MSDFS services for Samba
Copyright (C) Shirish Kalele 2000
Copyright (C) Jeremy Allison 2007
+ Copyright (C) Robin McCorkell 2015
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
}
/* Is this really our servicename ? */
- if (conn && !( strequal(servicename, lp_servicename(SNUM(conn)))
+ if (conn && !( strequal(servicename, lp_servicename(talloc_tos(), SNUM(conn)))
|| (strequal(servicename, HOMES_NAME)
- && strequal(lp_servicename(SNUM(conn)),
+ && strequal(lp_servicename(talloc_tos(), SNUM(conn)),
get_current_username()) )) ) {
DEBUG(10,("parse_dfs_path: %s is not our servicename\n",
servicename));
}
/********************************************************
- Fake up a connection struct for the VFS layer.
- Note: this performs a vfs connect and CHANGES CWD !!!! JRA.
+ Fake up a connection struct for the VFS layer, for use in
+ applications (such as the python bindings), that do not want the
+ global working directory changed under them.
+
+ SMB_VFS_CONNECT requires root privileges.
*********************************************************/
-NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
- struct smbd_server_connection *sconn,
- connection_struct **pconn,
- int snum,
- const char *path,
- const struct auth_session_info *session_info,
- char **poldcwd)
+static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg,
+ connection_struct **pconn,
+ int snum,
+ const char *path,
+ const struct auth_session_info *session_info)
{
connection_struct *conn;
char *connpath;
- char *oldcwd;
const char *vfs_user;
+ struct smbd_server_connection *sconn;
+ const char *servicename = lp_const_servicename(snum);
+
+ sconn = talloc_zero(ctx, struct smbd_server_connection);
+ if (sconn == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ sconn->ev_ctx = ev;
+ sconn->msg_ctx = msg;
- conn = talloc_zero(ctx, connection_struct);
+ conn = conn_new(sconn);
if (conn == NULL) {
+ TALLOC_FREE(sconn);
return NT_STATUS_NO_MEMORY;
}
+ /* Now we have conn, we need to make sconn a child of conn,
+ * for a proper talloc tree */
+ talloc_steal(conn, sconn);
+
+ if (snum == -1 && servicename == NULL) {
+ servicename = "Unknown Service (snum == -1)";
+ }
+
connpath = talloc_strdup(conn, path);
if (!connpath) {
TALLOC_FREE(conn);
return NT_STATUS_NO_MEMORY;
}
connpath = talloc_string_sub(conn,
- connpath,
- "%S",
- lp_servicename(snum));
+ connpath,
+ "%S",
+ servicename);
if (!connpath) {
TALLOC_FREE(conn);
return NT_STATUS_NO_MEMORY;
/* needed for smbd_vfs_init() */
- if (!(conn->params = talloc_zero(conn, struct share_params))) {
- DEBUG(0, ("TALLOC failed\n"));
- TALLOC_FREE(conn);
- return NT_STATUS_NO_MEMORY;
- }
-
conn->params->service = snum;
-
- conn->sconn = sconn;
- conn->sconn->num_tcons_open++;
+ conn->cnum = TID_FIELD_INVALID;
if (session_info != NULL) {
conn->session_info = copy_session_info(conn, session_info);
set_conn_connectpath(conn, connpath);
/*
- * New code to check if there's a share security descripter
+ * New code to check if there's a share security descriptor
* added from NT server manager. This is done after the
* smb.conf checks are done as we need a uid and token. JRA.
*
*/
if (conn->session_info) {
share_access_check(conn->session_info->security_token,
- lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS,
+ servicename,
+ MAXIMUM_ALLOWED_ACCESS,
&conn->share_access);
if ((conn->share_access & FILE_WRITE_DATA) == 0) {
if ((conn->share_access & FILE_READ_DATA) == 0) {
/* No access, read or write. */
- DEBUG(0,("create_conn_struct: connection to %s "
+ DEBUG(3,("create_conn_struct: connection to %s "
"denied due to security "
"descriptor.\n",
- lp_servicename(snum)));
+ servicename));
conn_free(conn);
return NT_STATUS_ACCESS_DENIED;
} else {
}
/* this must be the first filesystem operation that we do */
- if (SMB_VFS_CONNECT(conn, lp_servicename(snum), vfs_user) < 0) {
+ if (SMB_VFS_CONNECT(conn, servicename, vfs_user) < 0) {
DEBUG(0,("VFS connect failed!\n"));
conn_free(conn);
return NT_STATUS_UNSUCCESSFUL;
}
conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn, &conn->ts_res);
+ *pconn = conn;
+
+ return NT_STATUS_OK;
+}
+
+/********************************************************
+ Fake up a connection struct for the VFS layer, for use in
+ applications (such as the python bindings), that do not want the
+ global working directory changed under them.
+
+ SMB_VFS_CONNECT requires root privileges.
+*********************************************************/
+
+NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg,
+ connection_struct **pconn,
+ int snum,
+ const char *path,
+ const struct auth_session_info *session_info)
+{
+ NTSTATUS status;
+ become_root();
+ status = create_conn_struct_as_root(ctx, ev,
+ msg, pconn,
+ snum, path,
+ session_info);
+ unbecome_root();
+
+ return status;
+}
+
+/********************************************************
+ Fake up a connection struct for the VFS layer.
+ Note: this performs a vfs connect and CHANGES CWD !!!! JRA.
+
+ The old working directory is returned on *poldcwd, allocated on ctx.
+*********************************************************/
+
+NTSTATUS create_conn_struct_cwd(TALLOC_CTX *ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg,
+ connection_struct **pconn,
+ int snum,
+ const char *path,
+ const struct auth_session_info *session_info,
+ char **poldcwd)
+{
+ connection_struct *conn;
+ char *oldcwd;
+
+ NTSTATUS status = create_conn_struct(ctx, ev,
+ msg, &conn,
+ snum, path,
+ session_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
/*
* Windows seems to insist on doing trans2getdfsreferral() calls on
oldcwd = vfs_GetWd(ctx, conn);
if (oldcwd == NULL) {
- NTSTATUS status = map_nt_error_from_unix(errno);
+ status = map_nt_error_from_unix(errno);
DEBUG(3, ("vfs_GetWd failed: %s\n", strerror(errno)));
conn_free(conn);
return status;
}
if (vfs_ChDir(conn,conn->connectpath) != 0) {
- NTSTATUS status = map_nt_error_from_unix(errno);
+ status = map_nt_error_from_unix(errno);
DEBUG(3,("create_conn_struct: Can't ChDir to new conn path %s. "
"Error was %s\n",
conn->connectpath, strerror(errno) ));
return NT_STATUS_OK;
}
+static void shuffle_strlist(char **list, int count)
+{
+ int i;
+ uint32_t r;
+ char *tmp;
+
+ for (i = count; i > 1; i--) {
+ r = generate_random() % i;
+
+ tmp = list[i-1];
+ list[i-1] = list[r];
+ list[r] = tmp;
+ }
+}
+
/**********************************************************************
Parse the contents of a symlink to verify if it is an msdfs referral
A valid referral is of the form:
**********************************************************************/
static bool parse_msdfs_symlink(TALLOC_CTX *ctx,
+ int snum,
const char *target,
struct referral **preflist,
int *refcount)
count++;
}
+ /* shuffle alternate paths */
+ if (lp_msdfs_shuffle_referrals(snum)) {
+ shuffle_strlist(alt_path, count);
+ }
+
DEBUG(10,("parse_msdfs_symlink: count=%d\n", count));
if (count) {
return NT_STATUS_OK;
}
- if (!( strequal(pdp->servicename, lp_servicename(SNUM(conn)))
+ if (!( strequal(pdp->servicename, lp_servicename(talloc_tos(), SNUM(conn)))
|| (strequal(pdp->servicename, HOMES_NAME)
- && strequal(lp_servicename(SNUM(conn)),
+ && strequal(lp_servicename(talloc_tos(), SNUM(conn)),
conn->session_info->unix_info->sanitized_username) )) ) {
/* The given sharename doesn't match this connection. */
ref->alternate_path = talloc_strdup(ctx, dfs_path);
if (!ref->alternate_path) {
+ TALLOC_FREE(ref);
return NT_STATUS_NO_MEMORY;
}
ref->proximity = 0;
NTSTATUS get_referred_path(TALLOC_CTX *ctx,
const char *dfs_path,
- struct smbd_server_connection *sconn,
+ bool allow_broken_path,
struct junction_map *jucn,
int *consumedcntp,
bool *self_referralp)
*self_referralp = False;
- status = parse_dfs_path(NULL, dfs_path, False, !sconn->using_smb2,
+ status = parse_dfs_path(NULL, dfs_path, False, allow_broken_path,
pdp, &dummy);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
- if (!lp_msdfs_root(snum) && (*lp_msdfs_proxy(snum) == '\0')) {
+ if (!lp_msdfs_root(snum) && (*lp_msdfs_proxy(talloc_tos(), snum) == '\0')) {
DEBUG(3,("get_referred_path: |%s| in dfs path %s is not "
"a dfs root.\n",
pdp->servicename, dfs_path));
if (pdp->reqpath[0] == '\0') {
char *tmp;
struct referral *ref;
+ int refcount;
- if (*lp_msdfs_proxy(snum) == '\0') {
+ if (*lp_msdfs_proxy(talloc_tos(), snum) == '\0') {
TALLOC_FREE(pdp);
return self_ref(ctx,
dfs_path,
* the configured target share.
*/
- jucn->referral_count = 1;
- if ((ref = talloc_zero(ctx, struct referral)) == NULL) {
+ tmp = talloc_asprintf(talloc_tos(), "msdfs:%s",
+ lp_msdfs_proxy(talloc_tos(), snum));
+ if (tmp == NULL) {
TALLOC_FREE(pdp);
return NT_STATUS_NO_MEMORY;
}
- if (!(tmp = talloc_strdup(ctx, lp_msdfs_proxy(snum)))) {
+ if (!parse_msdfs_symlink(ctx, snum, tmp, &ref, &refcount)) {
+ TALLOC_FREE(tmp);
TALLOC_FREE(pdp);
- return NT_STATUS_NO_MEMORY;
+ return NT_STATUS_INVALID_PARAMETER;
}
-
- trim_string(tmp, "\\", 0);
-
- ref->alternate_path = talloc_asprintf(ctx, "\\%s", tmp);
TALLOC_FREE(tmp);
-
- if (!ref->alternate_path) {
- TALLOC_FREE(pdp);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (pdp->reqpath[0] != '\0') {
- ref->alternate_path = talloc_asprintf_append(
- ref->alternate_path,
- "%s",
- pdp->reqpath);
- if (!ref->alternate_path) {
- TALLOC_FREE(pdp);
- return NT_STATUS_NO_MEMORY;
- }
- }
- ref->proximity = 0;
- ref->ttl = REFERRAL_TTL;
+ jucn->referral_count = refcount;
jucn->referral_list = ref;
*consumedcntp = strlen(dfs_path);
TALLOC_FREE(pdp);
return NT_STATUS_OK;
}
- status = create_conn_struct(ctx, sconn, &conn, snum,
- lp_pathname(snum), NULL, &oldpath);
+ status = create_conn_struct_cwd(ctx,
+ server_event_context(),
+ server_messaging_context(),
+ &conn, snum,
+ lp_path(talloc_tos(), snum), NULL, &oldpath);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(pdp);
return status;
if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
DEBUG(3,("get_referred_path: No valid referrals for path %s\n",
dfs_path));
+ if (NT_STATUS_IS_OK(status)) {
+ /*
+ * We are in an error path here (we
+ * know it's not a DFS path), but
+ * dfs_path_lookup() can return
+ * NT_STATUS_OK. Ensure we always
+ * return a valid error code.
+ *
+ * #9588 - ACLs are not inherited to directories
+ * for DFS shares.
+ */
+ status = NT_STATUS_NOT_FOUND;
+ }
goto err_exit;
}
/* We know this is a valid dfs link. Parse the targetpath. */
- if (!parse_msdfs_symlink(ctx, targetpath,
+ if (!parse_msdfs_symlink(ctx, snum, targetpath,
&jucn->referral_list,
&jucn->referral_count)) {
DEBUG(3,("get_referred_path: failed to parse symlink "
jucn->service_name = talloc_strdup(ctx, pdp->servicename);
jucn->volume_name = talloc_strdup(ctx, pdp->reqpath);
- jucn->comment = talloc_strdup(ctx, lp_comment(snum));
+ jucn->comment = lp_comment(ctx, snum);
TALLOC_FREE(pdp);
if (!jucn->service_name || !jucn->volume_name || ! jucn->comment) {
if(snum < 0) {
return False;
}
- status = create_conn_struct(talloc_tos(), smbd_server_conn, conn_out,
- snum, lp_pathname(snum), NULL, oldpath);
+ status = create_conn_struct_cwd(talloc_tos(),
+ server_event_context(),
+ server_messaging_context(),
+ conn_out,
+ snum, lp_path(talloc_tos(), snum), NULL, oldpath);
if (!NT_STATUS_IS_OK(status)) {
return False;
}
*pp_path_out = talloc_asprintf(*conn_out,
"%s/%s",
- lp_pathname(snum),
+ lp_path(talloc_tos(), snum),
jucn->volume_name);
if (!*pp_path_out) {
vfs_ChDir(*conn_out, *oldpath);
if(SMB_VFS_SYMLINK(conn, msdfs_link, path) < 0) {
if (errno == EEXIST) {
- struct smb_filename *smb_fname = NULL;
- NTSTATUS status;
-
- status = create_synthetic_smb_fname(talloc_tos(), path,
- NULL, NULL,
- &smb_fname);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
+ struct smb_filename *smb_fname;
+
+ smb_fname = synthetic_smb_fname(talloc_tos(), path,
+ NULL, NULL);
+ if (smb_fname == NULL) {
+ errno = ENOMEM;
goto out;
}
char *cwd;
connection_struct *conn;
bool ret = False;
- struct smb_filename *smb_fname = NULL;
- NTSTATUS status;
+ struct smb_filename *smb_fname;
if (!junction_to_local_path(jucn, &path, &conn, &cwd)) {
return false;
}
- status = create_synthetic_smb_fname(talloc_tos(), path,
- NULL, NULL,
- &smb_fname);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
+ smb_fname = synthetic_smb_fname(talloc_tos(), path, NULL, NULL);
+ if (smb_fname == NULL) {
+ errno = ENOMEM;
return false;
}
static int count_dfs_links(TALLOC_CTX *ctx, int snum)
{
size_t cnt = 0;
- SMB_STRUCT_DIR *dirp = NULL;
+ DIR *dirp = NULL;
const char *dname = NULL;
char *talloced = NULL;
- const char *connect_path = lp_pathname(snum);
- const char *msdfs_proxy = lp_msdfs_proxy(snum);
+ const char *connect_path = lp_path(talloc_tos(), snum);
+ const char *msdfs_proxy = lp_msdfs_proxy(talloc_tos(), snum);
connection_struct *conn;
NTSTATUS status;
char *cwd;
* Fake up a connection struct for the VFS layer.
*/
- status = create_conn_struct(talloc_tos(), smbd_server_conn, &conn,
- snum, connect_path, NULL, &cwd);
+ status = create_conn_struct_cwd(talloc_tos(),
+ server_event_context(),
+ server_messaging_context(),
+ &conn,
+ snum, connect_path, NULL, &cwd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("create_conn_struct failed: %s\n",
nt_errstr(status)));
size_t jn_remain)
{
size_t cnt = 0;
- SMB_STRUCT_DIR *dirp = NULL;
+ DIR *dirp = NULL;
const char *dname = NULL;
char *talloced = NULL;
- const char *connect_path = lp_pathname(snum);
- char *service_name = lp_servicename(snum);
- const char *msdfs_proxy = lp_msdfs_proxy(snum);
+ const char *connect_path = lp_path(talloc_tos(), snum);
+ char *service_name = lp_servicename(talloc_tos(), snum);
+ const char *msdfs_proxy = lp_msdfs_proxy(talloc_tos(), snum);
connection_struct *conn;
struct referral *ref = NULL;
char *cwd;
* Fake up a connection struct for the VFS layer.
*/
- status = create_conn_struct(ctx, smbd_server_conn, &conn, snum, connect_path, NULL,
- &cwd);
+ status = create_conn_struct_cwd(ctx,
+ server_event_context(),
+ server_messaging_context(),
+ &conn, snum, connect_path, NULL,
+ &cwd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("create_conn_struct failed: %s\n",
nt_errstr(status)));
conn,
dname, &link_target,
NULL)) {
- if (parse_msdfs_symlink(ctx,
+ if (parse_msdfs_symlink(ctx, snum,
link_target,
&jucn[cnt].referral_list,
&jucn[cnt].referral_count)) {
return cnt;
}
-struct junction_map *enum_msdfs_links(struct smbd_server_connection *sconn,
- TALLOC_CTX *ctx, size_t *p_num_jn)
+struct junction_map *enum_msdfs_links(TALLOC_CTX *ctx, size_t *p_num_jn)
{
struct junction_map *jn = NULL;
int i=0;
/* Ensure all the usershares are loaded. */
become_root();
load_registry_shares();
- sharecount = load_usershare_shares(sconn, conn_snum_used);
+ sharecount = load_usershare_shares(NULL, connections_snum_used);
unbecome_root();
for(i=0;i < sharecount;i++) {
bool dfs_pathnames,
const char *name_in,
bool allow_wcards,
+ bool allow_broken_path,
char **pp_name_out,
bool *ppath_contains_wcard)
{
conn,
name_in,
allow_wcards,
- !smbd_server_conn->using_smb2,
+ allow_broken_path,
pp_name_out,
&path_contains_wcard);