* Copyright (C) Jeremy Allison 2001.
* Copyright (C) Nigel Williams 2001.
* Copyright (C) Gerald (Jerry) Carter 2006.
+ * Copyright (C) Guenther Deschner 2008.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
/* This is the implementation of the srvsvc pipe. */
#include "includes.h"
+#include "../librpc/gen_ndr/srv_srvsvc.h"
extern const struct generic_mapping file_generic_mapping;
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
+#define MAX_SERVER_DISK_ENTRIES 15
+
/* Use for enumerating connections, pipes, & files */
struct file_enum_count {
TALLOC_CTX *ctx;
const char *username;
- int count;
- FILE_INFO_3 *info;
+ struct srvsvc_NetFileCtr3 *ctr3;
};
struct sess_file_count {
{
struct pipe_open_rec prec;
struct file_enum_count *fenum = (struct file_enum_count *)p;
- FILE_INFO_3 *f;
- int i = fenum->count;
+ struct srvsvc_NetFileInfo3 *f;
+ int i = fenum->ctr3->count;
char *fullpath = NULL;
const char *username;
return 1;
}
- f = TALLOC_REALLOC_ARRAY( fenum->ctx, fenum->info, FILE_INFO_3, i+1 );
+ f = TALLOC_REALLOC_ARRAY(fenum->ctx, fenum->ctr3->array,
+ struct srvsvc_NetFileInfo3, i+1);
if ( !f ) {
DEBUG(0,("conn_enum_fn: realloc failed for %d items\n", i+1));
return 1;
}
- fenum->info = f;
+ fenum->ctr3->array = f;
- init_srv_file_info3(
- &fenum->info[i],
- (uint32)((procid_to_pid(&prec.pid)<<16) & prec.pnum),
- (FILE_READ_DATA|FILE_WRITE_DATA),
- 0, username, fullpath);
+ fenum->ctr3->array[i].fid =
+ (((uint32_t)(procid_to_pid(&prec.pid))<<16) | prec.pnum);
+ fenum->ctr3->array[i].permissions =
+ (FILE_READ_DATA|FILE_WRITE_DATA);
+ fenum->ctr3->array[i].num_locks = 0;
+ fenum->ctr3->array[i].path = fullpath;
+ fenum->ctr3->array[i].user = username;
- TALLOC_FREE(fullpath);
- fenum->count++;
+ fenum->ctr3->count++;
return 0;
}
/*******************************************************************
********************************************************************/
-static WERROR net_enum_pipes( TALLOC_CTX *ctx, const char *username,
- FILE_INFO_3 **info,
- uint32 *count, uint32 resume )
+static WERROR net_enum_pipes(TALLOC_CTX *ctx,
+ const char *username,
+ struct srvsvc_NetFileCtr3 **ctr3,
+ uint32_t resume )
{
struct file_enum_count fenum;
fenum.ctx = ctx;
fenum.username = username;
- fenum.count = *count;
- fenum.info = *info;
+ fenum.ctr3 = *ctr3;
if (connections_traverse(pipe_enum_fn, &fenum) == -1) {
DEBUG(0,("net_enum_pipes: traverse of connections.tdb "
return WERR_NOMEM;
}
- *info = fenum.info;
- *count = fenum.count;
+ *ctr3 = fenum.ctr3;
return WERR_OK;
}
struct file_enum_count *fenum =
(struct file_enum_count *)private_data;
- FILE_INFO_3 *f;
- int i = fenum->count;
+ struct srvsvc_NetFileInfo3 *f;
+ int i = fenum->ctr3->count;
files_struct fsp;
struct byte_range_lock *brl;
int num_locks = 0;
return;
}
- f = TALLOC_REALLOC_ARRAY( fenum->ctx, fenum->info, FILE_INFO_3, i+1 );
+ f = TALLOC_REALLOC_ARRAY(fenum->ctx, fenum->ctr3->array,
+ struct srvsvc_NetFileInfo3, i+1);
if ( !f ) {
DEBUG(0,("conn_enum_fn: realloc failed for %d items\n", i+1));
return;
}
- fenum->info = f;
+ fenum->ctr3->array = f;
/* need to count the number of locks on a file */
string_replace( fullpath, '/', '\\' );
/* mask out create (what ever that is) */
- permissions = e->share_access & (FILE_READ_DATA|FILE_WRITE_DATA);
+ permissions = e->access_mask & (FILE_READ_DATA|FILE_WRITE_DATA);
+
+ /* now fill in the srvsvc_NetFileInfo3 struct */
- /* now fill in the FILE_INFO_3 struct */
- init_srv_file_info3( &fenum->info[i],
- e->share_file_id,
- permissions,
- num_locks,
- username,
- fullpath );
+ fenum->ctr3->array[i].fid =
+ (((uint32_t)(procid_to_pid(&e->pid))<<16) | e->share_file_id);
+ fenum->ctr3->array[i].permissions = permissions;
+ fenum->ctr3->array[i].num_locks = num_locks;
+ fenum->ctr3->array[i].path = fullpath;
+ fenum->ctr3->array[i].user = username;
- TALLOC_FREE(fullpath);
- fenum->count++;
+ fenum->ctr3->count++;
}
/*******************************************************************
********************************************************************/
-static WERROR net_enum_files( TALLOC_CTX *ctx, const char *username,
- FILE_INFO_3 **info,
- uint32 *count, uint32 resume )
+static WERROR net_enum_files(TALLOC_CTX *ctx,
+ const char *username,
+ struct srvsvc_NetFileCtr3 **ctr3,
+ uint32_t resume)
{
struct file_enum_count f_enum_cnt;
f_enum_cnt.ctx = ctx;
f_enum_cnt.username = username;
- f_enum_cnt.count = *count;
- f_enum_cnt.info = *info;
+ f_enum_cnt.ctr3 = *ctr3;
share_mode_forall( enum_file_fn, (void *)&f_enum_cnt );
- *info = f_enum_cnt.info;
- *count = f_enum_cnt.count;
+ *ctr3 = f_enum_cnt.ctr3;
return WERR_OK;
}
static void init_srv_share_info_0(pipes_struct *p, struct srvsvc_NetShareInfo0 *r, int snum)
{
- const char *net_name = lp_servicename(snum);
-
- init_srvsvc_NetShareInfo0(r, net_name);
+ r->name = lp_servicename(snum);
}
/*******************************************************************
char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = standard_sub_conn(p->mem_ctx,
- p->conn,
- remark);
+ remark = talloc_sub_advanced(
+ p->mem_ctx, lp_servicename(snum),
+ get_current_username(), lp_pathname(snum),
+ p->server_info->utok.uid, get_current_username(),
+ "", remark);
}
- init_srvsvc_NetShareInfo1(r, net_name,
- get_share_type(snum),
- remark ? remark : "");
+ r->name = net_name;
+ r->type = get_share_type(snum);
+ r->comment = remark ? remark : "";
}
/*******************************************************************
char *remark = NULL;
char *path = NULL;
int max_connections = lp_max_connections(snum);
- uint32 max_uses = max_connections!=0 ? max_connections : 0xffffffff;
- int count = 0;
+ uint32_t max_uses = max_connections!=0 ? max_connections : (uint32_t)-1;
char *net_name = lp_servicename(snum);
remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = standard_sub_conn(p->mem_ctx,
- p->conn,
- remark);
+ remark = talloc_sub_advanced(
+ p->mem_ctx, lp_servicename(snum),
+ get_current_username(), lp_pathname(snum),
+ p->server_info->utok.uid, get_current_username(),
+ "", remark);
}
path = talloc_asprintf(p->mem_ctx,
"C:%s", lp_pathname(snum));
string_replace(path, '/', '\\');
}
- count = count_current_connections(net_name, false);
-
- init_srvsvc_NetShareInfo2(r, net_name,
- get_share_type(snum),
- remark ? remark : "",
- 0,
- max_uses,
- count,
- path ? path : "",
- "");
+ r->name = net_name;
+ r->type = get_share_type(snum);
+ r->comment = remark ? remark : "";
+ r->permissions = 0;
+ r->max_users = max_uses;
+ r->current_users = count_current_connections(net_name, false);
+ r->path = path ? path : "";
+ r->password = "";
}
/*******************************************************************
char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = standard_sub_conn(p->mem_ctx, p->conn, remark);
+ remark = talloc_sub_advanced(
+ p->mem_ctx, lp_servicename(snum),
+ get_current_username(), lp_pathname(snum),
+ p->server_info->utok.uid, get_current_username(),
+ "", remark);
}
- init_srvsvc_NetShareInfo501(r, net_name,
- get_share_type(snum),
- remark ? remark : "",
- (lp_csc_policy(snum) << 4));
+ r->name = net_name;
+ r->type = get_share_type(snum);
+ r->comment = remark ? remark : "";
+ r->csc_policy = (lp_csc_policy(snum) << 4);
}
/*******************************************************************
const char *net_name = lp_servicename(snum);
char *path = NULL;
SEC_DESC *sd = NULL;
+ struct sec_desc_buf *sd_buf = NULL;
size_t sd_size = 0;
TALLOC_CTX *ctx = p->mem_ctx;
char *remark = talloc_strdup(ctx, lp_comment(snum));;
if (remark) {
- remark = standard_sub_conn(ctx, p->conn, remark);
+ remark = talloc_sub_advanced(
+ p->mem_ctx, lp_servicename(snum),
+ get_current_username(), lp_pathname(snum),
+ p->server_info->utok.uid, get_current_username(),
+ "", remark);
}
path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum));
if (path) {
sd = get_share_security(ctx, lp_servicename(snum), &sd_size);
- init_srvsvc_NetShareInfo502(r, net_name,
- get_share_type(snum),
- remark ? remark : "",
- 0,
- 0xffffffff,
- 1,
- path ? path : "",
- "",
- 0,
- sd);
+ sd_buf = make_sec_desc_buf(p->mem_ctx, sd_size, sd);
+
+ r->name = net_name;
+ r->type = get_share_type(snum);
+ r->comment = remark ? remark : "";
+ r->permissions = 0;
+ r->max_users = (uint32_t)-1;
+ r->current_users = 1; /* ??? */
+ r->path = path ? path : "";
+ r->password = "";
+ r->sd_buf = *sd_buf;
}
/***************************************************************************
char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = standard_sub_conn(p->mem_ctx, p->conn, remark);
+ remark = talloc_sub_advanced(
+ p->mem_ctx, lp_servicename(snum),
+ get_current_username(), lp_pathname(snum),
+ p->server_info->utok.uid, get_current_username(),
+ "", remark);
}
- init_srvsvc_NetShareInfo1004(r, remark ? remark : "");
+ r->comment = remark ? remark : "";
}
/***************************************************************************
dfs_flags |= lp_csc_policy(snum) << SHARE_1005_CSC_POLICY_SHIFT;
- init_srvsvc_NetShareInfo1005(r, dfs_flags);
+ r->dfs_flags = dfs_flags;
}
/***************************************************************************
static void init_srv_share_info_1006(pipes_struct *p, struct srvsvc_NetShareInfo1006 *r, int snum)
{
- init_srvsvc_NetShareInfo1006(r, 0xffffffff);
+ r->max_users = (uint32_t)-1;
}
/***************************************************************************
static void init_srv_share_info_1007(pipes_struct *p, struct srvsvc_NetShareInfo1007 *r, int snum)
{
- uint32 flags = 0;
-
- init_srvsvc_NetShareInfo1007(r, flags, "");
+ r->flags = 0;
+ r->alternate_directory_name = "";
}
/*******************************************************************
return (net_name[strlen(net_name) - 1] == '$') ? True : False;
}
+/*******************************************************************
+ Verify user is allowed to view share, access based enumeration
+********************************************************************/
+static bool is_enumeration_allowed(pipes_struct *p,
+ int snum)
+{
+ if (!lp_access_based_share_enum(snum))
+ return true;
+
+ return share_access_check(p->server_info->ptok, lp_servicename(snum),
+ FILE_READ_DATA);
+}
+
/*******************************************************************
Fill in a share info structure.
********************************************************************/
TALLOC_CTX *ctx = p->mem_ctx;
int i = 0;
int valid_share_count = 0;
+ bool *allowed = 0;
union srvsvc_NetShareCtr ctr;
uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
/* Ensure all the usershares are loaded. */
become_root();
- num_services = load_usershare_shares();
+ load_usershare_shares();
load_registry_shares();
+ num_services = lp_numservices();
unbecome_root();
- /* Count the number of entries. */
- for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
- num_entries++;
- }
- }
+ allowed = TALLOC_ZERO_ARRAY(ctx, bool, num_services);
+ W_ERROR_HAVE_NO_MEMORY(allowed);
+
+ /* Count the number of entries. */
+ for (snum = 0; snum < num_services; snum++) {
+ if (lp_browseable(snum) && lp_snum_ok(snum) &&
+ is_enumeration_allowed(p, snum) &&
+ (all_shares || !is_hidden_share(snum)) ) {
+ DEBUG(10, ("counting service %s\n",
+ lp_servicename(snum) ? lp_servicename(snum) : "(null)"));
+ allowed[snum] = true;
+ num_entries++;
+ } else {
+ DEBUG(10, ("NOT counting service %s\n",
+ lp_servicename(snum) ? lp_servicename(snum) : "(null)"));
+ }
+ }
if (!num_entries || (resume_handle >= num_entries)) {
return WERR_OK;
W_ERROR_HAVE_NO_MEMORY(ctr.ctr0->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_0(p, &ctr.ctr0->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1(p, &ctr.ctr1->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr2->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_2(p, &ctr.ctr2->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr501->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_501(p, &ctr.ctr501->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr502->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_502(p, &ctr.ctr502->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1004->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1004(p, &ctr.ctr1004->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1005->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1005(p, &ctr.ctr1005->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1006->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1006(p, &ctr.ctr1006->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1007->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1007(p, &ctr.ctr1007->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1501->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1501(p, &ctr.ctr1501->array[i++], snum);
}
fill in a sess info level 0 structure.
********************************************************************/
-static void init_srv_sess_info_0(pipes_struct *p, SRV_SESS_INFO_0 *ss0, uint32 *snum, uint32 *stot)
+static WERROR init_srv_sess_info_0(pipes_struct *p,
+ struct srvsvc_NetSessCtr0 *ctr0,
+ uint32_t *resume_handle_p,
+ uint32_t *total_entries)
{
struct sessionid *session_list;
- uint32 num_entries = 0;
- (*stot) = list_sessions(p->mem_ctx, &session_list);
+ uint32_t num_entries = 0;
+ uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
+ *total_entries = list_sessions(p->mem_ctx, &session_list);
+
+ DEBUG(5,("init_srv_sess_info_0\n"));
- if (ss0 == NULL) {
- if (snum) {
- (*snum) = 0;
+ if (ctr0 == NULL) {
+ if (resume_handle_p) {
+ *resume_handle_p = 0;
}
- return;
+ return WERR_OK;
}
- DEBUG(5,("init_srv_sess_0_ss0\n"));
+ for (; resume_handle < *total_entries; resume_handle++) {
- if (snum) {
- for (; (*snum) < (*stot) && num_entries < MAX_SESS_ENTRIES; (*snum)++) {
- init_srv_sess_info0( &ss0->info_0[num_entries], session_list[(*snum)].remote_machine);
- num_entries++;
- }
+ ctr0->array = TALLOC_REALLOC_ARRAY(p->mem_ctx,
+ ctr0->array,
+ struct srvsvc_NetSessInfo0,
+ num_entries+1);
+ W_ERROR_HAVE_NO_MEMORY(ctr0->array);
- ss0->num_entries_read = num_entries;
- ss0->ptr_sess_info = num_entries > 0 ? 1 : 0;
- ss0->num_entries_read2 = num_entries;
+ ctr0->array[num_entries].client =
+ session_list[resume_handle].remote_machine;
- if ((*snum) >= (*stot)) {
- (*snum) = 0;
- }
+ num_entries++;
+ }
- } else {
- ss0->num_entries_read = 0;
- ss0->ptr_sess_info = 0;
- ss0->num_entries_read2 = 0;
+ ctr0->count = num_entries;
+
+ if (resume_handle_p) {
+ if (*resume_handle_p >= *total_entries) {
+ *resume_handle_p = 0;
+ } else {
+ *resume_handle_p = resume_handle;
+ }
}
+
+ return WERR_OK;
}
/*******************************************************************
fill in a sess info level 1 structure.
********************************************************************/
-static void init_srv_sess_info_1(pipes_struct *p, SRV_SESS_INFO_1 *ss1, uint32 *snum, uint32 *stot)
+static WERROR init_srv_sess_info_1(pipes_struct *p,
+ struct srvsvc_NetSessCtr1 *ctr1,
+ uint32_t *resume_handle_p,
+ uint32_t *total_entries)
{
struct sessionid *session_list;
- uint32 num_entries = 0;
+ uint32_t num_entries = 0;
time_t now = time(NULL);
+ uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
- if ( !snum ) {
- ss1->num_entries_read = 0;
- ss1->ptr_sess_info = 0;
- ss1->num_entries_read2 = 0;
-
- (*stot) = 0;
+ ZERO_STRUCTP(ctr1);
- return;
- }
-
- if (ss1 == NULL) {
- (*snum) = 0;
- return;
+ if (ctr1 == NULL) {
+ if (resume_handle_p) {
+ *resume_handle_p = 0;
+ }
+ return WERR_OK;
}
- (*stot) = list_sessions(p->mem_ctx, &session_list);
-
+ *total_entries = list_sessions(p->mem_ctx, &session_list);
- for (; (*snum) < (*stot) && num_entries < MAX_SESS_ENTRIES; (*snum)++) {
+ for (; resume_handle < *total_entries; resume_handle++) {
uint32 num_files;
uint32 connect_time;
- struct passwd *pw = sys_getpwnam(session_list[*snum].username);
+ struct passwd *pw = sys_getpwnam(session_list[resume_handle].username);
bool guest;
if ( !pw ) {
DEBUG(10,("init_srv_sess_info_1: failed to find owner: %s\n",
- session_list[*snum].username));
+ session_list[resume_handle].username));
continue;
}
- connect_time = (uint32)(now - session_list[*snum].connect_start);
- num_files = net_count_files(pw->pw_uid, session_list[*snum].pid);
- guest = strequal( session_list[*snum].username, lp_guestaccount() );
-
- init_srv_sess_info1( &ss1->info_1[num_entries],
- session_list[*snum].remote_machine,
- session_list[*snum].username,
- num_files,
- connect_time,
- 0,
- guest);
- num_entries++;
- }
+ connect_time = (uint32_t)(now - session_list[resume_handle].connect_start);
+ num_files = net_count_files(pw->pw_uid, session_list[resume_handle].pid);
+ guest = strequal( session_list[resume_handle].username, lp_guestaccount() );
- ss1->num_entries_read = num_entries;
- ss1->ptr_sess_info = num_entries > 0 ? 1 : 0;
- ss1->num_entries_read2 = num_entries;
+ ctr1->array = TALLOC_REALLOC_ARRAY(p->mem_ctx,
+ ctr1->array,
+ struct srvsvc_NetSessInfo1,
+ num_entries+1);
+ W_ERROR_HAVE_NO_MEMORY(ctr1->array);
- if ((*snum) >= (*stot)) {
- (*snum) = 0;
- }
-
-}
-
-/*******************************************************************
- makes a SRV_R_NET_SESS_ENUM structure.
-********************************************************************/
+ ctr1->array[num_entries].client = session_list[resume_handle].remote_machine;
+ ctr1->array[num_entries].user = session_list[resume_handle].username;
+ ctr1->array[num_entries].num_open = num_files;
+ ctr1->array[num_entries].time = connect_time;
+ ctr1->array[num_entries].idle_time = 0;
+ ctr1->array[num_entries].user_flags = guest;
-static WERROR init_srv_sess_info_ctr(pipes_struct *p, SRV_SESS_INFO_CTR *ctr,
- int switch_value, uint32 *resume_hnd, uint32 *total_entries)
-{
- WERROR status = WERR_OK;
- DEBUG(5,("init_srv_sess_info_ctr: %d\n", __LINE__));
-
- ctr->switch_value = switch_value;
-
- switch (switch_value) {
- case 0:
- init_srv_sess_info_0(p, &(ctr->sess.info0), resume_hnd, total_entries);
- ctr->ptr_sess_ctr = 1;
- break;
- case 1:
- init_srv_sess_info_1(p, &(ctr->sess.info1), resume_hnd, total_entries);
- ctr->ptr_sess_ctr = 1;
- break;
- default:
- DEBUG(5,("init_srv_sess_info_ctr: unsupported switch value %d\n", switch_value));
- (*resume_hnd) = 0;
- (*total_entries) = 0;
- ctr->ptr_sess_ctr = 0;
- status = WERR_UNKNOWN_LEVEL;
- break;
+ num_entries++;
}
- return status;
-}
+ ctr1->count = num_entries;
-/*******************************************************************
- makes a SRV_R_NET_SESS_ENUM structure.
-********************************************************************/
-
-static void init_srv_r_net_sess_enum(pipes_struct *p, SRV_R_NET_SESS_ENUM *r_n,
- uint32 resume_hnd, int sess_level, int switch_value)
-{
- DEBUG(5,("init_srv_r_net_sess_enum: %d\n", __LINE__));
-
- r_n->sess_level = sess_level;
-
- if (sess_level == -1)
- r_n->status = WERR_UNKNOWN_LEVEL;
- else
- r_n->status = init_srv_sess_info_ctr(p, r_n->ctr, switch_value, &resume_hnd, &r_n->total_entries);
-
- if (!W_ERROR_IS_OK(r_n->status))
- resume_hnd = 0;
+ if (resume_handle_p) {
+ if (*resume_handle_p >= *total_entries) {
+ *resume_handle_p = 0;
+ } else {
+ *resume_handle_p = resume_handle;
+ }
+ }
- init_enum_hnd(&r_n->enum_hnd, resume_hnd);
+ return WERR_OK;
}
/*******************************************************************
fill in a conn info level 0 structure.
********************************************************************/
-static void init_srv_conn_info_0(SRV_CONN_INFO_0 *ss0, uint32 *snum, uint32 *stot)
+static WERROR init_srv_conn_info_0(struct srvsvc_NetConnCtr0 *ctr0,
+ uint32_t *resume_handle_p,
+ uint32_t *total_entries)
{
- uint32 num_entries = 0;
- (*stot) = 1;
+ uint32_t num_entries = 0;
+ uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
- if (ss0 == NULL) {
- (*snum) = 0;
- return;
+ DEBUG(5,("init_srv_conn_info_0\n"));
+
+ if (ctr0 == NULL) {
+ if (resume_handle_p) {
+ *resume_handle_p = 0;
+ }
+ return WERR_OK;
}
- DEBUG(5,("init_srv_conn_0_ss0\n"));
+ *total_entries = 1;
- if (snum) {
- for (; (*snum) < (*stot) && num_entries < MAX_CONN_ENTRIES; (*snum)++) {
+ ZERO_STRUCTP(ctr0);
- init_srv_conn_info0(&ss0->info_0[num_entries], (*stot));
+ for (; resume_handle < *total_entries; resume_handle++) {
- /* move on to creating next connection */
- /* move on to creating next conn */
- num_entries++;
+ ctr0->array = TALLOC_REALLOC_ARRAY(talloc_tos(),
+ ctr0->array,
+ struct srvsvc_NetConnInfo0,
+ num_entries+1);
+ if (!ctr0->array) {
+ return WERR_NOMEM;
}
- ss0->num_entries_read = num_entries;
- ss0->ptr_conn_info = num_entries > 0 ? 1 : 0;
- ss0->num_entries_read2 = num_entries;
+ ctr0->array[num_entries].conn_id = *total_entries;
- if ((*snum) >= (*stot)) {
- (*snum) = 0;
- }
+ /* move on to creating next connection */
+ num_entries++;
+ }
- } else {
- ss0->num_entries_read = 0;
- ss0->ptr_conn_info = 0;
- ss0->num_entries_read2 = 0;
+ ctr0->count = num_entries;
+ *total_entries = num_entries;
- (*stot) = 0;
+ if (resume_handle_p) {
+ if (*resume_handle_p >= *total_entries) {
+ *resume_handle_p = 0;
+ } else {
+ *resume_handle_p = resume_handle;
+ }
}
-}
-/*******************************************************************
- fill in a conn info level 1 structure.
- ********************************************************************/
-
-static void init_srv_conn_1_info(CONN_INFO_1 *se1, CONN_INFO_1_STR *str1,
- uint32 id, uint32 type,
- uint32 num_opens, uint32 num_users, uint32 open_time,
- const char *usr_name, const char *net_name)
-{
- init_srv_conn_info1(se1 , id, type, num_opens, num_users, open_time, usr_name, net_name);
- init_srv_conn_info1_str(str1, usr_name, net_name);
+ return WERR_OK;
}
/*******************************************************************
fill in a conn info level 1 structure.
********************************************************************/
-static void init_srv_conn_info_1(SRV_CONN_INFO_1 *ss1, uint32 *snum, uint32 *stot)
+static WERROR init_srv_conn_info_1(struct srvsvc_NetConnCtr1 *ctr1,
+ uint32_t *resume_handle_p,
+ uint32_t *total_entries)
{
- uint32 num_entries = 0;
- (*stot) = 1;
-
- if (ss1 == NULL) {
- (*snum) = 0;
- return;
- }
-
- DEBUG(5,("init_srv_conn_1_ss1\n"));
+ uint32_t num_entries = 0;
+ uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
- if (snum) {
- for (; (*snum) < (*stot) && num_entries < MAX_CONN_ENTRIES; (*snum)++) {
- init_srv_conn_1_info(&ss1->info_1[num_entries],
- &ss1->info_1_str[num_entries],
- (*stot), 0x3, 1, 1, 3,"dummy_user", "IPC$");
+ DEBUG(5,("init_srv_conn_info_1\n"));
- /* move on to creating next connection */
- /* move on to creating next conn */
- num_entries++;
+ if (ctr1 == NULL) {
+ if (resume_handle_p) {
+ *resume_handle_p = 0;
}
+ return WERR_OK;
+ }
+
+ *total_entries = 1;
- ss1->num_entries_read = num_entries;
- ss1->ptr_conn_info = num_entries > 0 ? 1 : 0;
- ss1->num_entries_read2 = num_entries;
+ ZERO_STRUCTP(ctr1);
+ for (; resume_handle < *total_entries; resume_handle++) {
- if ((*snum) >= (*stot)) {
- (*snum) = 0;
+ ctr1->array = TALLOC_REALLOC_ARRAY(talloc_tos(),
+ ctr1->array,
+ struct srvsvc_NetConnInfo1,
+ num_entries+1);
+ if (!ctr1->array) {
+ return WERR_NOMEM;
}
- } else {
- ss1->num_entries_read = 0;
- ss1->ptr_conn_info = 0;
- ss1->num_entries_read2 = 0;
+ ctr1->array[num_entries].conn_id = *total_entries;
+ ctr1->array[num_entries].conn_type = 0x3;
+ ctr1->array[num_entries].num_open = 1;
+ ctr1->array[num_entries].num_users = 1;
+ ctr1->array[num_entries].conn_time = 3;
+ ctr1->array[num_entries].user = "dummy_user";
+ ctr1->array[num_entries].share = "IPC$";
- (*stot) = 0;
+ /* move on to creating next connection */
+ num_entries++;
}
-}
-
-/*******************************************************************
- makes a SRV_R_NET_CONN_ENUM structure.
-********************************************************************/
-static WERROR init_srv_conn_info_ctr(SRV_CONN_INFO_CTR *ctr,
- int switch_value, uint32 *resume_hnd, uint32 *total_entries)
-{
- WERROR status = WERR_OK;
- DEBUG(5,("init_srv_conn_info_ctr: %d\n", __LINE__));
-
- ctr->switch_value = switch_value;
+ ctr1->count = num_entries;
+ *total_entries = num_entries;
- switch (switch_value) {
- case 0:
- init_srv_conn_info_0(&ctr->conn.info0, resume_hnd, total_entries);
- ctr->ptr_conn_ctr = 1;
- break;
- case 1:
- init_srv_conn_info_1(&ctr->conn.info1, resume_hnd, total_entries);
- ctr->ptr_conn_ctr = 1;
- break;
- default:
- DEBUG(5,("init_srv_conn_info_ctr: unsupported switch value %d\n", switch_value));
- (*resume_hnd = 0);
- (*total_entries) = 0;
- ctr->ptr_conn_ctr = 0;
- status = WERR_UNKNOWN_LEVEL;
- break;
+ if (resume_handle_p) {
+ if (*resume_handle_p >= *total_entries) {
+ *resume_handle_p = 0;
+ } else {
+ *resume_handle_p = resume_handle;
+ }
}
- return status;
+ return WERR_OK;
}
/*******************************************************************
- makes a SRV_R_NET_CONN_ENUM structure.
-********************************************************************/
+ _srvsvc_NetFileEnum
+*******************************************************************/
-static void init_srv_r_net_conn_enum(SRV_R_NET_CONN_ENUM *r_n,
- uint32 resume_hnd, int conn_level, int switch_value)
+WERROR _srvsvc_NetFileEnum(pipes_struct *p,
+ struct srvsvc_NetFileEnum *r)
{
- DEBUG(5,("init_srv_r_net_conn_enum: %d\n", __LINE__));
-
- r_n->conn_level = conn_level;
- if (conn_level == -1)
- r_n->status = WERR_UNKNOWN_LEVEL;
- else
- r_n->status = init_srv_conn_info_ctr(r_n->ctr, switch_value, &resume_hnd, &r_n->total_entries);
-
- if (!W_ERROR_IS_OK(r_n->status))
- resume_hnd = 0;
+ TALLOC_CTX *ctx = NULL;
+ struct srvsvc_NetFileCtr3 *ctr3;
+ uint32_t resume_hnd = 0;
+ WERROR werr;
- init_enum_hnd(&r_n->enum_hnd, resume_hnd);
-}
+ switch (r->in.info_ctr->level) {
+ case 3:
+ break;
+ default:
+ return WERR_UNKNOWN_LEVEL;
+ }
-/*******************************************************************
- makes a SRV_R_NET_FILE_ENUM structure.
-********************************************************************/
+ if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+ p->server_info->ptok)) {
+ DEBUG(1, ("Enumerating files only allowed for "
+ "administrators\n"));
+ return WERR_ACCESS_DENIED;
+ }
-static WERROR net_file_enum_3( const char *username, SRV_R_NET_FILE_ENUM *r,
- uint32 resume_hnd )
-{
- TALLOC_CTX *ctx = talloc_tos();
- SRV_FILE_INFO_CTR *ctr = &r->ctr;
+ ctx = talloc_tos();
+ ctr3 = r->in.info_ctr->ctr.ctr3;
+ if (!ctr3) {
+ werr = WERR_INVALID_PARAM;
+ goto done;
+ }
/* TODO -- Windows enumerates
(b) active pipes
(c) open directories and files */
- r->status = net_enum_files( ctx, username, &ctr->file.info3,
- &ctr->num_entries, resume_hnd );
- if ( !W_ERROR_IS_OK(r->status))
+ werr = net_enum_files(ctx, r->in.user, &ctr3, resume_hnd);
+ if (!W_ERROR_IS_OK(werr)) {
goto done;
+ }
- r->status = net_enum_pipes( ctx, username, &ctr->file.info3,
- &ctr->num_entries, resume_hnd );
- if ( !W_ERROR_IS_OK(r->status))
+ werr = net_enum_pipes(ctx, r->in.user, &ctr3, resume_hnd);
+ if (!W_ERROR_IS_OK(werr)) {
goto done;
+ }
- r->level = ctr->level = 3;
- r->total_entries = ctr->num_entries;
- /* ctr->num_entries = r->total_entries - resume_hnd; */
- ctr->num_entries2 = ctr->num_entries;
- ctr->ptr_file_info = 1;
-
- r->status = WERR_OK;
-
-done:
- if ( ctr->num_entries > 0 )
- ctr->ptr_entries = 1;
-
- init_enum_hnd(&r->enum_hnd, 0);
-
- return r->status;
-}
-
-/*******************************************************************
-*******************************************************************/
-
-WERROR _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u)
-{
- const char *username = NULL;
-
- switch ( q_u->level ) {
- case 3:
- if (q_u->username) {
- username = rpcstr_pull_unistr2_talloc(
- p->mem_ctx, q_u->username);
- if (!username) {
- return WERR_NOMEM;
- }
- }
+ *r->out.totalentries = ctr3->count;
+ r->out.info_ctr->ctr.ctr3->array = ctr3->array;
+ r->out.info_ctr->ctr.ctr3->count = ctr3->count;
- return net_file_enum_3(username, r_u,
- get_enum_hnd(&q_u->enum_hnd));
- default:
- return WERR_UNKNOWN_LEVEL;
- }
+ werr = WERR_OK;
- return WERR_OK;
+ done:
+ return werr;
}
/*******************************************************************
return WERR_NOMEM;
}
- init_srvsvc_NetSrvInfo102(info102,
- PLATFORM_ID_NT,
- global_myname(),
- lp_major_announce_version(),
- lp_minor_announce_version(),
- lp_default_server_announce(),
- string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH),
- 0xffffffff, /* users */
- 0xf, /* disc */
- 0, /* hidden */
- 240, /* announce */
- 3000, /* announce delta */
- 100000, /* licenses */
- "c:\\"); /* user path */
+ info102->platform_id = PLATFORM_ID_NT;
+ info102->server_name = global_myname();
+ info102->version_major = lp_major_announce_version();
+ info102->version_minor = lp_minor_announce_version();
+ info102->server_type = lp_default_server_announce();
+ info102->comment = string_truncate(lp_serverstring(),
+ MAX_SERVER_STRING_LENGTH);
+ info102->users = 0xffffffff;
+ info102->disc = 0xf;
+ info102->hidden = 0;
+ info102->announce = 240;
+ info102->anndelta = 3000;
+ info102->licenses = 100000;
+ info102->userpath = "C:\\";
+
r->out.info->info102 = info102;
break;
}
return WERR_NOMEM;
}
- init_srvsvc_NetSrvInfo101(info101,
- PLATFORM_ID_NT,
- global_myname(),
- lp_major_announce_version(),
- lp_minor_announce_version(),
- lp_default_server_announce(),
- string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH));
+ info101->platform_id = PLATFORM_ID_NT;
+ info101->server_name = global_myname();
+ info101->version_major = lp_major_announce_version();
+ info101->version_minor = lp_minor_announce_version();
+ info101->server_type = lp_default_server_announce();
+ info101->comment = string_truncate(lp_serverstring(),
+ MAX_SERVER_STRING_LENGTH);
+
r->out.info->info101 = info101;
break;
}
return WERR_NOMEM;
}
- init_srvsvc_NetSrvInfo100(info100,
- PLATFORM_ID_NT,
- global_myname());
+ info100->platform_id = PLATFORM_ID_NT;
+ info100->server_name = global_myname();
+
r->out.info->info100 = info100;
break;
}
/*******************************************************************
-net conn enum
+ _srvsvc_NetConnEnum
********************************************************************/
-WERROR _srv_net_conn_enum(pipes_struct *p, SRV_Q_NET_CONN_ENUM *q_u, SRV_R_NET_CONN_ENUM *r_u)
+WERROR _srvsvc_NetConnEnum(pipes_struct *p,
+ struct srvsvc_NetConnEnum *r)
{
- DEBUG(5,("srv_net_conn_enum: %d\n", __LINE__));
+ WERROR werr;
- r_u->ctr = TALLOC_P(p->mem_ctx, SRV_CONN_INFO_CTR);
- if (!r_u->ctr)
- return WERR_NOMEM;
+ DEBUG(5,("_srvsvc_NetConnEnum: %d\n", __LINE__));
- ZERO_STRUCTP(r_u->ctr);
+ if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+ p->server_info->ptok)) {
+ DEBUG(1, ("Enumerating connections only allowed for "
+ "administrators\n"));
+ return WERR_ACCESS_DENIED;
+ }
- /* set up the */
- init_srv_r_net_conn_enum(r_u,
- get_enum_hnd(&q_u->enum_hnd),
- q_u->conn_level,
- q_u->ctr->switch_value);
+ switch (r->in.info_ctr->level) {
+ case 0:
+ werr = init_srv_conn_info_0(r->in.info_ctr->ctr.ctr0,
+ r->in.resume_handle,
+ r->out.totalentries);
+ break;
+ case 1:
+ werr = init_srv_conn_info_1(r->in.info_ctr->ctr.ctr1,
+ r->in.resume_handle,
+ r->out.totalentries);
+ break;
+ default:
+ return WERR_UNKNOWN_LEVEL;
+ }
- DEBUG(5,("srv_net_conn_enum: %d\n", __LINE__));
+ DEBUG(5,("_srvsvc_NetConnEnum: %d\n", __LINE__));
- return r_u->status;
+ return werr;
}
/*******************************************************************
-net sess enum
+ _srvsvc_NetSessEnum
********************************************************************/
-WERROR _srv_net_sess_enum(pipes_struct *p, SRV_Q_NET_SESS_ENUM *q_u, SRV_R_NET_SESS_ENUM *r_u)
+WERROR _srvsvc_NetSessEnum(pipes_struct *p,
+ struct srvsvc_NetSessEnum *r)
{
- DEBUG(5,("_srv_net_sess_enum: %d\n", __LINE__));
+ WERROR werr;
- r_u->ctr = TALLOC_P(p->mem_ctx, SRV_SESS_INFO_CTR);
- if (!r_u->ctr)
- return WERR_NOMEM;
+ DEBUG(5,("_srvsvc_NetSessEnum: %d\n", __LINE__));
- ZERO_STRUCTP(r_u->ctr);
+ if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+ p->server_info->ptok)) {
+ DEBUG(1, ("Enumerating sessions only allowed for "
+ "administrators\n"));
+ return WERR_ACCESS_DENIED;
+ }
- /* set up the */
- init_srv_r_net_sess_enum(p, r_u,
- get_enum_hnd(&q_u->enum_hnd),
- q_u->sess_level,
- q_u->ctr->switch_value);
+ switch (r->in.info_ctr->level) {
+ case 0:
+ werr = init_srv_sess_info_0(p,
+ r->in.info_ctr->ctr.ctr0,
+ r->in.resume_handle,
+ r->out.totalentries);
+ break;
+ case 1:
+ werr = init_srv_sess_info_1(p,
+ r->in.info_ctr->ctr.ctr1,
+ r->in.resume_handle,
+ r->out.totalentries);
+ break;
+ default:
+ return WERR_UNKNOWN_LEVEL;
+ }
- DEBUG(5,("_srv_net_sess_enum: %d\n", __LINE__));
+ DEBUG(5,("_srvsvc_NetSessEnum: %d\n", __LINE__));
- return r_u->status;
+ return werr;
}
/*******************************************************************
struct srvsvc_NetSessDel *r)
{
struct sessionid *session_list;
- struct current_user user;
int num_sessions, snum;
const char *username;
const char *machine;
werr = WERR_ACCESS_DENIED;
- get_current_user(&user, p);
-
/* fail out now if you are not root or not a domain admin */
- if ((user.ut.uid != sec_initial_uid()) &&
- ( ! nt_token_check_domain_rid(p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS))) {
+ if ((p->server_info->utok.uid != sec_initial_uid()) &&
+ ( ! nt_token_check_domain_rid(p->server_info->ptok,
+ DOMAIN_GROUP_RID_ADMINS))) {
goto done;
}
NTSTATUS ntstat;
- if (user.ut.uid != sec_initial_uid()) {
+ if (p->server_info->utok.uid != sec_initial_uid()) {
not_root = True;
become_root();
}
DEBUG(5,("_srvsvc_NetShareGetInfo: %d\n", __LINE__));
- fstrcpy(share_name, r->in.share_name);
+ if (!r->in.share_name) {
+ return WERR_INVALID_NAME;
+ }
- snum = find_service(share_name);
+ snum = find_service(r->in.share_name, share_name);
if (snum < 0) {
return WERR_INVALID_NAME;
}
WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
struct srvsvc_NetShareSetInfo *r)
{
- struct current_user user;
char *command = NULL;
- char *share_name = NULL;
+ fstring share_name;
char *comment = NULL;
const char *pathname = NULL;
int type;
DEBUG(5,("_srvsvc_NetShareSetInfo: %d\n", __LINE__));
- share_name = talloc_strdup(p->mem_ctx, r->in.share_name);
- if (!share_name) {
- return WERR_NOMEM;
+ if (!r->in.share_name) {
+ return WERR_INVALID_NAME;
}
- *r->out.parm_error = 0;
+ if (r->out.parm_error) {
+ *r->out.parm_error = 0;
+ }
- if ( strequal(share_name,"IPC$")
- || ( lp_enable_asu_support() && strequal(share_name,"ADMIN$") )
- || strequal(share_name,"global") )
+ if ( strequal(r->in.share_name,"IPC$")
+ || ( lp_enable_asu_support() && strequal(r->in.share_name,"ADMIN$") )
+ || strequal(r->in.share_name,"global") )
{
+ DEBUG(5,("_srvsvc_NetShareSetInfo: share %s cannot be "
+ "modified by a remote user.\n",
+ r->in.share_name ));
return WERR_ACCESS_DENIED;
}
- snum = find_service(share_name);
+ snum = find_service(r->in.share_name, share_name);
/* Does this share exist ? */
if (snum < 0)
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- get_current_user(&user,p);
-
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
/* fail out now if you are not root and not a disk op */
- if ( user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if ( p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) {
+ DEBUG(2,("_srvsvc_NetShareSetInfo: uid %u doesn't have the "
+ "SeDiskOperatorPrivilege privilege needed to modify "
+ "share %s\n",
+ (unsigned int)p->server_info->utok.uid,
+ share_name ));
return WERR_ACCESS_DENIED;
+ }
switch (r->in.level) {
case 1:
pathname = talloc_strdup(ctx, lp_pathname(snum));
- comment = talloc_strdup(ctx, info->info2->comment);
- type = info->info2->type;
+ comment = talloc_strdup(ctx, info->info1->comment);
+ type = info->info1->type;
psd = NULL;
break;
case 2:
comment = talloc_strdup(ctx, info->info2->comment);
pathname = info->info2->path;
type = info->info2->type;
- max_connections = (info->info2->max_users == 0xffffffff) ?
+ max_connections = (info->info2->max_users == (uint32_t)-1) ?
0 : info->info2->max_users;
psd = NULL;
break;
comment = talloc_strdup(ctx, info->info502->comment);
pathname = info->info502->path;
type = info->info502->type;
- psd = info->info502->sd;
+ psd = info->info502->sd_buf.sd;
map_generic_share_sd_bits(psd);
break;
case 1004:
}
/* We can only modify disk shares. */
- if (type != STYPE_DISKTREE)
+ if (type != STYPE_DISKTREE) {
+ DEBUG(5,("_srvsvc_NetShareSetInfo: share %s is not a "
+ "disk share\n",
+ share_name ));
return WERR_ACCESS_DENIED;
+ }
+
+ if (comment == NULL) {
+ return WERR_NOMEM;
+ }
/* Check if the pathname is valid. */
- if (!(path = valid_share_pathname(p->mem_ctx, pathname )))
+ if (!(path = valid_share_pathname(p->mem_ctx, pathname ))) {
+ DEBUG(5,("_srvsvc_NetShareSetInfo: invalid pathname %s\n",
+ pathname ));
return WERR_OBJECT_PATH_INVALID;
+ }
/* Ensure share name, pathname and comment don't contain '"' characters. */
string_replace(share_name, '"', ' ');
string_replace(path, '"', ' ');
- if (comment) {
- string_replace(comment, '"', ' ');
- }
+ string_replace(comment, '"', ' ');
DEBUG(10,("_srvsvc_NetShareSetInfo: change share command = %s\n",
lp_change_share_cmd() ? lp_change_share_cmd() : "NULL" ));
old_sd = get_share_security(p->mem_ctx, lp_servicename(snum), &sd_size);
- if (old_sd && !sec_desc_equal(old_sd, psd)) {
+ if (old_sd && !security_descriptor_equal(old_sd, psd)) {
if (!set_share_security(share_name, psd))
DEBUG(0,("_srvsvc_NetShareSetInfo: Failed to change security info in share %s.\n",
share_name ));
WERROR _srvsvc_NetShareAdd(pipes_struct *p,
struct srvsvc_NetShareAdd *r)
{
- struct current_user user;
char *command = NULL;
- char *share_name = NULL;
+ char *share_name_in = NULL;
+ fstring share_name;
char *comment = NULL;
char *pathname = NULL;
int type;
DEBUG(5,("_srvsvc_NetShareAdd: %d\n", __LINE__));
- *r->out.parm_error = 0;
-
- get_current_user(&user,p);
+ if (r->out.parm_error) {
+ *r->out.parm_error = 0;
+ }
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
- if (user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
if (!lp_add_share_cmd() || !*lp_add_share_cmd()) {
/* Not enough info in a level 1 to do anything. */
return WERR_ACCESS_DENIED;
case 2:
- share_name = talloc_strdup(ctx, r->in.info->info2->name);
+ share_name_in = talloc_strdup(ctx, r->in.info->info2->name);
comment = talloc_strdup(ctx, r->in.info->info2->comment);
pathname = talloc_strdup(ctx, r->in.info->info2->path);
- max_connections = (r->in.info->info2->max_users == 0xffffffff) ?
+ max_connections = (r->in.info->info2->max_users == (uint32_t)-1) ?
0 : r->in.info->info2->max_users;
type = r->in.info->info2->type;
break;
/* No path. Not enough info in a level 501 to do anything. */
return WERR_ACCESS_DENIED;
case 502:
- share_name = talloc_strdup(ctx, r->in.info->info502->name);
+ share_name_in = talloc_strdup(ctx, r->in.info->info502->name);
comment = talloc_strdup(ctx, r->in.info->info502->comment);
pathname = talloc_strdup(ctx, r->in.info->info502->path);
- max_connections = (r->in.info->info502->max_users == 0xffffffff) ?
+ max_connections = (r->in.info->info502->max_users == (uint32_t)-1) ?
0 : r->in.info->info502->max_users;
type = r->in.info->info502->type;
- psd = r->in.info->info502->sd;
+ psd = r->in.info->info502->sd_buf.sd;
map_generic_share_sd_bits(psd);
break;
/* check for invalid share names */
- if (!share_name || !validate_net_name(share_name,
+ if (!share_name_in || !validate_net_name(share_name_in,
INVALID_SHARENAME_CHARS,
- strlen(share_name))) {
+ strlen(share_name_in))) {
DEBUG(5,("_srvsvc_NetShareAdd: Bad sharename \"%s\"\n",
- share_name ? share_name : ""));
+ share_name_in ? share_name_in : ""));
return WERR_INVALID_NAME;
}
- if (strequal(share_name,"IPC$") || strequal(share_name,"global")
+ if (strequal(share_name_in,"IPC$") || strequal(share_name_in,"global")
|| (lp_enable_asu_support() &&
- strequal(share_name,"ADMIN$"))) {
+ strequal(share_name_in,"ADMIN$"))) {
return WERR_ACCESS_DENIED;
}
- snum = find_service(share_name);
+ snum = find_service(share_name_in, share_name);
/* Share already exists. */
if (snum >= 0) {
- return WERR_ALREADY_EXISTS;
+ return WERR_FILE_EXISTS;
}
/* We can only add disk shares. */
}
/* Ensure share name, pathname and comment don't contain '"' characters. */
- string_replace(share_name, '"', ' ');
+ string_replace(share_name_in, '"', ' ');
string_replace(path, '"', ' ');
if (comment) {
string_replace(comment, '"', ' ');
"%s \"%s\" \"%s\" \"%s\" \"%s\" %d",
lp_add_share_cmd(),
get_dyn_CONFIGFILE(),
- share_name,
+ share_name_in,
path,
comment ? comment : "",
max_connections);
return WERR_ACCESS_DENIED;
if (psd) {
+ /* Note we use share_name here, not share_name_in as
+ we need a canonicalized name for setting security. */
if (!set_share_security(share_name, psd)) {
DEBUG(0,("_srvsvc_NetShareAdd: Failed to add security info to share %s.\n",
share_name ));
WERROR _srvsvc_NetShareDel(pipes_struct *p,
struct srvsvc_NetShareDel *r)
{
- struct current_user user;
char *command = NULL;
- char *share_name = NULL;
+ fstring share_name;
int ret;
int snum;
SE_PRIV se_diskop = SE_DISK_OPERATOR;
DEBUG(5,("_srvsvc_NetShareDel: %d\n", __LINE__));
- share_name = talloc_strdup(p->mem_ctx, r->in.share_name);
- if (!share_name) {
+ if (!r->in.share_name) {
return WERR_NET_NAME_NOT_FOUND;
}
- if ( strequal(share_name,"IPC$")
- || ( lp_enable_asu_support() && strequal(share_name,"ADMIN$") )
- || strequal(share_name,"global") )
+ if ( strequal(r->in.share_name,"IPC$")
+ || ( lp_enable_asu_support() && strequal(r->in.share_name,"ADMIN$") )
+ || strequal(r->in.share_name,"global") )
{
return WERR_ACCESS_DENIED;
}
- if (!(params = get_share_params(p->mem_ctx, share_name))) {
+ if (!(params = get_share_params(p->mem_ctx, r->in.share_name))) {
return WERR_NO_SUCH_SHARE;
}
- snum = find_service(share_name);
+ snum = find_service(r->in.share_name, share_name);
/* No change to printer shares. */
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- get_current_user(&user,p);
-
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
- if (user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) {
t = gmtime(&unixdate);
/* set up the */
- init_srvsvc_NetRemoteTODInfo(tod,
- unixdate,
- 0,
- t->tm_hour,
- t->tm_min,
- t->tm_sec,
- 0,
- zone,
- 10000,
- t->tm_mday,
- t->tm_mon + 1,
- 1900+t->tm_year,
- t->tm_wday);
+ tod->elapsed = unixdate;
+ tod->msecs = 0;
+ tod->hours = t->tm_hour;
+ tod->mins = t->tm_min;
+ tod->secs = t->tm_sec;
+ tod->hunds = 0;
+ tod->timezone = zone;
+ tod->tinterval = 10000;
+ tod->day = t->tm_mday;
+ tod->month = t->tm_mon + 1;
+ tod->year = 1900+t->tm_year;
+ tod->weekday = t->tm_wday;
DEBUG(5,("_srvsvc_NetRemoteTOD: %d\n", __LINE__));
WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
struct srvsvc_NetGetFileSecurity *r)
{
+ struct smb_filename *smb_fname = NULL;
SEC_DESC *psd = NULL;
size_t sd_size;
- DATA_BLOB null_pw;
- char *filename_in = NULL;
- char *filename = NULL;
- char *qualname = NULL;
+ fstring servicename;
SMB_STRUCT_STAT st;
NTSTATUS nt_status;
WERROR werr;
- struct current_user user;
connection_struct *conn = NULL;
- bool became_user = False;
- TALLOC_CTX *ctx = p->mem_ctx;
- struct sec_desc_buf *sd_buf;
+ struct sec_desc_buf *sd_buf = NULL;
+ files_struct *fsp = NULL;
+ int snum;
+ char *oldcwd = NULL;
ZERO_STRUCT(st);
- werr = WERR_OK;
-
- qualname = talloc_strdup(ctx, r->in.share);
- if (!qualname) {
- werr = WERR_ACCESS_DENIED;
- goto error_exit;
- }
-
- /* Null password is ok - we are already an authenticated user... */
- null_pw = data_blob_null;
-
- get_current_user(&user, p);
-
- become_root();
- conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
- unbecome_root();
-
- if (conn == NULL) {
- DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to connect to %s\n",
- qualname));
- werr = ntstatus_to_werror(nt_status);
- goto error_exit;
+ if (!r->in.share) {
+ return WERR_INVALID_NAME;
}
- if (!become_user(conn, conn->vuid)) {
- DEBUG(0,("_srvsvc_NetGetFileSecurity: Can't become connected user!\n"));
- werr = WERR_ACCESS_DENIED;
+ snum = find_service(r->in.share, servicename);
+ if (snum == -1) {
+ DEBUG(10, ("Could not find service %s\n", servicename));
+ werr = WERR_NET_NAME_NOT_FOUND;
goto error_exit;
}
- became_user = True;
- filename_in = talloc_strdup(ctx, r->in.file);
- if (!filename_in) {
- werr = WERR_ACCESS_DENIED;
+ nt_status = create_conn_struct(talloc_tos(), &conn, snum,
+ lp_pathname(snum), p->server_info,
+ &oldcwd);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(10, ("create_conn_struct failed: %s\n",
+ nt_errstr(nt_status)));
+ werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- nt_status = unix_convert(ctx, conn, filename_in, False, &filename, NULL, &st);
+ nt_status = filename_convert(talloc_tos(),
+ conn,
+ false,
+ r->in.file,
+ 0,
+ NULL,
+ &smb_fname);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetGetFileSecurity: bad pathname %s\n",
- filename));
- werr = WERR_ACCESS_DENIED;
+ werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- nt_status = check_name(conn, filename);
+ nt_status = SMB_VFS_CREATE_FILE(
+ conn, /* conn */
+ NULL, /* req */
+ 0, /* root_dir_fid */
+ smb_fname, /* fname */
+ FILE_READ_ATTRIBUTES, /* access_mask */
+ FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */
+ FILE_OPEN, /* create_disposition*/
+ 0, /* create_options */
+ 0, /* file_attributes */
+ INTERNAL_OPEN_ONLY, /* oplock_request */
+ 0, /* allocation_size */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp, /* result */
+ NULL); /* pinfo */
+
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetGetFileSecurity: can't access %s\n",
- filename));
- werr = WERR_ACCESS_DENIED;
+ DEBUG(3,("_srvsvc_NetGetFileSecurity: can't open %s\n",
+ smb_fname_str_dbg(smb_fname)));
+ werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- nt_status = SMB_VFS_GET_NT_ACL(conn, filename,
+ nt_status = SMB_VFS_FGET_NT_ACL(fsp,
(OWNER_SECURITY_INFORMATION
|GROUP_SECURITY_INFORMATION
|DACL_SECURITY_INFORMATION), &psd);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL for file %s\n",
- filename));
+ DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL "
+ "for file %s\n", smb_fname_str_dbg(smb_fname)));
werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- sd_size = ndr_size_security_descriptor(psd, 0);
+ sd_size = ndr_size_security_descriptor(psd, NULL, 0);
- sd_buf = TALLOC_ZERO_P(ctx, struct sec_desc_buf);
+ sd_buf = TALLOC_ZERO_P(p->mem_ctx, struct sec_desc_buf);
if (!sd_buf) {
werr = WERR_NOMEM;
goto error_exit;
psd->dacl->revision = NT4_ACL_REVISION;
- unbecome_user();
- close_cnum(conn, user.vuid);
- return werr;
+ close_file(NULL, fsp, NORMAL_CLOSE);
+ vfs_ChDir(conn, oldcwd);
+ conn_free(conn);
+ werr = WERR_OK;
+ goto done;
error_exit:
- if (became_user)
- unbecome_user();
+ if (fsp) {
+ close_file(NULL, fsp, NORMAL_CLOSE);
+ }
+
+ if (oldcwd) {
+ vfs_ChDir(conn, oldcwd);
+ }
+
+ if (conn) {
+ conn_free(conn);
+ }
- if (conn)
- close_cnum(conn, user.vuid);
+ done:
+ TALLOC_FREE(smb_fname);
return werr;
}
WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
struct srvsvc_NetSetFileSecurity *r)
{
- char *filename_in = NULL;
- char *filename = NULL;
- char *qualname = NULL;
- DATA_BLOB null_pw;
+ struct smb_filename *smb_fname = NULL;
+ fstring servicename;
files_struct *fsp = NULL;
SMB_STRUCT_STAT st;
NTSTATUS nt_status;
WERROR werr;
- struct current_user user;
connection_struct *conn = NULL;
- bool became_user = False;
- TALLOC_CTX *ctx = p->mem_ctx;
+ int snum;
+ char *oldcwd = NULL;
+ struct security_descriptor *psd = NULL;
+ uint32_t security_info_sent = 0;
ZERO_STRUCT(st);
- werr = WERR_OK;
-
- qualname = talloc_strdup(ctx, r->in.share);
- if (!qualname) {
- werr = WERR_ACCESS_DENIED;
- goto error_exit;
- }
-
- /* Null password is ok - we are already an authenticated user... */
- null_pw = data_blob_null;
-
- get_current_user(&user, p);
-
- become_root();
- conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
- unbecome_root();
-
- if (conn == NULL) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to connect to %s\n", qualname));
- werr = ntstatus_to_werror(nt_status);
- goto error_exit;
+ if (!r->in.share) {
+ return WERR_INVALID_NAME;
}
- if (!become_user(conn, conn->vuid)) {
- DEBUG(0,("_srvsvc_NetSetFileSecurity: Can't become connected user!\n"));
- werr = WERR_ACCESS_DENIED;
+ snum = find_service(r->in.share, servicename);
+ if (snum == -1) {
+ DEBUG(10, ("Could not find service %s\n", servicename));
+ werr = WERR_NET_NAME_NOT_FOUND;
goto error_exit;
}
- became_user = True;
- filename_in = talloc_strdup(ctx, r->in.file);
- if (!filename_in) {
- werr = WERR_ACCESS_DENIED;
+ nt_status = create_conn_struct(talloc_tos(), &conn, snum,
+ lp_pathname(snum), p->server_info,
+ &oldcwd);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(10, ("create_conn_struct failed: %s\n",
+ nt_errstr(nt_status)));
+ werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- nt_status = unix_convert(ctx, conn, filename, False, &filename, NULL, &st);
+ nt_status = filename_convert(talloc_tos(),
+ conn,
+ false,
+ r->in.file,
+ 0,
+ NULL,
+ &smb_fname);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: bad pathname %s\n", filename));
- werr = WERR_ACCESS_DENIED;
+ werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- nt_status = check_name(conn, filename);
+ nt_status = SMB_VFS_CREATE_FILE(
+ conn, /* conn */
+ NULL, /* req */
+ 0, /* root_dir_fid */
+ smb_fname, /* fname */
+ FILE_WRITE_ATTRIBUTES, /* access_mask */
+ FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */
+ FILE_OPEN, /* create_disposition*/
+ 0, /* create_options */
+ 0, /* file_attributes */
+ INTERNAL_OPEN_ONLY, /* oplock_request */
+ 0, /* allocation_size */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp, /* result */
+ NULL); /* pinfo */
+
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: can't access %s\n", filename));
- werr = WERR_ACCESS_DENIED;
+ DEBUG(3,("_srvsvc_NetSetFileSecurity: can't open %s\n",
+ smb_fname_str_dbg(smb_fname)));
+ werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- nt_status = open_file_stat(conn, NULL, filename, &st, &fsp);
+ psd = r->in.sd_buf->sd;
+ security_info_sent = r->in.securityinformation;
- if ( !NT_STATUS_IS_OK(nt_status) ) {
- /* Perhaps it is a directory */
- if (NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_IS_A_DIRECTORY))
- nt_status = open_directory(conn, NULL, filename, &st,
- FILE_READ_ATTRIBUTES,
- FILE_SHARE_READ|FILE_SHARE_WRITE,
- FILE_OPEN,
- 0,
- FILE_ATTRIBUTE_DIRECTORY,
- NULL, &fsp);
-
- if ( !NT_STATUS_IS_OK(nt_status) ) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to open file %s\n", filename));
- werr = ntstatus_to_werror(nt_status);
- goto error_exit;
- }
+ if (psd->owner_sid==0) {
+ security_info_sent &= ~OWNER_SECURITY_INFORMATION;
+ }
+ if (psd->group_sid==0) {
+ security_info_sent &= ~GROUP_SECURITY_INFORMATION;
+ }
+ if (psd->sacl==0) {
+ security_info_sent &= ~SACL_SECURITY_INFORMATION;
+ }
+ if (psd->dacl==0) {
+ security_info_sent &= ~DACL_SECURITY_INFORMATION;
}
- nt_status = SMB_VFS_SET_NT_ACL(fsp, fsp->fsp_name,
- r->in.securityinformation,
- r->in.sd_buf->sd);
+ /* Convert all the generic bits. */
+ security_acl_map_generic(psd->dacl, &file_generic_mapping);
+ security_acl_map_generic(psd->sacl, &file_generic_mapping);
+
+ nt_status = SMB_VFS_FSET_NT_ACL(fsp,
+ security_info_sent,
+ psd);
if (!NT_STATUS_IS_OK(nt_status) ) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to set NT ACL on file %s\n", filename));
+ DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to set NT ACL "
+ "on file %s\n", r->in.share));
werr = WERR_ACCESS_DENIED;
goto error_exit;
}
- close_file(fsp, NORMAL_CLOSE);
- unbecome_user();
- close_cnum(conn, user.vuid);
- return werr;
+ close_file(NULL, fsp, NORMAL_CLOSE);
+ vfs_ChDir(conn, oldcwd);
+ conn_free(conn);
+ werr = WERR_OK;
+ goto done;
error_exit:
- if(fsp) {
- close_file(fsp, NORMAL_CLOSE);
+ if (fsp) {
+ close_file(NULL, fsp, NORMAL_CLOSE);
}
- if (became_user) {
- unbecome_user();
+ if (oldcwd) {
+ vfs_ChDir(conn, oldcwd);
}
if (conn) {
- close_cnum(conn, user.vuid);
+ conn_free(conn);
}
+ done:
+ TALLOC_FREE(smb_fname);
+
return werr;
}
/*allow one struct srvsvc_NetDiskInfo0 for null terminator*/
+ r->out.info->count = 0;
+
for(i = 0; i < MAX_SERVER_DISK_ENTRIES -1 && (disk_name = next_server_disk_enum(&resume)); i++) {
r->out.info->count++;
return WERR_OK;
}
+/*******************************************************************
+********************************************************************/
+
+static void enum_file_close_fn( const struct share_mode_entry *e,
+ const char *sharepath, const char *fname,
+ void *private_data )
+{
+ char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
+ struct srvsvc_NetFileClose *r =
+ (struct srvsvc_NetFileClose *)private_data;
+ uint32_t fid = (((uint32_t)(procid_to_pid(&e->pid))<<16) | e->share_file_id);
+
+ if (fid != r->in.fid) {
+ return; /* Not this file. */
+ }
+
+ if (!process_exists(e->pid) ) {
+ return;
+ }
+
+ /* Ok - send the close message. */
+ DEBUG(10,("enum_file_close_fn: request to close file %s, %s\n",
+ sharepath,
+ share_mode_str(talloc_tos(), 0, e) ));
+
+ share_mode_entry_to_message(msg, e);
+
+ r->out.result = ntstatus_to_werror(
+ messaging_send_buf(smbd_messaging_context(),
+ e->pid, MSG_SMB_CLOSE_FILE,
+ (uint8 *)msg,
+ MSG_SMB_SHARE_MODE_ENTRY_SIZE));
+}
+
/********************************************************************
+ Close a file given a 32-bit file id.
********************************************************************/
WERROR _srvsvc_NetFileClose(pipes_struct *p, struct srvsvc_NetFileClose *r)
{
- return WERR_ACCESS_DENIED;
-}
+ SE_PRIV se_diskop = SE_DISK_OPERATOR;
+ bool is_disk_op;
+ DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__));
+
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
+
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) {
+ return WERR_ACCESS_DENIED;
+ }
+
+ /* enum_file_close_fn sends the close message to
+ * the relevent smbd process. */
+
+ r->out.result = WERR_BADFILE;
+ share_mode_forall( enum_file_close_fn, (void *)r);
+ return r->out.result;
+}
/********************************************************************
********************************************************************/
return WERR_NOT_SUPPORTED;
}
-WERROR _srvsvc_NetConnEnum(pipes_struct *p, struct srvsvc_NetConnEnum *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
-WERROR _srvsvc_NetFileEnum(pipes_struct *p, struct srvsvc_NetFileEnum *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
WERROR _srvsvc_NetFileGetInfo(pipes_struct *p, struct srvsvc_NetFileGetInfo *r)
{
p->rng_fault_state = True;
return WERR_NOT_SUPPORTED;
}
-WERROR _srvsvc_NetSessEnum(pipes_struct *p, struct srvsvc_NetSessEnum *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
WERROR _srvsvc_NetShareCheck(pipes_struct *p, struct srvsvc_NetShareCheck *r)
{
p->rng_fault_state = True;