r15341: Ok I give up, I've been beaten by bug reports. People

just don't get why "guest ok" is not allowed in usershares.
Added "usershare allow guests" bool parameter that allows
this, reved usershare file version to VERSION#2 which
allows this. Updated user tools.
This should now be (finally) finished and I'll add
the new parameter docs and a HOWTO.
Jeremy.
(This used to be commit cdc3aa9d07d568570f2117bea9f1a4d227b3a35d)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index b2ce9b7f4ffabeb29463008038dc7e48e809d05e..fc34c067c87cb8ed606d82bc45ff8c12e32e5b0b 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -309,6 +309,7 @@ typedef struct {
        BOOL bEnablePrivileges;
        BOOL bASUSupport;
        BOOL bUsershareOwnerOnly;
+       BOOL bUsershareAllowGuests;
        int restrict_anonymous;
        int name_cache_timeout;
        int client_signing;
@@ -1239,6 +1240,7 @@ static struct parm_struct parm_table[] = {
        {"root preexec close", P_BOOL, P_LOCAL, &sDefault.bRootpreexecClose, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE}, 
        {"root postexec", P_STRING, P_LOCAL, &sDefault.szRootPostExec, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT}, 
        {"available", P_BOOL, P_LOCAL, &sDefault.bAvailable, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT}, 
+       {"usershare allow guests", P_BOOL, P_GLOBAL, &Globals.bUsershareAllowGuests, NULL, NULL, FLAG_ADVANCED},
        {"usershare max shares", P_INTEGER, P_GLOBAL, &Globals.iUsershareMaxShares, NULL, NULL, FLAG_ADVANCED},
        {"usershare owner only", P_BOOL, P_GLOBAL, &Globals.bUsershareOwnerOnly, NULL, NULL, FLAG_ADVANCED}, 
        {"usershare path", P_STRING, P_GLOBAL, &Globals.szUsersharePath, NULL, NULL, FLAG_ADVANCED},
@@ -1670,6 +1672,8 @@ static void init_globals(BOOL first_time_only)
        Globals.iUsershareMaxShares = 0;
        /* By default disallow sharing of directories not owned by the sharer. */
        Globals.bUsershareOwnerOnly = True;
+       /* By default disallow guest access to usershares. */
+       Globals.bUsershareAllowGuests = False;
 }
 
 static TALLOC_CTX *lp_talloc;
@@ -1875,6 +1879,7 @@ FN_GLOBAL_LIST(lp_usershare_prefix_deny_list, &Globals.szUsersharePrefixDenyList
 
 FN_GLOBAL_LIST(lp_eventlog_list, &Globals.szEventLogs)
 
+FN_GLOBAL_BOOL(lp_usershare_allow_guests, &Globals.bUsershareAllowGuests)
 FN_GLOBAL_BOOL(lp_usershare_owner_only, &Globals.bUsershareOwnerOnly)
 FN_GLOBAL_BOOL(lp_disable_netbios, &Globals.bDisableNetbios)
 FN_GLOBAL_BOOL(lp_reset_on_zero_vc, &Globals.bResetOnZeroVC)
@@ -4318,29 +4323,40 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
                        int numlines,
                        pstring sharepath,
                        pstring comment,
-                       SEC_DESC **ppsd)
+                       SEC_DESC **ppsd,
+                       BOOL *pallow_guest)
 {
        const char **prefixallowlist = lp_usershare_prefix_allow_list();
        const char **prefixdenylist = lp_usershare_prefix_deny_list();
+       int us_vers;
        SMB_STRUCT_DIR *dp;
        SMB_STRUCT_STAT sbuf;
 
+       *pallow_guest = False;
+
        if (numlines < 4) {
                return USERSHARE_MALFORMED_FILE;
        }
 
-       if (!strequal(lines[0], "#VERSION 1")) {
+       if (strcmp(lines[0], "#VERSION 1") == 0) {
+               us_vers = 1;
+       } else if (strcmp(lines[0], "#VERSION 2") == 0) {
+               us_vers = 2;
+               if (numlines < 5) {
+                       return USERSHARE_MALFORMED_FILE;
+               }
+       } else {
                return USERSHARE_BAD_VERSION;
        }
 
-       if (!strnequal(lines[1], "path=", 5)) {
+       if (strncmp(lines[1], "path=", 5) != 0) {
                return USERSHARE_MALFORMED_PATH;
        }
 
        pstrcpy(sharepath, &lines[1][5]);
        trim_string(sharepath, " ", " ");
 
-       if (!strnequal(lines[2], "comment=", 8)) {
+       if (strncmp(lines[2], "comment=", 8) != 0) {
                return USERSHARE_MALFORMED_COMMENT_DEF;
        }
 
@@ -4348,7 +4364,7 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
        trim_string(comment, " ", " ");
        trim_char(comment, '"', '"');
 
-       if (!strnequal(lines[3], "usershare_acl=", 14)) {
+       if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
                return USERSHARE_MALFORMED_ACL_DEF;
        }
 
@@ -4356,7 +4372,16 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
                return USERSHARE_ACL_ERR;
        }
 
-       if (snum != -1 && strequal(sharepath, ServicePtrs[snum]->szPath)) {
+       if (us_vers == 2) {
+               if (strncmp(lines[4], "guest_ok=", 9) != 0) {
+                       return USERSHARE_MALFORMED_ACL_DEF;
+               }
+               if (lines[4][9] == 'y') {
+                       *pallow_guest = True;
+               }
+       }
+
+       if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->szPath) == 0)) {
                /* Path didn't change, no checks needed. */
                return USERSHARE_OK;
        }
@@ -4468,6 +4493,7 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
        int iService = -1;
        TALLOC_CTX *ctx = NULL;
        SEC_DESC *psd = NULL;
+       BOOL guest_ok = False;
 
        /* Ensure share name doesn't contain invalid characters. */
        if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
@@ -4561,7 +4587,9 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
                return 1;
        }
 
-       if (parse_usershare_file(ctx, &sbuf, service_name, iService, lines, numlines, sharepath, comment, &psd) != USERSHARE_OK) {
+       if (parse_usershare_file(ctx, &sbuf, service_name,
+                       iService, lines, numlines, sharepath,
+                       comment, &psd, &guest_ok) != USERSHARE_OK) {
                talloc_destroy(ctx);
                SAFE_FREE(lines);
                return -1;
@@ -4605,6 +4633,11 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
        /* Set the service as a valid usershare. */
        ServicePtrs[iService]->usershare = USERSHARE_VALID;
 
+       /* Set guest access. */
+       if (lp_usershare_allow_guests()) {
+               ServicePtrs[iService]->bGuest_ok = guest_ok;
+       }
+
        /* And note when it was loaded. */
        ServicePtrs[iService]->usershare_last_mod = sbuf.st_mtime;
        string_set(&ServicePtrs[iService]->szPath, sharepath);

diff --git a/source3/utils/net_usershare.c b/source3/utils/net_usershare.c
index 1a5c0777211d40a6dce0194f2c0268f0a4160095..1ee156c4ee0b8aa5d0165c6708c7d0470ebb5623 100644 (file)
--- a/source3/utils/net_usershare.c
+++ b/source3/utils/net_usershare.c
@@ -62,12 +62,13 @@ static int net_usershare_add_usage(int argc, const char **argv)
 {
        char c = *lp_winbind_separator();
        d_printf(
-               "net usershare add [-l|--long] <sharename> <path> [<comment>] [<acl>]\n"
+               "net usershare add [-l|--long] <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>]\n"
                "\tAdds the specified share name for this user.\n"
                "\t<sharename> is the new share name.\n"
                "\t<path> is the path on the filesystem to export.\n"
                "\t<comment> is the optional comment for the new share.\n"
                "\t<acl> is an optional share acl in the format \"DOMAIN%cname:X,DOMAIN%cname:X,....\"\n"
+               "\t<guest_ok=y> if present sets \"guest ok = yes\" on this usershare.\n"
                "\t\t\"X\" represents a permission and can be any one of the characters f, r or d\n"
                "\t\twhere \"f\" means full control, \"r\" means read-only, \"d\" means deny access.\n"
                "\t\tname may be a domain user or group. For local users use the local server name "
@@ -110,7 +111,8 @@ static int net_usershare_list_usage(int argc, const char **argv)
 
 int net_usershare_usage(int argc, const char **argv)
 {
-       d_printf("net usershare add <sharename> <path> [<comment>] [<acl>] to add or change a user defined share.\n"
+       d_printf("net usershare add <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>] to "
+                               "add or change a user defined share.\n"
                "net usershare delete <sharename> to delete a user defined share.\n"
                "net usershare info [-l|--long] [wildcard sharename] to print info about a user defined share.\n"
                "net usershare list [-l|--long] [wildcard sharename] to list user defined shares.\n"
@@ -300,6 +302,7 @@ static int info_fn(struct file_list *fl, void *priv)
        int num_aces;
        char sep_str[2];
        enum usershare_err us_err;
+       BOOL guest_ok = False;
 
        sep_str[0] = *lp_winbind_separator();
        sep_str[1] = '\0';
@@ -346,7 +349,8 @@ static int info_fn(struct file_list *fl, void *priv)
        us_err = parse_usershare_file(ctx, &sbuf, fl->pathname, -1, lines, numlines,
                                sharepath,
                                comment,
-                               &psd);
+                               &psd,
+                               &guest_ok);
 
        file_lines_free(lines);
 
@@ -400,7 +404,8 @@ static int info_fn(struct file_list *fl, void *priv)
                d_printf("[%s]\n", fl->pathname );
                d_printf("path=%s\n", sharepath );
                d_printf("comment=%s\n", comment);
-               d_printf("%s\n\n", acl_str);
+               d_printf("%s\n", acl_str);
+               d_printf("guest_ok=%c\n\n", guest_ok ? 'y' : 'n');
        } else if (pi->op == US_LIST_OP) {
                d_printf("%s\n", fl->pathname);
        }
@@ -475,6 +480,7 @@ static int net_usershare_add(int argc, const char **argv)
        const char *pacl;
        size_t to_write;
        uid_t myeuid = geteuid();
+       BOOL guest_ok = False;
 
        us_comment = "";
        arg_acl = "S-1-1-0:R";
@@ -499,6 +505,27 @@ static int net_usershare_add(int argc, const char **argv)
                        us_comment = argv[2];
                        arg_acl = argv[3];
                        break;
+               case 5:
+                       sharename = strdup_lower(argv[0]);
+                       us_path = argv[1];
+                       us_comment = argv[2];
+                       arg_acl = argv[3];
+                       if (!strnequal(argv[4], "guest_ok=", 9)) {
+                               return net_usershare_add_usage(argc, argv);
+                       }
+                       switch (argv[4][9]) {
+                               case 'y':
+                               case 'Y':
+                                       guest_ok = True;
+                                       break;
+                               case 'n':
+                               case 'N':
+                                       guest_ok = False;
+                                       break;
+                               default: 
+                                       return net_usershare_add_usage(argc, argv);
+                       }
+                       break;
        }
 
        if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
@@ -642,6 +669,15 @@ static int net_usershare_add(int argc, const char **argv)
        /* Remove the last ',' */
        us_acl[strlen(us_acl)-1] = '\0';
 
+       if (guest_ok && !lp_usershare_allow_guests()) {
+               d_fprintf(stderr, "net usershare add: guest_ok=y requested "
+                       "but the \"usershare allow guests\" parameter is not enabled "
+                       "by this server.\n");
+               talloc_destroy(ctx);
+               SAFE_FREE(sharename);
+               return -1;
+       }
+
        /* Create a temporary filename for this share. */
        tmpfd = smb_mkstemp(full_path_tmp);
 
@@ -688,9 +724,9 @@ static int net_usershare_add(int argc, const char **argv)
        }
 
        /* Create the in-memory image of the file. */
-       file_img = talloc_strdup(ctx, "#VERSION 1\npath=");
-       file_img = talloc_asprintf_append(file_img, "%s\ncomment=%s\nusershare_acl=%s\n",
-                       us_path, us_comment, us_acl );
+       file_img = talloc_strdup(ctx, "#VERSION 2\npath=");
+       file_img = talloc_asprintf_append(file_img, "%s\ncomment=%s\nusershare_acl=%s\nguest_ok=%c\n",
+                       us_path, us_comment, us_acl, guest_ok ? 'y' : 'n');
 
        to_write = strlen(file_img);