#include "lib/afs/afs_funcs.h"
#include "lib/util_path.h"
-static bool canonicalize_connect_path(connection_struct *conn)
+bool canonicalize_connect_path(connection_struct *conn)
{
bool ret;
struct smb_filename con_fname = { .base_name = conn->connectpath };
conn->connectpath,
NULL,
NULL,
+ 0,
0);
if (conn->cwd_fsp->fsp_name == NULL) {
return false;
const struct smb_filename origpath_fname = {
.base_name = conn->origpath,
};
+ int saved_errno = 0;
+ char *utok_str = NULL;
int ret;
conn->lastused_count++;
ret = vfs_ChDir(conn, &connectpath_fname);
- if (ret != 0) {
- int saved_errno = errno;
-
- if (saved_errno == EACCES) {
- char *str = utok_string(
- talloc_tos(),
- conn->session_info->unix_token);
- DBG_WARNING("vfs_ChDir(%s) got "
- "permission denied, current "
- "token: %s\n",
- conn->connectpath, str);
- TALLOC_FREE(str);
- } else {
- DBG_ERR("vfs_ChDir(%s) failed: "
- "%s!\n",
- conn->connectpath,
- strerror(saved_errno));
- }
+ if (ret == 0) {
+ return true;
+ }
+ saved_errno = errno;
+
+ utok_str = utok_string(talloc_tos(),
+ conn->session_info->unix_token);
+ if (utok_str == NULL) {
+ errno = saved_errno;
return false;
}
+ DBG_ERR("vfs_ChDir(%s) failed: %s. Current token: %s\n",
+ conn->connectpath,
+ strerror(saved_errno),
+ utok_str);
+
ret = vfs_ChDir(conn, &origpath_fname);
- if (ret != 0) {
- int saved_errno = errno;
-
- if (saved_errno == EACCES) {
- char *str = utok_string(
- talloc_tos(),
- conn->session_info->unix_token);
- DBG_WARNING("vfs_ChDir(%s) got "
- "permission denied, current "
- "token: %s\n",
- conn->origpath, str);
- TALLOC_FREE(str);
- } else {
- DBG_ERR("vfs_ChDir(%s) failed: "
- "%s!\n",
- conn->origpath,
- strerror(saved_errno));
- }
- return false;
+ if (ret == 0) {
+ TALLOC_FREE(utok_str);
+ return true;
}
+ saved_errno = errno;
- return true;
+ DBG_ERR("vfs_ChDir(%s) failed: %s. Current token: %s\n",
+ conn->origpath,
+ strerror(saved_errno),
+ utok_str);
+
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
+ return false;
}
/****************************************************************************
static NTSTATUS make_connection_snum(struct smbXsrv_connection *xconn,
connection_struct *conn,
- int snum, struct user_struct *vuser,
+ int snum,
+ struct smbXsrv_session *session,
const char *pdev)
{
struct smbd_server_connection *sconn = xconn->client->sconn;
uid_t effuid;
gid_t effgid;
NTSTATUS status;
+ bool ok;
fstrcpy(dev, pdev);
conn->params->service = snum;
status = create_connection_session_info(sconn,
- conn, snum, vuser->session_info,
+ conn, snum, session->global->auth_session_info,
&conn->session_info);
if (!NT_STATUS_IS_OK(status)) {
goto err_root_exit;
}
- conn->vuid = vuser->vuid;
+ conn->vuid = session->global->session_wire_id;
{
char *s = talloc_sub_full(talloc_tos(),
*/
status = check_user_share_access(conn,
- vuser->session_info,
+ session->global->auth_session_info,
&conn->share_access,
&conn->read_only);
if (!NT_STATUS_IS_OK(status)) {
/* ROOT Activites: */
/*
- * If widelinks are disallowed we need to canonicalise the connect
+ * Canonicalise the connect
* path here to ensure we don't have any symlinks in the
* connectpath. We will be checking all paths on this connection are
* below this directory. We must do this after the VFS init as we
* depend on the realpath() pointer in the vfs table. JRA.
*/
- if (!lp_widelinks(snum)) {
- if (!canonicalize_connect_path(conn)) {
- DBG_ERR("canonicalize_connect_path failed "
- "for service %s, path %s\n",
- lp_const_servicename(snum),
- conn->connectpath);
- status = NT_STATUS_BAD_NETWORK_NAME;
- goto err_root_exit;
- }
+ ok = canonicalize_connect_path(conn);
+ if (!ok) {
+ DBG_ERR("canonicalize_connect_path failed "
+ "for service %s, path %s\n",
+ lp_const_servicename(snum),
+ conn->connectpath);
+ status = NT_STATUS_BAD_NETWORK_NAME;
+ goto err_root_exit;
}
/* Add veto/hide lists */
conn->connectpath,
NULL,
NULL,
+ 0,
0);
if (smb_fname_cpath == NULL) {
status = NT_STATUS_NO_MEMORY;
static connection_struct *make_connection_smb1(struct smb_request *req,
NTTIME now,
- int snum, struct user_struct *vuser,
+ int snum,
const char *pdev,
NTSTATUS *pstatus)
{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
struct smbXsrv_tcon *tcon;
NTSTATUS status;
struct connection_struct *conn;
*pstatus = make_connection_snum(req->xconn,
conn,
snum,
- vuser,
+ req->session,
pdev);
if (!NT_STATUS_IS_OK(*pstatus)) {
conn_free(conn);
return NULL;
}
- tcon->global->share_name = lp_servicename(tcon->global, SNUM(conn));
+ tcon->global->share_name = lp_servicename(tcon->global, lp_sub, SNUM(conn));
if (tcon->global->share_name == NULL) {
conn_free(conn);
TALLOC_FREE(tcon);
return NULL;
}
tcon->global->session_global_id =
- vuser->session->global->session_global_id;
+ req->session->global->session_global_id;
tcon->compat = talloc_move(tcon, &conn);
tcon->status = NT_STATUS_OK;
connection_struct *make_connection_smb2(struct smbd_smb2_request *req,
struct smbXsrv_tcon *tcon,
int snum,
- struct user_struct *vuser,
const char *pdev,
NTSTATUS *pstatus)
{
*pstatus = make_connection_snum(req->xconn,
conn,
snum,
- vuser,
+ req->session,
pdev);
if (!NT_STATUS_IS_OK(*pstatus)) {
conn_free(conn);
NTSTATUS *status)
{
struct smbd_server_connection *sconn = req->sconn;
+ struct smbXsrv_session *session = req->session;
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
uid_t euid;
- struct user_struct *vuser = NULL;
char *service = NULL;
fstring dev;
int snum = -1;
return NULL;
}
- vuser = get_valid_user_struct(sconn, vuid);
- if (!vuser) {
+ if (session == NULL) {
DEBUG(1,("make_connection: refusing to connect with "
"no session setup\n"));
*status = NT_STATUS_ACCESS_DENIED;
without too many getpwnam() lookups. This is particulary nasty for
winbind usernames, where the share name isn't the same as unix
username.
-
- The snum of the homes share is stored on the vuser at session setup
- time.
*/
if (strequal(service_in,HOMES_NAME)) {
- if (vuser->homes_snum == -1) {
+ if (session->homes_snum == -1) {
DEBUG(2, ("[homes] share not available for "
"this user because it was not found "
"or created at session setup "
DEBUG(5, ("making a connection to [homes] service "
"created at session setup time\n"));
return make_connection_smb1(req, now,
- vuser->homes_snum,
- vuser,
+ session->homes_snum,
dev, status);
- } else if ((vuser->homes_snum != -1)
+ } else if ((session->homes_snum != -1)
&& strequal(service_in,
- lp_const_servicename(vuser->homes_snum))) {
+ lp_const_servicename(session->homes_snum))) {
DEBUG(5, ("making a connection to 'homes' service [%s] "
"created at session setup time\n", service_in));
return make_connection_smb1(req, now,
- vuser->homes_snum,
- vuser,
+ session->homes_snum,
dev, status);
}
DEBUG(5, ("making a connection to 'normal' service %s\n", service));
- return make_connection_smb1(req, now, snum, vuser,
+ return make_connection_smb1(req, now, snum,
dev, status);
}