2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
5 Copyright (C) Jeremy Allison (jra@samba.org) 2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "system/passwd.h"
23 #include "system/filesys.h"
24 #include "utils/net.h"
25 #include "../libcli/security/security.h"
28 const char *us_errstr;
29 enum usershare_err us_err;
32 {N_("Malformed usershare file"), USERSHARE_MALFORMED_FILE},
33 {N_("Bad version number"), USERSHARE_BAD_VERSION},
34 {N_("Malformed path entry"), USERSHARE_MALFORMED_PATH},
35 {N_("Malformed comment entryfile"), USERSHARE_MALFORMED_COMMENT_DEF},
36 {N_("Malformed acl definition"), USERSHARE_MALFORMED_ACL_DEF},
37 {N_("Acl parse error"), USERSHARE_ACL_ERR},
38 {N_("Path not absolute"), USERSHARE_PATH_NOT_ABSOLUTE},
39 {N_("Path is denied"), USERSHARE_PATH_IS_DENIED},
40 {N_("Path not allowed"), USERSHARE_PATH_NOT_ALLOWED},
41 {N_("Path is not a directory"), USERSHARE_PATH_NOT_DIRECTORY},
42 {N_("System error"), USERSHARE_POSIX_ERR},
43 {N_("Malformed sharename definition"), USERSHARE_MALFORMED_SHARENAME_DEF},
44 {N_("Bad sharename (doesn't match filename)"), USERSHARE_BAD_SHARENAME},
45 {NULL,(enum usershare_err)-1}
48 static const char *get_us_error_code(enum usershare_err us_err)
53 while (us_errs[idx].us_errstr != NULL) {
54 if (us_errs[idx].us_err == us_err) {
55 return us_errs[idx].us_errstr;
60 result = talloc_asprintf(talloc_tos(), _("Usershare error code (0x%x)"),
61 (unsigned int)us_err);
62 SMB_ASSERT(result != NULL);
66 /* The help subsystem for the USERSHARE subcommand */
68 static int net_usershare_add_usage(struct net_context *c, int argc, const char **argv)
70 char chr = *lp_winbind_separator();
72 "net usershare add [-l|--long] <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>]\n"
73 "\tAdds the specified share name for this user.\n"
74 "\t<sharename> is the new share name.\n"
75 "\t<path> is the path on the filesystem to export.\n"
76 "\t<comment> is the optional comment for the new share.\n"
77 "\t<acl> is an optional share acl in the format \"DOMAIN%cname:X,DOMAIN%cname:X,....\"\n"
78 "\t<guest_ok=y> if present sets \"guest ok = yes\" on this usershare.\n"
79 "\t\t\"X\" represents a permission and can be any one of the characters f, r or d\n"
80 "\t\twhere \"f\" means full control, \"r\" means read-only, \"d\" means deny access.\n"
81 "\t\tname may be a domain user or group. For local users use the local server name "
82 "instead of \"DOMAIN\"\n"
83 "\t\tThe default acl is \"Everyone:r\" which allows everyone read-only access.\n"
84 "\tAdd -l or --long to print the info on the newly added share.\n"),
89 static int net_usershare_delete_usage(struct net_context *c, int argc, const char **argv)
92 "net usershare delete <sharename>\n"
93 "\tdeletes the specified share name for this user.\n"));
97 static int net_usershare_info_usage(struct net_context *c, int argc, const char **argv)
100 "net usershare info [-l|--long] [wildcard sharename]\n"
101 "\tPrints out the path, comment and acl elements of shares that match the wildcard.\n"
102 "\tBy default only gives info on shares owned by the current user\n"
103 "\tAdd -l or --long to apply this to all shares\n"
104 "\tOmit the sharename or use a wildcard of '*' to see all shares\n"));
108 static int net_usershare_list_usage(struct net_context *c, int argc, const char **argv)
111 "net usershare list [-l|--long] [wildcard sharename]\n"
112 "\tLists the names of all shares that match the wildcard.\n"
113 "\tBy default only lists shares owned by the current user\n"
114 "\tAdd -l or --long to apply this to all shares\n"
115 "\tOmit the sharename or use a wildcard of '*' to see all shares\n"));
119 int net_usershare_usage(struct net_context *c, int argc, const char **argv)
121 d_printf(_("net usershare add <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>] to "
122 "add or change a user defined share.\n"
123 "net usershare delete <sharename> to delete a user defined share.\n"
124 "net usershare info [-l|--long] [wildcard sharename] to print info about a user defined share.\n"
125 "net usershare list [-l|--long] [wildcard sharename] to list user defined shares.\n"
126 "net usershare help\n"
127 "\nType \"net usershare help <option>\" to get more information on that option\n\n"));
129 net_common_flags_usage(c, argc, argv);
133 /***************************************************************************
134 ***************************************************************************/
136 static char *get_basepath(TALLOC_CTX *ctx)
138 const struct loadparm_substitution *lp_sub =
139 loadparm_s3_global_substitution();
140 char *basepath = lp_usershare_path(ctx, lp_sub);
145 if ((basepath[0] != '\0') && (basepath[strlen(basepath)-1] == '/')) {
146 basepath[strlen(basepath)-1] = '\0';
151 /***************************************************************************
152 Delete a single userlevel share.
153 ***************************************************************************/
155 static int net_usershare_delete(struct net_context *c, int argc, const char **argv)
157 const struct loadparm_substitution *lp_sub =
158 loadparm_s3_global_substitution();
162 if (argc != 1 || c->display_usage) {
163 return net_usershare_delete_usage(c, argc, argv);
166 if ((sharename = strlower_talloc(talloc_tos(), argv[0])) == NULL) {
167 d_fprintf(stderr, _("strlower_talloc failed\n"));
171 if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
172 d_fprintf(stderr, _("net usershare delete: share name %s contains "
173 "invalid characters (any of %s)\n"),
174 sharename, INVALID_SHARENAME_CHARS);
175 TALLOC_FREE(sharename);
179 us_path = talloc_asprintf(talloc_tos(),
181 lp_usershare_path(talloc_tos(), lp_sub),
184 TALLOC_FREE(sharename);
188 if (unlink(us_path) != 0) {
189 d_fprintf(stderr, _("net usershare delete: unable to remove usershare %s. "
191 us_path, strerror(errno));
192 TALLOC_FREE(sharename);
195 TALLOC_FREE(sharename);
199 /***************************************************************************
200 Data structures to handle a list of usershare files.
201 ***************************************************************************/
204 struct file_list *next, *prev;
205 const char *pathname;
208 static struct file_list *flist;
210 /***************************************************************************
211 ***************************************************************************/
213 static int get_share_list(TALLOC_CTX *ctx, const char *wcard, bool only_ours)
217 uid_t myuid = geteuid();
218 struct file_list *fl = NULL;
219 char *basepath = get_basepath(ctx);
224 dp = opendir(basepath);
227 _("get_share_list: cannot open usershare directory %s. "
229 basepath, strerror(errno) );
233 while((de = readdir(dp)) != 0) {
234 SMB_STRUCT_STAT sbuf;
236 const char *n = de->d_name;
238 /* Ignore . and .. */
240 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
245 if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
247 _("get_share_list: ignoring bad share "
251 path = talloc_asprintf(ctx,
260 if (sys_lstat(path, &sbuf, false) != 0) {
262 _("get_share_list: can't lstat file %s. Error "
264 path, strerror(errno) );
268 if (!S_ISREG(sbuf.st_ex_mode)) {
270 _("get_share_list: file %s is not a regular "
271 "file. Ignoring.\n"),
276 if (only_ours && sbuf.st_ex_uid != myuid) {
280 if (!unix_wild_match(wcard, n)) {
284 /* (Finally) - add to list. */
285 fl = talloc(ctx, struct file_list);
290 fl->pathname = talloc_strdup(ctx, n);
296 DLIST_ADD(flist, fl);
303 enum us_priv_op { US_LIST_OP, US_INFO_OP};
305 struct us_priv_info {
308 struct net_context *c;
311 /***************************************************************************
312 Call a function for every share on the list.
313 ***************************************************************************/
315 static int process_share_list(int (*fn)(struct file_list *, void *), void *priv)
317 struct file_list *fl;
320 for (fl = flist; fl; fl = fl->next) {
321 ret = (*fn)(fl, priv);
327 /***************************************************************************
329 ***************************************************************************/
331 static int info_fn(struct file_list *fl, void *priv)
333 SMB_STRUCT_STAT sbuf;
335 struct us_priv_info *pi = (struct us_priv_info *)priv;
336 TALLOC_CTX *ctx = pi->ctx;
337 struct net_context *c = pi->c;
340 struct security_descriptor *psd = NULL;
342 char *sharepath = NULL;
343 char *comment = NULL;
344 char *cp_sharename = NULL;
348 enum usershare_err us_err;
349 bool guest_ok = false;
351 sep_str[0] = *lp_winbind_separator();
354 basepath = get_basepath(ctx);
358 basepath = talloc_asprintf_append(basepath,
366 fd = open(basepath, O_RDONLY|O_NOFOLLOW, 0);
368 fd = open(basepath, O_RDONLY, 0);
372 d_fprintf(stderr, _("info_fn: unable to open %s. %s\n"),
373 basepath, strerror(errno) );
378 if (sys_fstat(fd, &sbuf, false) != 0) {
380 _("info_fn: can't fstat file %s. Error was %s\n"),
381 basepath, strerror(errno) );
386 if (!S_ISREG(sbuf.st_ex_mode)) {
388 _("info_fn: file %s is not a regular file. Ignoring.\n"),
394 lines = fd_lines_load(fd, &numlines, 10240, NULL);
401 /* Ensure it's well formed. */
402 us_err = parse_usershare_file(ctx, &sbuf, fl->pathname, -1, lines, numlines,
411 if (us_err != USERSHARE_OK) {
413 _("info_fn: file %s is not a well formed usershare "
416 d_fprintf(stderr, _("info_fn: Error was %s.\n"),
417 get_us_error_code(us_err) );
421 acl_str = talloc_strdup(ctx, "usershare_acl=");
426 for (num_aces = 0; num_aces < psd->dacl->num_aces; num_aces++) {
431 ntstatus = net_lookup_name_from_sid(c, ctx,
432 &psd->dacl->aces[num_aces].trustee,
435 if (NT_STATUS_IS_OK(ntstatus)) {
436 if (domain && *domain) {
437 acl_str = talloc_asprintf_append(acl_str,
445 acl_str = talloc_asprintf_append(acl_str,
453 struct dom_sid_buf sidstr;
455 acl_str = talloc_asprintf_append(
459 &psd->dacl->aces[num_aces].trustee,
465 acl_str = talloc_asprintf_append(acl_str, ":");
470 if (psd->dacl->aces[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) {
471 acl_str = talloc_asprintf_append(acl_str, "D,");
476 if (psd->dacl->aces[num_aces].access_mask & GENERIC_ALL_ACCESS) {
477 acl_str = talloc_asprintf_append(acl_str, "F,");
479 acl_str = talloc_asprintf_append(acl_str, "R,");
487 /* NOTE: This is smb.conf-like output. Do not translate. */
488 if (pi->op == US_INFO_OP) {
489 d_printf("[%s]\n", cp_sharename );
490 d_printf("path=%s\n", sharepath );
491 d_printf("comment=%s\n", comment);
492 d_printf("%s\n", acl_str);
493 d_printf("guest_ok=%c\n\n", guest_ok ? 'y' : 'n');
494 } else if (pi->op == US_LIST_OP) {
495 d_printf("%s\n", cp_sharename);
501 /***************************************************************************
502 Print out info (internal detail) on userlevel shares.
503 ***************************************************************************/
505 static int net_usershare_info(struct net_context *c, int argc, const char **argv)
508 bool only_ours = true;
510 struct us_priv_info pi;
515 if (c->display_usage)
516 return net_usershare_info_usage(c, argc, argv);
518 if (c->opt_long_list_entries) {
526 fstrcpy(wcard, argv[0]);
529 return net_usershare_info_usage(c, argc, argv);
532 if (!strlower_m(wcard)) {
536 ctx = talloc_init("share_info");
537 ret = get_share_list(ctx, wcard, only_ours);
546 ret = process_share_list(info_fn, &pi);
551 /***************************************************************************
552 Count the current total number of usershares.
553 ***************************************************************************/
555 static int count_num_usershares(void)
559 int num_usershares = 0;
560 TALLOC_CTX *ctx = talloc_tos();
561 char *basepath = get_basepath(ctx);
567 dp = opendir(basepath);
570 _("count_num_usershares: cannot open usershare "
571 "directory %s. Error %s\n"),
572 basepath, strerror(errno) );
576 while((de = readdir(dp)) != 0) {
577 SMB_STRUCT_STAT sbuf;
579 const char *n = de->d_name;
581 /* Ignore . and .. */
583 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
588 if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
590 _("count_num_usershares: ignoring bad share "
594 path = talloc_asprintf(ctx,
603 if (sys_lstat(path, &sbuf, false) != 0) {
605 _("count_num_usershares: can't lstat file %s. "
607 path, strerror(errno) );
611 if (!S_ISREG(sbuf.st_ex_mode)) {
613 _("count_num_usershares: file %s is not a "
614 "regular file. Ignoring.\n"),
622 return num_usershares;
625 /***************************************************************************
626 Add a single userlevel share.
627 ***************************************************************************/
629 static int net_usershare_add(struct net_context *c, int argc, const char **argv)
631 TALLOC_CTX *ctx = talloc_stackframe();
632 SMB_STRUCT_STAT sbuf;
633 SMB_STRUCT_STAT lsbuf;
635 const char *cp_sharename;
639 const char *us_comment;
648 uid_t myeuid = geteuid();
649 bool guest_ok = false;
654 arg_acl = "S-1-1-0:R";
656 if (c->display_usage) {
658 return net_usershare_add_usage(c, argc, argv);
666 return net_usershare_add_usage(c, argc, argv);
668 cp_sharename = argv[0];
669 sharename = strlower_talloc(ctx, argv[0]);
673 cp_sharename = argv[0];
674 sharename = strlower_talloc(ctx, argv[0]);
676 us_comment = argv[2];
679 cp_sharename = argv[0];
680 sharename = strlower_talloc(ctx, argv[0]);
682 us_comment = argv[2];
686 cp_sharename = argv[0];
687 sharename = strlower_talloc(ctx, argv[0]);
689 us_comment = argv[2];
691 if (strlen(arg_acl) == 0) {
692 arg_acl = "S-1-1-0:R";
694 if (!strnequal(argv[4], "guest_ok=", 9)) {
696 return net_usershare_add_usage(c, argc, argv);
698 switch (argv[4][9]) {
709 return net_usershare_add_usage(c, argc, argv);
714 /* Ensure we're under the "usershare max shares" number. Advisory only. */
715 num_usershares = count_num_usershares();
716 if (num_usershares >= lp_usershare_max_shares()) {
718 _("net usershare add: maximum number of allowed "
719 "usershares (%d) reached\n"),
720 lp_usershare_max_shares() );
725 if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
726 d_fprintf(stderr, _("net usershare add: share name %s contains "
727 "invalid characters (any of %s)\n"),
728 sharename, INVALID_SHARENAME_CHARS);
733 /* Disallow shares the same as users. */
734 if (getpwnam(sharename)) {
736 _("net usershare add: share name %s is already a valid "
737 "system user name\n"),
743 /* Construct the full path for the usershare file. */
744 full_path = get_basepath(ctx);
749 full_path_tmp = talloc_asprintf(ctx,
752 if (!full_path_tmp) {
757 full_path = talloc_asprintf_append(full_path,
765 /* The path *must* be absolute. */
766 if (us_path[0] != '/') {
768 _("net usershare add: path %s is not an absolute "
775 /* Check the directory to be shared exists. */
776 if (sys_stat(us_path, &sbuf, false) != 0) {
778 _("net usershare add: cannot stat path %s to ensure "
779 "this is a directory. Error was %s\n"),
780 us_path, strerror(errno) );
785 if (!S_ISDIR(sbuf.st_ex_mode)) {
787 _("net usershare add: path %s is not a directory.\n"),
793 /* If we're not root, check if we're restricted to sharing out directories
796 if ((myeuid != 0) && lp_usershare_owner_only() && (myeuid != sbuf.st_ex_uid)) {
797 d_fprintf(stderr, _("net usershare add: cannot share path %s as "
798 "we are restricted to only sharing directories we own.\n"
799 "\tAsk the administrator to add the line \"usershare owner only = false\" \n"
800 "\tto the [global] section of the smb.conf to allow this.\n"),
806 /* No validation needed on comment. Now go through and validate the
807 acl string. Convert names to SID's as needed. Then run it through
808 parse_usershare_acl to ensure it's valid. */
810 /* Start off the string we'll append to. */
811 us_acl = talloc_strdup(ctx, "");
820 /* Add the number of ',' characters to get the number of aces. */
821 num_aces += count_chars(pacl,',');
823 for (i = 0; i < num_aces; i++) {
825 struct dom_sid_buf buf;
826 const char *pcolon = strchr_m(pacl, ':');
829 if (pcolon == NULL) {
831 _("net usershare add: malformed acl %s "
847 _("net usershare add: malformed acl %s "
848 "(access control must be 'r', 'f', "
855 if (pcolon[2] != ',' && pcolon[2] != '\0') {
857 _("net usershare add: malformed terminating "
858 "character for acl %s\n"),
865 if ((name = talloc_strndup(ctx, pacl, pcolon - pacl)) == NULL) {
866 d_fprintf(stderr, _("talloc_strndup failed\n"));
870 if (!string_to_sid(&sid, name)) {
871 /* Convert to a SID */
872 NTSTATUS ntstatus = net_lookup_sid_from_name(c, ctx, name, &sid);
873 if (!NT_STATUS_IS_OK(ntstatus)) {
875 _("net usershare add: cannot convert "
876 "name \"%s\" to a SID. %s."),
877 name, get_friendly_nt_error_msg(ntstatus) );
878 if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_CONNECTION_REFUSED)) {
880 _(" Maybe smbd is not running.\n"));
882 d_fprintf(stderr, "\n");
888 us_acl = talloc_asprintf_append(
891 dom_sid_str_buf(&sid, &buf),
894 /* Move to the next ACL entry. */
895 if (pcolon[2] == ',') {
900 /* Remove the last ',' */
901 us_acl[strlen(us_acl)-1] = '\0';
903 if (guest_ok && !lp_usershare_allow_guests()) {
904 d_fprintf(stderr, _("net usershare add: guest_ok=y requested "
905 "but the \"usershare allow guests\" parameter is not "
906 "enabled by this server.\n"));
911 /* Create a temporary filename for this share. */
912 mask = umask(S_IRWXO | S_IRWXG);
913 tmpfd = mkstemp(full_path_tmp);
918 _("net usershare add: cannot create tmp file %s\n"),
924 /* Ensure we opened the file we thought we did. */
925 if (sys_lstat(full_path_tmp, &lsbuf, false) != 0) {
927 _("net usershare add: cannot lstat tmp file %s\n"),
934 /* Check this is the same as the file we opened. */
935 if (sys_fstat(tmpfd, &sbuf, false) != 0) {
937 _("net usershare add: cannot fstat tmp file %s\n"),
944 if (!S_ISREG(sbuf.st_ex_mode) || sbuf.st_ex_dev != lsbuf.st_ex_dev || sbuf.st_ex_ino != lsbuf.st_ex_ino) {
946 _("net usershare add: tmp file %s is not a regular "
954 if (fchmod(tmpfd, 0644) == -1) {
956 _("net usershare add: failed to fchmod tmp file %s "
964 /* Create the in-memory image of the file. */
965 file_img = talloc_strdup(ctx, "#VERSION 2\npath=");
966 file_img = talloc_asprintf_append(file_img,
967 "%s\ncomment=%s\nusershare_acl=%s\n"
968 "guest_ok=%c\nsharename=%s\n",
972 guest_ok ? 'y' : 'n',
975 to_write = strlen(file_img);
977 if (write(tmpfd, file_img, to_write) != to_write) {
979 _("net usershare add: failed to write %u bytes to "
980 "file %s. Error was %s\n"),
981 (unsigned int)to_write, full_path_tmp, strerror(errno));
982 unlink(full_path_tmp);
988 /* Attempt to replace any existing share by this name. */
989 if (rename(full_path_tmp, full_path) != 0) {
990 unlink(full_path_tmp);
992 _("net usershare add: failed to add share %s. Error "
994 sharename, strerror(errno));
1002 if (c->opt_long_list_entries) {
1003 const char *my_argv[2];
1004 my_argv[0] = sharename;
1006 net_usershare_info(c, 1, my_argv);
1014 /***************************************************************************
1016 ***************************************************************************/
1018 static int list_fn(struct file_list *fl, void *priv)
1020 d_printf("%s\n", fl->pathname);
1025 /***************************************************************************
1026 List userlevel shares.
1027 ***************************************************************************/
1029 static int net_usershare_list(struct net_context *c, int argc,
1033 bool only_ours = true;
1035 struct us_priv_info pi;
1038 fstrcpy(wcard, "*");
1040 if (c->display_usage)
1041 return net_usershare_list_usage(c, argc, argv);
1043 if (c->opt_long_list_entries) {
1051 fstrcpy(wcard, argv[0]);
1054 return net_usershare_list_usage(c, argc, argv);
1057 if (!strlower_m(wcard)) {
1061 ctx = talloc_init("share_list");
1062 ret = get_share_list(ctx, wcard, only_ours);
1071 ret = process_share_list(info_fn, &pi);
1072 talloc_destroy(ctx);
1076 /***************************************************************************
1077 Entry-point for all the USERSHARE functions.
1078 ***************************************************************************/
1080 int net_usershare(struct net_context *c, int argc, const char **argv)
1082 const struct loadparm_substitution *lp_sub =
1083 loadparm_s3_global_substitution();
1086 struct functable func[] = {
1090 NET_TRANSPORT_LOCAL,
1091 N_("Add/modify user defined share"),
1092 N_("net usershare add\n"
1093 " Add/modify user defined share")
1097 net_usershare_delete,
1098 NET_TRANSPORT_LOCAL,
1099 N_("Delete user defined share"),
1100 N_("net usershare delete\n"
1101 " Delete user defined share")
1106 NET_TRANSPORT_LOCAL,
1107 N_("Display information about a user defined share"),
1108 N_("net usershare info\n"
1109 " Display information about a user defined share")
1114 NET_TRANSPORT_LOCAL,
1115 N_("List user defined shares"),
1116 N_("net usershare list\n"
1117 " List user defined shares")
1119 {NULL, NULL, 0, NULL, NULL}
1122 if (lp_usershare_max_shares() == 0) {
1124 _("net usershare: usershares are currently "
1129 dp = opendir(lp_usershare_path(talloc_tos(), lp_sub));
1133 _("net usershare: cannot open usershare directory %s. "
1135 lp_usershare_path(talloc_tos(), lp_sub), strerror(err) );
1136 if (err == EACCES) {
1138 _("You do not have permission to create a "
1139 "usershare. Ask your administrator to grant "
1140 "you permissions to create a share.\n"));
1141 } else if (err == ENOENT) {
1143 _("Please ask your system administrator to "
1144 "enable user sharing.\n"));
1150 return net_run_function(c, argc, argv, "net usershare", func);
git.samba.org / vlendec / samba-autobuild / .git / blob