don't want to replace the original sanitized_username
+ as it is the original user given in the connect attempt.
+ This is used in '%U' substitutions. */
+ TALLOC_FREE(forced_serverinfo->sanitized_username);
+ forced_serverinfo->sanitized_username =
+ talloc_move(forced_serverinfo,
+ &conn->server_info->sanitized_username);
+
TALLOC_FREE(conn->server_info);
conn->server_info = forced_serverinfo;
&conn->server_info->utok.gid);
if (!NT_STATUS_IS_OK(status)) {
- conn_free(sconn, conn);
+ conn_free(conn);
*pstatus = status;
return NULL;
}
pdb_get_domain(conn->server_info->sam_account),
lp_pathname(snum));
if (!s) {
- conn_free(sconn, conn);
+ conn_free(conn);
*pstatus = NT_STATUS_NO_MEMORY;
return NULL;
}
if (!set_conn_connectpath(conn,s)) {
TALLOC_FREE(s);
- conn_free(sconn, conn);
+ conn_free(conn);
*pstatus = NT_STATUS_NO_MEMORY;
return NULL;
}
"denied due to security "
"descriptor.\n",
lp_servicename(snum)));
- conn_free(sconn, conn);
+ conn_free(conn);
*pstatus = NT_STATUS_ACCESS_DENIED;
return NULL;
} else {
if (!smbd_vfs_init(conn)) {
DEBUG(0, ("vfs_init failed for service %s\n",
lp_servicename(snum)));
- conn_free(sconn, conn);
+ conn_free(conn);
*pstatus = NT_STATUS_BAD_NETWORK_NAME;
return NULL;
}
- /*
- * If widelinks are disallowed we need to canonicalise the connect
- * path here to ensure we don't have any symlinks in the
- * connectpath. We will be checking all paths on this connection are
- * below this directory. We must do this after the VFS init as we
- * depend on the realpath() pointer in the vfs table. JRA.
- */
- if (!lp_widelinks(snum)) {
- if (!canonicalize_connect_path(conn)) {
- DEBUG(0, ("canonicalize_connect_path failed "
- "for service %s, path %s\n",
- lp_servicename(snum),
- conn->connectpath));
- conn_free(sconn, conn);
- *pstatus = NT_STATUS_BAD_NETWORK_NAME;
- return NULL;
- }
- }
-
if ((!conn->printer) && (!conn->ipc)) {
conn->notify_ctx = notify_init(conn, server_id_self(),
smbd_messaging_context(),
conn);
}
-/* ROOT Activities: */
+/* ROOT Activities: */
+ /* explicitly check widelinks here so that we can correctly warn
+ * in the logs. */
+ widelinks_warning(snum);
+
/*
* Enforce the max connections parameter.
*/
DEBUG(1, ("Max connections (%d) exceeded for %s\n",
lp_max_connections(snum), lp_servicename(snum)));
- conn_free(sconn, conn);
+ conn_free(conn);
*pstatus = NT_STATUS_INSUFFICIENT_RESOURCES;
return NULL;
}
*/
if (!claim_connection(conn, lp_servicename(snum), 0)) {
DEBUG(1, ("Could not store connections entry\n"));
- conn_free(sconn, conn);
+ conn_free(conn);
*pstatus = NT_STATUS_INTERNAL_DB_ERROR;
return NULL;
}
+ /* Invoke VFS make connection hook - must be the first
+ VFS operation we do. */
+
+ if (SMB_VFS_CONNECT(conn, lp_servicename(snum),
+ conn->server_info->unix_name) < 0) {
+ DEBUG(0,("make_connection: VFS make connection failed!\n"));
+ yield_connection(conn, lp_servicename(snum));
+ conn_free(conn);
+ *pstatus = NT_STATUS_UNSUCCESSFUL;
+ return NULL;
+ }
+
+ /*
+ * Fix compatibility issue pointed out by Volker.
+ * We pass the conn->connectpath to the preexec
+ * scripts as a parameter, so attempt to canonicalize
+ * it here before calling the preexec scripts.
+ * We ignore errors here, as it is possible that
+ * the conn->connectpath doesn't exist yet and
+ * the preexec scripts will create them.
+ */
+
+ (void)canonicalize_connect_path(conn);
+
/* Preexecs are done here as they might make the dir we are to ChDir
* to below */
/* execute any "root preexec = " line */
if (ret != 0 && lp_rootpreexec_close(snum)) {
DEBUG(1,("root preexec gave %d - failing "
"connection\n", ret));
+ SMB_VFS_DISCONNECT(conn);
yield_connection(conn, lp_servicename(snum));
- conn_free(sconn, conn);
+ conn_free(conn);
*pstatus = NT_STATUS_ACCESS_DENIED;
return NULL;
}
if (!change_to_user(conn, conn->vuid)) {
/* No point continuing if they fail the basic checks */
DEBUG(0,("Can't become connected user!\n"));
+ SMB_VFS_DISCONNECT(conn);
yield_connection(conn, lp_servicename(snum));
- conn_free(sconn, conn);
+ conn_free(conn);
*pstatus = NT_STATUS_LOGON_FAILURE;
return NULL;
}
}
}
+ /*
+ * If widelinks are disallowed we need to canonicalise the connect
+ * path here to ensure we don't have any symlinks in the
+ * connectpath. We will be checking all paths on this connection are
+ * below this directory. We must do this after the VFS init as we
+ * depend on the realpath() pointer in the vfs table. JRA.
+ */
+ if (!lp_widelinks(snum)) {
+ if (!canonicalize_connect_path(conn)) {
+ DEBUG(0, ("canonicalize_connect_path failed "
+ "for service %s, path %s\n",
+ lp_servicename(snum),
+ conn->connectpath));
+ *pstatus = NT_STATUS_BAD_NETWORK_NAME;
+ goto err_root_exit;
+ }
+ }
+
#ifdef WITH_FAKE_KASERVER
if (lp_afs_share(snum)) {
afs_login(conn);
lp_aio_write_behind(snum));
}
- /* Invoke VFS make connection hook - do this before the VFS_STAT call
- to allow any filesystems needing user credentials to initialize
- themselves. */
-
- if (SMB_VFS_CONNECT(conn, lp_servicename(snum),
- conn->server_info->unix_name) < 0) {
- DEBUG(0,("make_connection: VFS make connection failed!\n"));
- *pstatus = NT_STATUS_UNSUCCESSFUL;
+ status = create_synthetic_smb_fname(talloc_tos(), conn->connectpath,
+ NULL, NULL, &smb_fname_cpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ *pstatus = status;
goto err_root_exit;
}
- /* Any error exit after here needs to call the disconnect hook. */
- on_err_call_dis_hook = true;
-
/* win2000 does not check the permissions on the directory
during the tree connect, instead relying on permission
check during individual operations. To match this behaviour
I have disabled this chdir check (tridge) */
/* the alternative is just to check the directory exists */
- if ((ret = SMB_VFS_STAT(conn, conn->connectpath, &st)) != 0 ||
- !S_ISDIR(st.st_ex_mode)) {
- if (ret == 0 && !S_ISDIR(st.st_ex_mode)) {
+ if ((ret = SMB_VFS_STAT(conn, smb_fname_cpath)) != 0 ||
+ !S_ISDIR(smb_fname_cpath->st.st_ex_mode)) {
+ if (ret == 0 && !S_ISDIR(smb_fname_cpath->st.st_ex_mode)) {
DEBUG(0,("'%s' is not a directory, when connecting to "
"[%s]\n", conn->connectpath,
lp_servicename(snum)));
*pstatus = NT_STATUS_BAD_NETWORK_NAME;
goto err_root_exit;
}
+ conn->base_share_dev = smb_fname_cpath->st.st_ex_dev;
string_set(&conn->origpath,conn->connectpath);
* the same characteristics, which is likely but not guaranteed.
*/
- conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn);
+ conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn, &conn->ts_res);
/*
* Print out the 'connected as' stuff here as we need
return(conn);
err_root_exit:
-
+ TALLOC_FREE(smb_fname_cpath);
change_to_root_user();
- if (on_err_call_dis_hook) {
- /* Call VFS disconnect hook */
- SMB_VFS_DISCONNECT(conn);
- }
+ /* Call VFS disconnect hook */
+ SMB_VFS_DISCONNECT(conn);
yield_connection(conn, lp_servicename(snum));
- conn_free(sconn, conn);
+ conn_free(conn);
return NULL;
}
return NULL;
}
- DEBUG(0,("%s (%s) couldn't find service %s\n",
+ DEBUG(3,("%s (%s) couldn't find service %s\n",
get_remote_machine_name(),
client_addr(get_client_fd(),addr,sizeof(addr)),
service));
Close a cnum.
****************************************************************************/
-void close_cnum(struct smbd_server_connection *sconn,
- connection_struct *conn, uint16 vuid)
+void close_cnum(connection_struct *conn, uint16 vuid)
{
file_close_conn(conn);
TALLOC_FREE(cmd);
}
- conn_free(sconn, conn);
+ conn_free(conn);
}
git.samba.org / samba.git / blobdiff