#define MAX_SERVER_DISK_ENTRIES 15
-/***************************/
-
-/* oops - this is going to take up a *massive* amount of stack. */
-/* the UNISTR2s already have 1024 uint16 chars in them... */
-
-#define MAX_SESS_ENTRIES 32
-
-/***************************/
-
-/* oops - this is going to take up a *massive* amount of stack. */
-/* the UNISTR2s already have 1024 uint16 chars in them... */
-#define MAX_CONN_ENTRIES 32
-
/* Use for enumerating connections, pipes, & files */
struct file_enum_count {
fenum->ctr3->array = f;
init_srvsvc_NetFileInfo3(&fenum->ctr3->array[i],
- (uint32_t)((procid_to_pid(&prec.pid)<<16) & prec.pnum),
+ (((uint32_t)(procid_to_pid(&prec.pid))<<16) | prec.pnum),
(FILE_READ_DATA|FILE_WRITE_DATA),
0,
fullpath,
string_replace( fullpath, '/', '\\' );
/* mask out create (what ever that is) */
- permissions = e->share_access & (FILE_READ_DATA|FILE_WRITE_DATA);
+ permissions = e->access_mask & (FILE_READ_DATA|FILE_WRITE_DATA);
/* now fill in the srvsvc_NetFileInfo3 struct */
init_srvsvc_NetFileInfo3(&fenum->ctr3->array[i],
- e->share_file_id,
+ (((uint32_t)(procid_to_pid(&e->pid))<<16) | e->share_file_id),
permissions,
num_locks,
- username,
- fullpath);
+ fullpath,
+ username);
fenum->ctr3->count++;
}
char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = standard_sub_conn(p->mem_ctx,
- p->conn,
- remark);
+ remark = talloc_sub_advanced(
+ p->mem_ctx, lp_servicename(snum),
+ get_current_username(), lp_pathname(snum),
+ p->server_info->utok.uid, get_current_username(),
+ "", remark);
}
init_srvsvc_NetShareInfo1(r, net_name,
remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = standard_sub_conn(p->mem_ctx,
- p->conn,
- remark);
+ remark = talloc_sub_advanced(
+ p->mem_ctx, lp_servicename(snum),
+ get_current_username(), lp_pathname(snum),
+ p->server_info->utok.uid, get_current_username(),
+ "", remark);
}
path = talloc_asprintf(p->mem_ctx,
"C:%s", lp_pathname(snum));
char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = standard_sub_conn(p->mem_ctx, p->conn, remark);
+ remark = talloc_sub_advanced(
+ p->mem_ctx, lp_servicename(snum),
+ get_current_username(), lp_pathname(snum),
+ p->server_info->utok.uid, get_current_username(),
+ "", remark);
}
init_srvsvc_NetShareInfo501(r, net_name,
char *remark = talloc_strdup(ctx, lp_comment(snum));;
if (remark) {
- remark = standard_sub_conn(ctx, p->conn, remark);
+ remark = talloc_sub_advanced(
+ p->mem_ctx, lp_servicename(snum),
+ get_current_username(), lp_pathname(snum),
+ p->server_info->utok.uid, get_current_username(),
+ "", remark);
}
path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum));
if (path) {
char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = standard_sub_conn(p->mem_ctx, p->conn, remark);
+ remark = talloc_sub_advanced(
+ p->mem_ctx, lp_servicename(snum),
+ get_current_username(), lp_pathname(snum),
+ p->server_info->utok.uid, get_current_username(),
+ "", remark);
}
init_srvsvc_NetShareInfo1004(r, remark ? remark : "");
return (net_name[strlen(net_name) - 1] == '$') ? True : False;
}
+/*******************************************************************
+ Verify user is allowed to view share, access based enumeration
+********************************************************************/
+static bool is_enumeration_allowed(pipes_struct *p,
+ int snum)
+{
+ if (!lp_access_based_share_enum(snum))
+ return true;
+
+ return share_access_check(p->server_info->ptok, lp_servicename(snum),
+ FILE_READ_DATA);
+}
+
/*******************************************************************
Fill in a share info structure.
********************************************************************/
TALLOC_CTX *ctx = p->mem_ctx;
int i = 0;
int valid_share_count = 0;
+ bool *allowed = 0;
union srvsvc_NetShareCtr ctr;
uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
num_services = lp_numservices();
unbecome_root();
- /* Count the number of entries. */
- for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
- DEBUG(10, ("counting service %s\n", lp_servicename(snum)));
- num_entries++;
- } else {
- DEBUG(10, ("NOT counting service %s\n", lp_servicename(snum)));
- }
- }
+ allowed = TALLOC_ZERO_ARRAY(ctx, bool, num_services);
+ W_ERROR_HAVE_NO_MEMORY(allowed);
+
+ /* Count the number of entries. */
+ for (snum = 0; snum < num_services; snum++) {
+ if (lp_browseable(snum) && lp_snum_ok(snum) &&
+ is_enumeration_allowed(p, snum) &&
+ (all_shares || !is_hidden_share(snum)) ) {
+ DEBUG(10, ("counting service %s\n", lp_servicename(snum)));
+ allowed[snum] = true;
+ num_entries++;
+ } else {
+ DEBUG(10, ("NOT counting service %s\n", lp_servicename(snum)));
+ }
+ }
if (!num_entries || (resume_handle >= num_entries)) {
return WERR_OK;
W_ERROR_HAVE_NO_MEMORY(ctr.ctr0->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_0(p, &ctr.ctr0->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1(p, &ctr.ctr1->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr2->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_2(p, &ctr.ctr2->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr501->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_501(p, &ctr.ctr501->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr502->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_502(p, &ctr.ctr502->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1004->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1004(p, &ctr.ctr1004->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1005->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1005(p, &ctr.ctr1005->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1006->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1006(p, &ctr.ctr1006->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1007->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1007(p, &ctr.ctr1007->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1501->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1501(p, &ctr.ctr1501->array[i++], snum);
}
return WERR_OK;
}
- for (; resume_handle < *total_entries && num_entries < MAX_SESS_ENTRIES; resume_handle++) {
+ for (; resume_handle < *total_entries; resume_handle++) {
ctr0->array = TALLOC_REALLOC_ARRAY(p->mem_ctx,
ctr0->array,
*total_entries = list_sessions(p->mem_ctx, &session_list);
- for (; resume_handle < *total_entries && num_entries < MAX_SESS_ENTRIES; resume_handle++) {
+ for (; resume_handle < *total_entries; resume_handle++) {
uint32 num_files;
uint32 connect_time;
struct passwd *pw = sys_getpwnam(session_list[resume_handle].username);
ZERO_STRUCTP(ctr0);
- for (; resume_handle < *total_entries && num_entries < MAX_CONN_ENTRIES; resume_handle++) {
+ for (; resume_handle < *total_entries; resume_handle++) {
ctr0->array = TALLOC_REALLOC_ARRAY(talloc_tos(),
ctr0->array,
ZERO_STRUCTP(ctr1);
- for (; (resume_handle < *total_entries) && num_entries < MAX_CONN_ENTRIES; resume_handle++) {
+ for (; resume_handle < *total_entries; resume_handle++) {
ctr1->array = TALLOC_REALLOC_ARRAY(talloc_tos(),
ctr1->array,
struct srvsvc_NetSessDel *r)
{
struct sessionid *session_list;
- struct current_user user;
int num_sessions, snum;
const char *username;
const char *machine;
werr = WERR_ACCESS_DENIED;
- get_current_user(&user, p);
-
/* fail out now if you are not root or not a domain admin */
- if ((user.ut.uid != sec_initial_uid()) &&
- ( ! nt_token_check_domain_rid(p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS))) {
+ if ((p->server_info->utok.uid != sec_initial_uid()) &&
+ ( ! nt_token_check_domain_rid(p->server_info->ptok,
+ DOMAIN_GROUP_RID_ADMINS))) {
goto done;
}
NTSTATUS ntstat;
- if (user.ut.uid != sec_initial_uid()) {
+ if (p->server_info->utok.uid != sec_initial_uid()) {
not_root = True;
become_root();
}
WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
struct srvsvc_NetShareSetInfo *r)
{
- struct current_user user;
char *command = NULL;
char *share_name = NULL;
char *comment = NULL;
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- get_current_user(&user,p);
-
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
/* fail out now if you are not root and not a disk op */
- if ( user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if ( p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
switch (r->in.level) {
WERROR _srvsvc_NetShareAdd(pipes_struct *p,
struct srvsvc_NetShareAdd *r)
{
- struct current_user user;
char *command = NULL;
char *share_name = NULL;
char *comment = NULL;
DEBUG(5,("_srvsvc_NetShareAdd: %d\n", __LINE__));
- *r->out.parm_error = 0;
-
- get_current_user(&user,p);
+ if (r->out.parm_error) {
+ *r->out.parm_error = 0;
+ }
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
- if (user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
if (!lp_add_share_cmd() || !*lp_add_share_cmd()) {
/* Share already exists. */
if (snum >= 0) {
- return WERR_ALREADY_EXISTS;
+ return WERR_FILE_EXISTS;
}
/* We can only add disk shares. */
WERROR _srvsvc_NetShareDel(pipes_struct *p,
struct srvsvc_NetShareDel *r)
{
- struct current_user user;
char *command = NULL;
char *share_name = NULL;
int ret;
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- get_current_user(&user,p);
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
-
- if (user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) {
{
SEC_DESC *psd = NULL;
size_t sd_size;
- DATA_BLOB null_pw;
- char *filename_in = NULL;
- char *filename = NULL;
- char *qualname = NULL;
+ fstring servicename;
SMB_STRUCT_STAT st;
NTSTATUS nt_status;
WERROR werr;
- struct current_user user;
connection_struct *conn = NULL;
- bool became_user = False;
- TALLOC_CTX *ctx = p->mem_ctx;
- struct sec_desc_buf *sd_buf;
+ struct sec_desc_buf *sd_buf = NULL;
+ files_struct *fsp = NULL;
+ int snum;
+ char *oldcwd = NULL;
ZERO_STRUCT(st);
- werr = WERR_OK;
+ fstrcpy(servicename, r->in.share);
- qualname = talloc_strdup(ctx, r->in.share);
- if (!qualname) {
- werr = WERR_ACCESS_DENIED;
+ snum = find_service(servicename);
+ if (snum == -1) {
+ DEBUG(10, ("Could not find service %s\n", servicename));
+ werr = WERR_NET_NAME_NOT_FOUND;
goto error_exit;
}
- /* Null password is ok - we are already an authenticated user... */
- null_pw = data_blob_null;
-
- get_current_user(&user, p);
-
- become_root();
- conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
- unbecome_root();
-
- if (conn == NULL) {
- DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to connect to %s\n",
- qualname));
+ nt_status = create_conn_struct(talloc_tos(), &conn, snum,
+ lp_pathname(snum), p->server_info,
+ &oldcwd);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(10, ("create_conn_struct failed: %s\n",
+ nt_errstr(nt_status)));
werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- if (!become_user(conn, conn->vuid)) {
- DEBUG(0,("_srvsvc_NetGetFileSecurity: Can't become connected user!\n"));
- werr = WERR_ACCESS_DENIED;
- goto error_exit;
- }
- became_user = True;
-
- filename_in = talloc_strdup(ctx, r->in.file);
- if (!filename_in) {
- werr = WERR_ACCESS_DENIED;
- goto error_exit;
- }
-
- nt_status = unix_convert(ctx, conn, filename_in, False, &filename, NULL, &st);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetGetFileSecurity: bad pathname %s\n",
- filename));
- werr = WERR_ACCESS_DENIED;
- goto error_exit;
- }
+ nt_status = SMB_VFS_CREATE_FILE(
+ conn, /* conn */
+ NULL, /* req */
+ 0, /* root_dir_fid */
+ r->in.file, /* fname */
+ CFF_DOS_PATH, /* create_file_flags */
+ FILE_READ_ATTRIBUTES, /* access_mask */
+ FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */
+ FILE_OPEN, /* create_disposition*/
+ 0, /* create_options */
+ 0, /* file_attributes */
+ INTERNAL_OPEN_ONLY, /* oplock_request */
+ 0, /* allocation_size */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp, /* result */
+ NULL, /* pinfo */
+ NULL); /* psbuf */
- nt_status = check_name(conn, filename);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetGetFileSecurity: can't access %s\n",
- filename));
- werr = WERR_ACCESS_DENIED;
+ DEBUG(3,("_srvsvc_NetGetFileSecurity: can't open %s\n",
+ r->in.file));
+ werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- nt_status = SMB_VFS_GET_NT_ACL(conn, filename,
+ nt_status = SMB_VFS_FGET_NT_ACL(fsp,
(OWNER_SECURITY_INFORMATION
|GROUP_SECURITY_INFORMATION
|DACL_SECURITY_INFORMATION), &psd);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL for file %s\n",
- filename));
+ DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL "
+ "for file %s\n", r->in.file));
werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- sd_size = ndr_size_security_descriptor(psd, 0);
+ sd_size = ndr_size_security_descriptor(psd, NULL, 0);
- sd_buf = TALLOC_ZERO_P(ctx, struct sec_desc_buf);
+ sd_buf = TALLOC_ZERO_P(p->mem_ctx, struct sec_desc_buf);
if (!sd_buf) {
werr = WERR_NOMEM;
goto error_exit;
psd->dacl->revision = NT4_ACL_REVISION;
- unbecome_user();
- close_cnum(conn, user.vuid);
- return werr;
+ close_file(NULL, fsp, NORMAL_CLOSE);
+ vfs_ChDir(conn, oldcwd);
+ conn_free_internal(conn);
+ return WERR_OK;
error_exit:
- if (became_user)
- unbecome_user();
+ if (fsp) {
+ close_file(NULL, fsp, NORMAL_CLOSE);
+ }
- if (conn)
- close_cnum(conn, user.vuid);
+ if (oldcwd) {
+ vfs_ChDir(conn, oldcwd);
+ }
+
+ if (conn) {
+ conn_free_internal(conn);
+ }
return werr;
}
WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
struct srvsvc_NetSetFileSecurity *r)
{
- char *filename_in = NULL;
- char *filename = NULL;
- char *qualname = NULL;
- DATA_BLOB null_pw;
+ fstring servicename;
files_struct *fsp = NULL;
SMB_STRUCT_STAT st;
NTSTATUS nt_status;
WERROR werr;
- struct current_user user;
connection_struct *conn = NULL;
- bool became_user = False;
- TALLOC_CTX *ctx = p->mem_ctx;
+ int snum;
+ char *oldcwd = NULL;
+ struct security_descriptor *psd = NULL;
+ uint32_t security_info_sent = 0;
ZERO_STRUCT(st);
- werr = WERR_OK;
+ fstrcpy(servicename, r->in.share);
- qualname = talloc_strdup(ctx, r->in.share);
- if (!qualname) {
- werr = WERR_ACCESS_DENIED;
+ snum = find_service(servicename);
+ if (snum == -1) {
+ DEBUG(10, ("Could not find service %s\n", servicename));
+ werr = WERR_NET_NAME_NOT_FOUND;
goto error_exit;
}
- /* Null password is ok - we are already an authenticated user... */
- null_pw = data_blob_null;
-
- get_current_user(&user, p);
-
- become_root();
- conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
- unbecome_root();
-
- if (conn == NULL) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to connect to %s\n", qualname));
+ nt_status = create_conn_struct(talloc_tos(), &conn, snum,
+ lp_pathname(snum), p->server_info,
+ &oldcwd);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(10, ("create_conn_struct failed: %s\n",
+ nt_errstr(nt_status)));
werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- if (!become_user(conn, conn->vuid)) {
- DEBUG(0,("_srvsvc_NetSetFileSecurity: Can't become connected user!\n"));
- werr = WERR_ACCESS_DENIED;
- goto error_exit;
- }
- became_user = True;
+ nt_status = SMB_VFS_CREATE_FILE(
+ conn, /* conn */
+ NULL, /* req */
+ 0, /* root_dir_fid */
+ r->in.file, /* fname */
+ CFF_DOS_PATH, /* create_file_flags */
+ FILE_WRITE_ATTRIBUTES, /* access_mask */
+ FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */
+ FILE_OPEN, /* create_disposition*/
+ 0, /* create_options */
+ 0, /* file_attributes */
+ INTERNAL_OPEN_ONLY, /* oplock_request */
+ 0, /* allocation_size */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp, /* result */
+ NULL, /* pinfo */
+ NULL); /* psbuf */
- filename_in = talloc_strdup(ctx, r->in.file);
- if (!filename_in) {
- werr = WERR_ACCESS_DENIED;
- goto error_exit;
- }
-
- nt_status = unix_convert(ctx, conn, filename, False, &filename, NULL, &st);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: bad pathname %s\n", filename));
- werr = WERR_ACCESS_DENIED;
- goto error_exit;
- }
-
- nt_status = check_name(conn, filename);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: can't access %s\n", filename));
- werr = WERR_ACCESS_DENIED;
+ DEBUG(3,("_srvsvc_NetSetFileSecurity: can't open %s\n",
+ r->in.file));
+ werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- nt_status = open_file_stat(conn, NULL, filename, &st, &fsp);
-
- if ( !NT_STATUS_IS_OK(nt_status) ) {
- /* Perhaps it is a directory */
- if (NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_IS_A_DIRECTORY))
- nt_status = open_directory(conn, NULL, filename, &st,
- FILE_READ_ATTRIBUTES,
- FILE_SHARE_READ|FILE_SHARE_WRITE,
- FILE_OPEN,
- 0,
- FILE_ATTRIBUTE_DIRECTORY,
- NULL, &fsp);
+ psd = r->in.sd_buf->sd;
+ security_info_sent = r->in.securityinformation;
- if ( !NT_STATUS_IS_OK(nt_status) ) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to open file %s\n", filename));
- werr = ntstatus_to_werror(nt_status);
- goto error_exit;
- }
+ if (psd->owner_sid==0) {
+ security_info_sent &= ~OWNER_SECURITY_INFORMATION;
+ }
+ if (psd->group_sid==0) {
+ security_info_sent &= ~GROUP_SECURITY_INFORMATION;
}
+ if (psd->sacl==0) {
+ security_info_sent &= ~SACL_SECURITY_INFORMATION;
+ }
+ if (psd->dacl==0) {
+ security_info_sent &= ~DACL_SECURITY_INFORMATION;
+ }
+
+ /* Convert all the generic bits. */
+ security_acl_map_generic(psd->dacl, &file_generic_mapping);
+ security_acl_map_generic(psd->sacl, &file_generic_mapping);
- nt_status = SMB_VFS_SET_NT_ACL(fsp, fsp->fsp_name,
- r->in.securityinformation,
- r->in.sd_buf->sd);
+ nt_status = SMB_VFS_FSET_NT_ACL(fsp,
+ security_info_sent,
+ psd);
if (!NT_STATUS_IS_OK(nt_status) ) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to set NT ACL on file %s\n", filename));
+ DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to set NT ACL "
+ "on file %s\n", r->in.share));
werr = WERR_ACCESS_DENIED;
goto error_exit;
}
- close_file(fsp, NORMAL_CLOSE);
- unbecome_user();
- close_cnum(conn, user.vuid);
- return werr;
+ close_file(NULL, fsp, NORMAL_CLOSE);
+ vfs_ChDir(conn, oldcwd);
+ conn_free_internal(conn);
+ return WERR_OK;
error_exit:
- if(fsp) {
- close_file(fsp, NORMAL_CLOSE);
+ if (fsp) {
+ close_file(NULL, fsp, NORMAL_CLOSE);
}
- if (became_user) {
- unbecome_user();
+ if (oldcwd) {
+ vfs_ChDir(conn, oldcwd);
}
if (conn) {
- close_cnum(conn, user.vuid);
+ conn_free_internal(conn);
}
return werr;
return WERR_OK;
}
+/*******************************************************************
+********************************************************************/
+
+static void enum_file_close_fn( const struct share_mode_entry *e,
+ const char *sharepath, const char *fname,
+ void *private_data )
+{
+ char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
+ struct srvsvc_NetFileClose *r =
+ (struct srvsvc_NetFileClose *)private_data;
+ uint32_t fid = (((uint32_t)(procid_to_pid(&e->pid))<<16) | e->share_file_id);
+
+ if (fid != r->in.fid) {
+ return; /* Not this file. */
+ }
+
+ if (!process_exists(e->pid) ) {
+ return;
+ }
+
+ /* Ok - send the close message. */
+ DEBUG(10,("enum_file_close_fn: request to close file %s, %s\n",
+ sharepath,
+ share_mode_str(talloc_tos(), 0, e) ));
+
+ share_mode_entry_to_message(msg, e);
+
+ r->out.result = ntstatus_to_werror(
+ messaging_send_buf(smbd_messaging_context(),
+ e->pid, MSG_SMB_CLOSE_FILE,
+ (uint8 *)msg,
+ MSG_SMB_SHARE_MODE_ENTRY_SIZE));
+}
+
/********************************************************************
+ Close a file given a 32-bit file id.
********************************************************************/
WERROR _srvsvc_NetFileClose(pipes_struct *p, struct srvsvc_NetFileClose *r)
{
- return WERR_ACCESS_DENIED;
-}
+ SE_PRIV se_diskop = SE_DISK_OPERATOR;
+ bool is_disk_op;
+ DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__));
+
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
+
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) {
+ return WERR_ACCESS_DENIED;
+ }
+
+ /* enum_file_close_fn sends the close message to
+ * the relevent smbd process. */
+
+ r->out.result = WERR_BADFILE;
+ share_mode_forall( enum_file_close_fn, (void *)r);
+ return r->out.result;
+}
/********************************************************************
********************************************************************/