remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
+ p->server_info->utok.uid, get_current_username(),
"", remark);
}
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
+ p->server_info->utok.uid, get_current_username(),
"", remark);
}
path = talloc_asprintf(p->mem_ctx,
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
+ p->server_info->utok.uid, get_current_username(),
"", remark);
}
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
+ p->server_info->utok.uid, get_current_username(),
"", remark);
}
path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum));
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
+ p->server_info->utok.uid, get_current_username(),
"", remark);
}
return (net_name[strlen(net_name) - 1] == '$') ? True : False;
}
+/*******************************************************************
+ Verify user is allowed to view share, access based enumeration
+********************************************************************/
+static bool is_enumeration_allowed(pipes_struct *p,
+ int snum)
+{
+ if (!lp_access_based_share_enum(snum))
+ return true;
+
+ return share_access_check(p->server_info->ptok, lp_servicename(snum),
+ FILE_READ_DATA);
+}
+
/*******************************************************************
Fill in a share info structure.
********************************************************************/
TALLOC_CTX *ctx = p->mem_ctx;
int i = 0;
int valid_share_count = 0;
+ bool *allowed = 0;
union srvsvc_NetShareCtr ctr;
uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
num_services = lp_numservices();
unbecome_root();
- /* Count the number of entries. */
- for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
- DEBUG(10, ("counting service %s\n", lp_servicename(snum)));
- num_entries++;
- } else {
- DEBUG(10, ("NOT counting service %s\n", lp_servicename(snum)));
- }
- }
+ allowed = TALLOC_ZERO_ARRAY(ctx, bool, num_services);
+ W_ERROR_HAVE_NO_MEMORY(allowed);
+
+ /* Count the number of entries. */
+ for (snum = 0; snum < num_services; snum++) {
+ if (lp_browseable(snum) && lp_snum_ok(snum) &&
+ is_enumeration_allowed(p, snum) &&
+ (all_shares || !is_hidden_share(snum)) ) {
+ DEBUG(10, ("counting service %s\n", lp_servicename(snum)));
+ allowed[snum] = true;
+ num_entries++;
+ } else {
+ DEBUG(10, ("NOT counting service %s\n", lp_servicename(snum)));
+ }
+ }
if (!num_entries || (resume_handle >= num_entries)) {
return WERR_OK;
W_ERROR_HAVE_NO_MEMORY(ctr.ctr0->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_0(p, &ctr.ctr0->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1(p, &ctr.ctr1->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr2->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_2(p, &ctr.ctr2->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr501->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_501(p, &ctr.ctr501->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr502->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_502(p, &ctr.ctr502->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1004->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1004(p, &ctr.ctr1004->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1005->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1005(p, &ctr.ctr1005->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1006->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1006(p, &ctr.ctr1006->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1007->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1007(p, &ctr.ctr1007->array[i++], snum);
}
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1501->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1501(p, &ctr.ctr1501->array[i++], snum);
}
struct srvsvc_NetSessDel *r)
{
struct sessionid *session_list;
- struct current_user user;
int num_sessions, snum;
const char *username;
const char *machine;
werr = WERR_ACCESS_DENIED;
- get_current_user(&user, p);
-
/* fail out now if you are not root or not a domain admin */
- if ((user.ut.uid != sec_initial_uid()) &&
- ( ! nt_token_check_domain_rid(p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS))) {
+ if ((p->server_info->utok.uid != sec_initial_uid()) &&
+ ( ! nt_token_check_domain_rid(p->server_info->ptok,
+ DOMAIN_GROUP_RID_ADMINS))) {
goto done;
}
NTSTATUS ntstat;
- if (user.ut.uid != sec_initial_uid()) {
+ if (p->server_info->utok.uid != sec_initial_uid()) {
not_root = True;
become_root();
}
WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
struct srvsvc_NetShareSetInfo *r)
{
- struct current_user user;
char *command = NULL;
char *share_name = NULL;
char *comment = NULL;
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- get_current_user(&user,p);
-
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
/* fail out now if you are not root and not a disk op */
- if ( user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if ( p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
switch (r->in.level) {
WERROR _srvsvc_NetShareAdd(pipes_struct *p,
struct srvsvc_NetShareAdd *r)
{
- struct current_user user;
char *command = NULL;
char *share_name = NULL;
char *comment = NULL;
*r->out.parm_error = 0;
}
- get_current_user(&user,p);
-
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
- if (user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
if (!lp_add_share_cmd() || !*lp_add_share_cmd()) {
WERROR _srvsvc_NetShareDel(pipes_struct *p,
struct srvsvc_NetShareDel *r)
{
- struct current_user user;
char *command = NULL;
char *share_name = NULL;
int ret;
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- get_current_user(&user,p);
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
-
- if (user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) {
}
nt_status = create_conn_struct(talloc_tos(), &conn, snum,
- lp_pathname(snum), &oldcwd);
+ lp_pathname(snum), p->server_info,
+ &oldcwd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("create_conn_struct failed: %s\n",
nt_errstr(nt_status)));
goto error_exit;
}
- conn->server_info = p->server_info;
-
- nt_status = create_file(
+ nt_status = SMB_VFS_CREATE_FILE(
conn, /* conn */
NULL, /* req */
0, /* root_dir_fid */
r->in.file, /* fname */
+ CFF_DOS_PATH, /* create_file_flags */
FILE_READ_ATTRIBUTES, /* access_mask */
FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */
FILE_OPEN, /* create_disposition*/
}
nt_status = create_conn_struct(talloc_tos(), &conn, snum,
- lp_pathname(snum), &oldcwd);
+ lp_pathname(snum), p->server_info,
+ &oldcwd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("create_conn_struct failed: %s\n",
nt_errstr(nt_status)));
goto error_exit;
}
- conn->server_info = p->server_info;
-
- nt_status = create_file(
+ nt_status = SMB_VFS_CREATE_FILE(
conn, /* conn */
NULL, /* req */
0, /* root_dir_fid */
r->in.file, /* fname */
+ CFF_DOS_PATH, /* create_file_flags */
FILE_WRITE_ATTRIBUTES, /* access_mask */
FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */
FILE_OPEN, /* create_disposition*/
WERROR _srvsvc_NetFileClose(pipes_struct *p, struct srvsvc_NetFileClose *r)
{
- struct current_user user;
SE_PRIV se_diskop = SE_DISK_OPERATOR;
bool is_disk_op;
DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__));
- get_current_user(&user,p);
-
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
- if (user.ut.uid != sec_initial_uid() && !is_disk_op) {
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) {
return WERR_ACCESS_DENIED;
}
git.samba.org / abartlet / samba.git / .git / blobdiff