Use sec_initial_uid() in the places where being root doesn't matter,
[samba.git] / source3 / smbd / service.c
1 /* 
2    Unix SMB/CIFS implementation.
3    service (connection) opening and closing
4    Copyright (C) Andrew Tridgell 1992-1998
5    
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10    
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15    
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "smbd/globals.h"
22
23 extern userdom_struct current_user_info;
24
25 static bool canonicalize_connect_path(connection_struct *conn)
26 {
27 #ifdef REALPATH_TAKES_NULL
28         bool ret;
29         char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath,NULL);
30         if (!resolved_name) {
31                 return false;
32         }
33         ret = set_conn_connectpath(conn,resolved_name);
34         SAFE_FREE(resolved_name);
35         return ret;
36 #else
37         char resolved_name_buf[PATH_MAX+1];
38         char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath,resolved_name_buf);
39         if (!resolved_name) {
40                 return false;
41         }
42         return set_conn_connectpath(conn,resolved_name);
43 #endif /* REALPATH_TAKES_NULL */
44 }
45
46 /****************************************************************************
47  Ensure when setting connectpath it is a canonicalized (no ./ // or ../)
48  absolute path stating in / and not ending in /.
49  Observent people will notice a similarity between this and check_path_syntax :-).
50 ****************************************************************************/
51
52 bool set_conn_connectpath(connection_struct *conn, const char *connectpath)
53 {
54         char *destname;
55         char *d;
56         const char *s = connectpath;
57         bool start_of_name_component = true;
58
59         if (connectpath == NULL || connectpath[0] == '\0') {
60                 return false;
61         }
62
63         /* Allocate for strlen + '\0' + possible leading '/' */
64         destname = SMB_MALLOC(strlen(connectpath) + 2);
65         if (!destname) {
66                 return false;
67         }
68         d = destname;
69
70         *d++ = '/'; /* Always start with root. */
71
72         while (*s) {
73                 if (*s == '/') {
74                         /* Eat multiple '/' */
75                         while (*s == '/') {
76                                 s++;
77                         }
78                         if ((d > destname + 1) && (*s != '\0')) {
79                                 *d++ = '/';
80                         }
81                         start_of_name_component = True;
82                         continue;
83                 }
84
85                 if (start_of_name_component) {
86                         if ((s[0] == '.') && (s[1] == '.') && (s[2] == '/' || s[2] == '\0')) {
87                                 /* Uh oh - "/../" or "/..\0" ! */
88
89                                 /* Go past the ../ or .. */
90                                 if (s[2] == '/') {
91                                         s += 3;
92                                 } else {
93                                         s += 2; /* Go past the .. */
94                                 }
95
96                                 /* If  we just added a '/' - delete it */
97                                 if ((d > destname) && (*(d-1) == '/')) {
98                                         *(d-1) = '\0';
99                                         d--;
100                                 }
101
102                                 /* Are we at the start ? Can't go back further if so. */
103                                 if (d <= destname) {
104                                         *d++ = '/'; /* Can't delete root */
105                                         continue;
106                                 }
107                                 /* Go back one level... */
108                                 /* Decrement d first as d points to the *next* char to write into. */
109                                 for (d--; d > destname; d--) {
110                                         if (*d == '/') {
111                                                 break;
112                                         }
113                                 }
114                                 /* We're still at the start of a name component, just the previous one. */
115                                 continue;
116                         } else if ((s[0] == '.') && ((s[1] == '\0') || s[1] == '/')) {
117                                 /* Component of pathname can't be "." only - skip the '.' . */
118                                 if (s[1] == '/') {
119                                         s += 2;
120                                 } else {
121                                         s++;
122                                 }
123                                 continue;
124                         }
125                 }
126
127                 if (!(*s & 0x80)) {
128                         *d++ = *s++;
129                 } else {
130                         size_t siz;
131                         /* Get the size of the next MB character. */
132                         next_codepoint(s,&siz);
133                         switch(siz) {
134                                 case 5:
135                                         *d++ = *s++;
136                                         /*fall through*/
137                                 case 4:
138                                         *d++ = *s++;
139                                         /*fall through*/
140                                 case 3:
141                                         *d++ = *s++;
142                                         /*fall through*/
143                                 case 2:
144                                         *d++ = *s++;
145                                         /*fall through*/
146                                 case 1:
147                                         *d++ = *s++;
148                                         break;
149                                 default:
150                                         break;
151                         }
152                 }
153                 start_of_name_component = false;
154         }
155         *d = '\0';
156
157         /* And must not end in '/' */
158         if (d > destname + 1 && (*(d-1) == '/')) {
159                 *(d-1) = '\0';
160         }
161
162         DEBUG(10,("set_conn_connectpath: service %s, connectpath = %s\n",
163                 lp_servicename(SNUM(conn)), destname ));
164
165         string_set(&conn->connectpath, destname);
166         SAFE_FREE(destname);
167         return true;
168 }
169
170 /****************************************************************************
171  Load parameters specific to a connection/service.
172 ****************************************************************************/
173
174 bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir)
175 {
176         int snum;
177
178         if (!conn)  {
179                 last_conn = NULL;
180                 return(False);
181         }
182
183         conn->lastused_count++;
184
185         snum = SNUM(conn);
186   
187         if (do_chdir &&
188             vfs_ChDir(conn,conn->connectpath) != 0 &&
189             vfs_ChDir(conn,conn->origpath) != 0) {
190                 DEBUG(((errno!=EACCES)?0:3),("chdir (%s) failed, reason: %s\n",
191                          conn->connectpath, strerror(errno)));
192                 return(False);
193         }
194
195         if ((conn == last_conn) && (last_flags == flags)) {
196                 return(True);
197         }
198
199         last_conn = conn;
200         last_flags = flags;
201         
202         /* Obey the client case sensitivity requests - only for clients that support it. */
203         switch (lp_casesensitive(snum)) {
204                 case Auto:
205                         {
206                                 /* We need this uglyness due to DOS/Win9x clients that lie about case insensitivity. */
207                                 enum remote_arch_types ra_type = get_remote_arch();
208                                 if ((ra_type != RA_SAMBA) && (ra_type != RA_CIFSFS)) {
209                                         /* Client can't support per-packet case sensitive pathnames. */
210                                         conn->case_sensitive = False;
211                                 } else {
212                                         conn->case_sensitive = !(flags & FLAG_CASELESS_PATHNAMES);
213                                 }
214                         }
215                         break;
216                 case True:
217                         conn->case_sensitive = True;
218                         break;
219                 default:
220                         conn->case_sensitive = False;
221                         break;
222         }
223         return(True);
224 }
225
226 static int load_registry_service(const char *servicename)
227 {
228         if (!lp_registry_shares()) {
229                 return -1;
230         }
231
232         if ((servicename == NULL) || (*servicename == '\0')) {
233                 return -1;
234         }
235
236         if (strequal(servicename, GLOBAL_NAME)) {
237                 return -2;
238         }
239
240         if (!process_registry_service(servicename)) {
241                 return -1;
242         }
243
244         return lp_servicenumber(servicename);
245 }
246
247 void load_registry_shares(void)
248 {
249         DEBUG(8, ("load_registry_shares()\n"));
250         if (!lp_registry_shares()) {
251                 return;
252         }
253
254         process_registry_shares();
255
256         return;
257 }
258
259 /****************************************************************************
260  Add a home service. Returns the new service number or -1 if fail.
261 ****************************************************************************/
262
263 int add_home_service(const char *service, const char *username, const char *homedir)
264 {
265         int iHomeService;
266
267         if (!service || !homedir || homedir[0] == '\0')
268                 return -1;
269
270         if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) {
271                 if ((iHomeService = load_registry_service(HOMES_NAME)) < 0) {
272                         return -1;
273                 }
274         }
275
276         /*
277          * If this is a winbindd provided username, remove
278          * the domain component before adding the service.
279          * Log a warning if the "path=" parameter does not
280          * include any macros.
281          */
282
283         {
284                 const char *p = strchr(service,*lp_winbind_separator());
285
286                 /* We only want the 'user' part of the string */
287                 if (p) {
288                         service = p + 1;
289                 }
290         }
291
292         if (!lp_add_home(service, iHomeService, username, homedir)) {
293                 return -1;
294         }
295         
296         return lp_servicenumber(service);
297
298 }
299
300 /**
301  * Find a service entry.
302  *
303  * @param service is modified (to canonical form??)
304  **/
305
306 int find_service(fstring service)
307 {
308         int iService;
309         struct smbd_server_connection *sconn = smbd_server_conn;
310
311         all_string_sub(service,"\\","/",0);
312
313         iService = lp_servicenumber(service);
314
315         /* now handle the special case of a home directory */
316         if (iService < 0) {
317                 char *phome_dir = get_user_home_dir(talloc_tos(), service);
318
319                 if(!phome_dir) {
320                         /*
321                          * Try mapping the servicename, it may
322                          * be a Windows to unix mapped user name.
323                          */
324                         if(map_username(sconn, service))
325                                 phome_dir = get_user_home_dir(
326                                         talloc_tos(), service);
327                 }
328
329                 DEBUG(3,("checking for home directory %s gave %s\n",service,
330                         phome_dir?phome_dir:"(NULL)"));
331
332                 iService = add_home_service(service,service /* 'username' */, phome_dir);
333         }
334
335         /* If we still don't have a service, attempt to add it as a printer. */
336         if (iService < 0) {
337                 int iPrinterService;
338
339                 if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) < 0) {
340                         iPrinterService = load_registry_service(PRINTERS_NAME);
341                 }
342                 if (iPrinterService) {
343                         DEBUG(3,("checking whether %s is a valid printer name...\n", service));
344                         if (pcap_printername_ok(service)) {
345                                 DEBUG(3,("%s is a valid printer name\n", service));
346                                 DEBUG(3,("adding %s as a printer service\n", service));
347                                 lp_add_printer(service, iPrinterService);
348                                 iService = lp_servicenumber(service);
349                                 if (iService < 0) {
350                                         DEBUG(0,("failed to add %s as a printer service!\n", service));
351                                 }
352                         } else {
353                                 DEBUG(3,("%s is not a valid printer name\n", service));
354                         }
355                 }
356         }
357
358         /* Check for default vfs service?  Unsure whether to implement this */
359         if (iService < 0) {
360         }
361
362         if (iService < 0) {
363                 iService = load_registry_service(service);
364         }
365
366         /* Is it a usershare service ? */
367         if (iService < 0 && *lp_usershare_path()) {
368                 /* Ensure the name is canonicalized. */
369                 strlower_m(service);
370                 iService = load_usershare_service(service);
371         }
372
373         /* just possibly it's a default service? */
374         if (iService < 0) {
375                 char *pdefservice = lp_defaultservice();
376                 if (pdefservice && *pdefservice && !strequal(pdefservice,service) && !strstr_m(service,"..")) {
377                         /*
378                          * We need to do a local copy here as lp_defaultservice() 
379                          * returns one of the rotating lp_string buffers that
380                          * could get overwritten by the recursive find_service() call
381                          * below. Fix from Josef Hinteregger <joehtg@joehtg.co.at>.
382                          */
383                         char *defservice = SMB_STRDUP(pdefservice);
384
385                         if (!defservice) {
386                                 goto fail;
387                         }
388
389                         /* Disallow anything except explicit share names. */
390                         if (strequal(defservice,HOMES_NAME) ||
391                                         strequal(defservice, PRINTERS_NAME) ||
392                                         strequal(defservice, "IPC$")) {
393                                 SAFE_FREE(defservice);
394                                 goto fail;
395                         }
396
397                         iService = find_service(defservice);
398                         if (iService >= 0) {
399                                 all_string_sub(service, "_","/",0);
400                                 iService = lp_add_service(service, iService);
401                         }
402                         SAFE_FREE(defservice);
403                 }
404         }
405
406         if (iService >= 0) {
407                 if (!VALID_SNUM(iService)) {
408                         DEBUG(0,("Invalid snum %d for %s\n",iService, service));
409                         iService = -1;
410                 }
411         }
412
413   fail:
414
415         if (iService < 0)
416                 DEBUG(3,("find_service() failed to find service %s\n", service));
417
418         return (iService);
419 }
420
421
422 /****************************************************************************
423  do some basic sainity checks on the share.  
424  This function modifies dev, ecode.
425 ****************************************************************************/
426
427 static NTSTATUS share_sanity_checks(int snum, fstring dev) 
428 {
429         
430         if (!lp_snum_ok(snum) || 
431             !check_access(smbd_server_fd(), 
432                           lp_hostsallow(snum), lp_hostsdeny(snum))) {    
433                 return NT_STATUS_ACCESS_DENIED;
434         }
435
436         if (dev[0] == '?' || !dev[0]) {
437                 if (lp_print_ok(snum)) {
438                         fstrcpy(dev,"LPT1:");
439                 } else if (strequal(lp_fstype(snum), "IPC")) {
440                         fstrcpy(dev, "IPC");
441                 } else {
442                         fstrcpy(dev,"A:");
443                 }
444         }
445
446         strupper_m(dev);
447
448         if (lp_print_ok(snum)) {
449                 if (!strequal(dev, "LPT1:")) {
450                         return NT_STATUS_BAD_DEVICE_TYPE;
451                 }
452         } else if (strequal(lp_fstype(snum), "IPC")) {
453                 if (!strequal(dev, "IPC")) {
454                         return NT_STATUS_BAD_DEVICE_TYPE;
455                 }
456         } else if (!strequal(dev, "A:")) {
457                 return NT_STATUS_BAD_DEVICE_TYPE;
458         }
459
460         /* Behave as a printer if we are supposed to */
461         if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) {
462                 fstrcpy(dev, "LPT1:");
463         }
464
465         return NT_STATUS_OK;
466 }
467
468 /*
469  * Go through lookup_name etc to find the force'd group.  
470  *
471  * Create a new token from src_token, replacing the primary group sid with the
472  * one found.
473  */
474
475 static NTSTATUS find_forced_group(bool force_user,
476                                   int snum, const char *username,
477                                   DOM_SID *pgroup_sid,
478                                   gid_t *pgid)
479 {
480         NTSTATUS result = NT_STATUS_NO_SUCH_GROUP;
481         TALLOC_CTX *frame = talloc_stackframe();
482         DOM_SID group_sid;
483         enum lsa_SidType type;
484         char *groupname;
485         bool user_must_be_member = False;
486         gid_t gid;
487
488         groupname = talloc_strdup(talloc_tos(), lp_force_group(snum));
489         if (groupname == NULL) {
490                 DEBUG(1, ("talloc_strdup failed\n"));
491                 result = NT_STATUS_NO_MEMORY;
492                 goto done;
493         }
494
495         if (groupname[0] == '+') {
496                 user_must_be_member = True;
497                 groupname += 1;
498         }
499
500         groupname = talloc_string_sub(talloc_tos(), groupname,
501                                       "%S", lp_servicename(snum));
502         if (groupname == NULL) {
503                 DEBUG(1, ("talloc_string_sub failed\n"));
504                 result = NT_STATUS_NO_MEMORY;
505                 goto done;
506         }
507
508         if (!lookup_name_smbconf(talloc_tos(), groupname,
509                          LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
510                          NULL, NULL, &group_sid, &type)) {
511                 DEBUG(10, ("lookup_name_smbconf(%s) failed\n",
512                            groupname));
513                 goto done;
514         }
515
516         if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
517             (type != SID_NAME_WKN_GRP)) {
518                 DEBUG(10, ("%s is a %s, not a group\n", groupname,
519                            sid_type_lookup(type)));
520                 goto done;
521         }
522
523         if (!sid_to_gid(&group_sid, &gid)) {
524                 DEBUG(10, ("sid_to_gid(%s) for %s failed\n",
525                            sid_string_dbg(&group_sid), groupname));
526                 goto done;
527         }
528
529         /*
530          * If the user has been forced and the forced group starts with a '+',
531          * then we only set the group to be the forced group if the forced
532          * user is a member of that group.  Otherwise, the meaning of the '+'
533          * would be ignored.
534          */
535
536         if (force_user && user_must_be_member) {
537                 if (user_in_group_sid(username, &group_sid)) {
538                         sid_copy(pgroup_sid, &group_sid);
539                         *pgid = gid;
540                         DEBUG(3,("Forced group %s for member %s\n",
541                                  groupname, username));
542                 } else {
543                         DEBUG(0,("find_forced_group: forced user %s is not a member "
544                                 "of forced group %s. Disallowing access.\n",
545                                 username, groupname ));
546                         result = NT_STATUS_MEMBER_NOT_IN_GROUP;
547                         goto done;
548                 }
549         } else {
550                 sid_copy(pgroup_sid, &group_sid);
551                 *pgid = gid;
552                 DEBUG(3,("Forced group %s\n", groupname));
553         }
554
555         result = NT_STATUS_OK;
556  done:
557         TALLOC_FREE(frame);
558         return result;
559 }
560
561 /****************************************************************************
562   Create an auth_serversupplied_info structure for a connection_struct
563 ****************************************************************************/
564
565 static NTSTATUS create_connection_server_info(struct smbd_server_connection *sconn,
566                                               TALLOC_CTX *mem_ctx, int snum,
567                                               struct auth_serversupplied_info *vuid_serverinfo,
568                                               DATA_BLOB password,
569                                               struct auth_serversupplied_info **presult)
570 {
571         if (lp_guest_only(snum)) {
572                 return make_server_info_guest(mem_ctx, presult);
573         }
574
575         if (vuid_serverinfo != NULL) {
576
577                 struct auth_serversupplied_info *result;
578
579                 /*
580                  * This is the normal security != share case where we have a
581                  * valid vuid from the session setup.                 */
582
583                 if (vuid_serverinfo->guest) {
584                         if (!lp_guest_ok(snum)) {
585                                 DEBUG(2, ("guest user (from session setup) "
586                                           "not permitted to access this share "
587                                           "(%s)\n", lp_servicename(snum)));
588                                 return NT_STATUS_ACCESS_DENIED;
589                         }
590                 } else {
591                         if (!user_ok_token(vuid_serverinfo->unix_name,
592                                            pdb_get_domain(vuid_serverinfo->sam_account),
593                                            vuid_serverinfo->ptok, snum)) {
594                                 DEBUG(2, ("user '%s' (from session setup) not "
595                                           "permitted to access this share "
596                                           "(%s)\n",
597                                           vuid_serverinfo->unix_name,
598                                           lp_servicename(snum)));
599                                 return NT_STATUS_ACCESS_DENIED;
600                         }
601                 }
602
603                 result = copy_serverinfo(mem_ctx, vuid_serverinfo);
604                 if (result == NULL) {
605                         return NT_STATUS_NO_MEMORY;
606                 }
607
608                 *presult = result;
609                 return NT_STATUS_OK;
610         }
611
612         if (lp_security() == SEC_SHARE) {
613
614                 fstring user;
615                 bool guest;
616
617                 /* add the sharename as a possible user name if we
618                    are in share mode security */
619
620                 add_session_user(sconn, lp_servicename(snum));
621
622                 /* shall we let them in? */
623
624                 if (!authorise_login(sconn, snum,user,password,&guest)) {
625                         DEBUG( 2, ( "Invalid username/password for [%s]\n",
626                                     lp_servicename(snum)) );
627                         return NT_STATUS_WRONG_PASSWORD;
628                 }
629
630                 return make_serverinfo_from_username(mem_ctx, user, guest,
631                                                      presult);
632         }
633
634         DEBUG(0, ("invalid VUID (vuser) but not in security=share\n"));
635         return NT_STATUS_ACCESS_DENIED;
636 }
637
638
639 /****************************************************************************
640   Make a connection, given the snum to connect to, and the vuser of the
641   connecting user if appropriate.
642 ****************************************************************************/
643
644 connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
645                                         int snum, user_struct *vuser,
646                                         DATA_BLOB password,
647                                         const char *pdev,
648                                         NTSTATUS *pstatus)
649 {
650         connection_struct *conn = NULL;
651         struct smb_filename *smb_fname_cpath = NULL;
652         fstring dev;
653         int ret;
654         char addr[INET6_ADDRSTRLEN];
655         bool on_err_call_dis_hook = false;
656         bool claimed_connection = false;
657         uid_t effuid;
658         gid_t effgid;
659         NTSTATUS status;
660
661         fstrcpy(dev, pdev);
662
663         if (NT_STATUS_IS_ERR(*pstatus = share_sanity_checks(snum, dev))) {
664                 goto err_root_exit;
665         }
666
667         conn = conn_new(sconn);
668         if (!conn) {
669                 DEBUG(0,("Couldn't find free connection.\n"));
670                 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES;
671                 goto err_root_exit;
672         }
673
674         conn->params->service = snum;
675
676         status = create_connection_server_info(sconn,
677                 conn, snum, vuser ? vuser->server_info : NULL, password,
678                 &conn->server_info);
679
680         if (!NT_STATUS_IS_OK(status)) {
681                 DEBUG(1, ("create_connection_server_info failed: %s\n",
682                           nt_errstr(status)));
683                 *pstatus = status;
684                 goto err_root_exit;
685         }
686
687         if ((lp_guest_only(snum)) || (lp_security() == SEC_SHARE)) {
688                 conn->force_user = true;
689         }
690
691         add_session_user(sconn, conn->server_info->unix_name);
692
693         safe_strcpy(conn->client_address,
694                         client_addr(get_client_fd(),addr,sizeof(addr)), 
695                         sizeof(conn->client_address)-1);
696         conn->num_files_open = 0;
697         conn->lastused = conn->lastused_count = time(NULL);
698         conn->used = True;
699         conn->printer = (strncmp(dev,"LPT",3) == 0);
700         conn->ipc = ( (strncmp(dev,"IPC",3) == 0) ||
701                       ( lp_enable_asu_support() && strequal(dev,"ADMIN$")) );
702
703         /* Case options for the share. */
704         if (lp_casesensitive(snum) == Auto) {
705                 /* We will be setting this per packet. Set to be case
706                  * insensitive for now. */
707                 conn->case_sensitive = False;
708         } else {
709                 conn->case_sensitive = (bool)lp_casesensitive(snum);
710         }
711
712         conn->case_preserve = lp_preservecase(snum);
713         conn->short_case_preserve = lp_shortpreservecase(snum);
714
715         conn->encrypt_level = lp_smb_encrypt(snum);
716
717         conn->veto_list = NULL;
718         conn->hide_list = NULL;
719         conn->veto_oplock_list = NULL;
720         conn->aio_write_behind_list = NULL;
721
722         conn->read_only = lp_readonly(SNUM(conn));
723         conn->admin_user = False;
724
725         if (*lp_force_user(snum)) {
726
727                 /*
728                  * Replace conn->server_info with a completely faked up one
729                  * from the username we are forced into :-)
730                  */
731
732                 char *fuser;
733                 struct auth_serversupplied_info *forced_serverinfo;
734
735                 fuser = talloc_string_sub(conn, lp_force_user(snum), "%S",
736                                           lp_servicename(snum));
737                 if (fuser == NULL) {
738                         *pstatus = NT_STATUS_NO_MEMORY;
739                         goto err_root_exit;
740                 }
741
742                 status = make_serverinfo_from_username(
743                         conn, fuser, conn->server_info->guest,
744                         &forced_serverinfo);
745                 if (!NT_STATUS_IS_OK(status)) {
746                         *pstatus = status;
747                         goto err_root_exit;
748                 }
749
750                 TALLOC_FREE(conn->server_info);
751                 conn->server_info = forced_serverinfo;
752
753                 conn->force_user = True;
754                 DEBUG(3,("Forced user %s\n", fuser));
755         }
756
757         /*
758          * If force group is true, then override
759          * any groupid stored for the connecting user.
760          */
761
762         if (*lp_force_group(snum)) {
763
764                 status = find_forced_group(
765                         conn->force_user, snum, conn->server_info->unix_name,
766                         &conn->server_info->ptok->user_sids[1],
767                         &conn->server_info->utok.gid);
768
769                 if (!NT_STATUS_IS_OK(status)) {
770                         *pstatus = status;
771                         goto err_root_exit;
772                 }
773
774                 /*
775                  * We need to cache this gid, to use within
776                  * change_to_user() separately from the conn->server_info
777                  * struct. We only use conn->server_info directly if
778                  * "force_user" was set.
779                  */
780                 conn->force_group_gid = conn->server_info->utok.gid;
781         }
782
783         conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID;
784
785         {
786                 char *s = talloc_sub_advanced(talloc_tos(),
787                                         lp_servicename(SNUM(conn)),
788                                         conn->server_info->unix_name,
789                                         conn->connectpath,
790                                         conn->server_info->utok.gid,
791                                         conn->server_info->sanitized_username,
792                                         pdb_get_domain(conn->server_info->sam_account),
793                                         lp_pathname(snum));
794                 if (!s) {
795                         *pstatus = NT_STATUS_NO_MEMORY;
796                         goto err_root_exit;
797                 }
798
799                 if (!set_conn_connectpath(conn,s)) {
800                         TALLOC_FREE(s);
801                         *pstatus = NT_STATUS_NO_MEMORY;
802                         goto err_root_exit;
803                 }
804                 DEBUG(3,("Connect path is '%s' for service [%s]\n",s,
805                          lp_servicename(snum)));
806                 TALLOC_FREE(s);
807         }
808
809         /*
810          * New code to check if there's a share security descripter
811          * added from NT server manager. This is done after the
812          * smb.conf checks are done as we need a uid and token. JRA.
813          *
814          */
815
816         {
817                 bool can_write = False;
818
819                 can_write = share_access_check(conn->server_info->ptok,
820                                                lp_servicename(snum),
821                                                FILE_WRITE_DATA);
822
823                 if (!can_write) {
824                         if (!share_access_check(conn->server_info->ptok,
825                                                 lp_servicename(snum),
826                                                 FILE_READ_DATA)) {
827                                 /* No access, read or write. */
828                                 DEBUG(0,("make_connection: connection to %s "
829                                          "denied due to security "
830                                          "descriptor.\n",
831                                           lp_servicename(snum)));
832                                 *pstatus = NT_STATUS_ACCESS_DENIED;
833                                 goto err_root_exit;
834                         } else {
835                                 conn->read_only = True;
836                         }
837                 }
838         }
839         /* Initialise VFS function pointers */
840
841         if (!smbd_vfs_init(conn)) {
842                 DEBUG(0, ("vfs_init failed for service %s\n",
843                           lp_servicename(snum)));
844                 *pstatus = NT_STATUS_BAD_NETWORK_NAME;
845                 goto err_root_exit;
846         }
847
848         if ((!conn->printer) && (!conn->ipc)) {
849                 conn->notify_ctx = notify_init(conn, server_id_self(),
850                                                smbd_messaging_context(),
851                                                smbd_event_context(),
852                                                conn);
853         }
854
855 /* ROOT Activities: */
856         /* explicitly check widelinks here so that we can correctly warn
857          * in the logs. */
858         widelinks_warning(snum);
859
860         /*
861          * Enforce the max connections parameter.
862          */
863
864         if ((lp_max_connections(snum) > 0)
865             && (count_current_connections(lp_servicename(SNUM(conn)), True) >=
866                 lp_max_connections(snum))) {
867
868                 DEBUG(1, ("Max connections (%d) exceeded for %s\n",
869                           lp_max_connections(snum), lp_servicename(snum)));
870                 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES;
871                 goto err_root_exit;
872         }
873
874         /*
875          * Get us an entry in the connections db
876          */
877         if (!claim_connection(conn, lp_servicename(snum), 0)) {
878                 DEBUG(1, ("Could not store connections entry\n"));
879                 *pstatus = NT_STATUS_INTERNAL_DB_ERROR;
880                 goto err_root_exit;
881         }
882         claimed_connection = true;
883
884         /*
885          * Fix compatibility issue pointed out by Volker.
886          * We pass the conn->connectpath to the preexec
887          * scripts as a parameter, so attempt to canonicalize
888          * it here before calling the preexec scripts.
889          * We ignore errors here, as it is possible that
890          * the conn->connectpath doesn't exist yet and
891          * the preexec scripts will create them.
892          */
893
894         (void)canonicalize_connect_path(conn);
895
896         /* Preexecs are done here as they might make the dir we are to ChDir
897          * to below */
898         /* execute any "root preexec = " line */
899         if (*lp_rootpreexec(snum)) {
900                 char *cmd = talloc_sub_advanced(talloc_tos(),
901                                         lp_servicename(SNUM(conn)),
902                                         conn->server_info->unix_name,
903                                         conn->connectpath,
904                                         conn->server_info->utok.gid,
905                                         conn->server_info->sanitized_username,
906                                         pdb_get_domain(conn->server_info->sam_account),
907                                         lp_rootpreexec(snum));
908                 DEBUG(5,("cmd=%s\n",cmd));
909                 ret = smbrun(cmd,NULL);
910                 TALLOC_FREE(cmd);
911                 if (ret != 0 && lp_rootpreexec_close(snum)) {
912                         DEBUG(1,("root preexec gave %d - failing "
913                                  "connection\n", ret));
914                         *pstatus = NT_STATUS_ACCESS_DENIED;
915                         goto err_root_exit;
916                 }
917         }
918
919 /* USER Activites: */
920         if (!change_to_user(conn, conn->vuid)) {
921                 /* No point continuing if they fail the basic checks */
922                 DEBUG(0,("Can't become connected user!\n"));
923                 *pstatus = NT_STATUS_LOGON_FAILURE;
924                 goto err_root_exit;
925         }
926
927         effuid = geteuid();
928         effgid = getegid();
929
930         /* Remember that a different vuid can connect later without these
931          * checks... */
932
933         /* Preexecs are done here as they might make the dir we are to ChDir
934          * to below */
935
936         /* execute any "preexec = " line */
937         if (*lp_preexec(snum)) {
938                 char *cmd = talloc_sub_advanced(talloc_tos(),
939                                         lp_servicename(SNUM(conn)),
940                                         conn->server_info->unix_name,
941                                         conn->connectpath,
942                                         conn->server_info->utok.gid,
943                                         conn->server_info->sanitized_username,
944                                         pdb_get_domain(conn->server_info->sam_account),
945                                         lp_preexec(snum));
946                 ret = smbrun(cmd,NULL);
947                 TALLOC_FREE(cmd);
948                 if (ret != 0 && lp_preexec_close(snum)) {
949                         DEBUG(1,("preexec gave %d - failing connection\n",
950                                  ret));
951                         *pstatus = NT_STATUS_ACCESS_DENIED;
952                         goto err_root_exit;
953                 }
954         }
955
956         /*
957          * If widelinks are disallowed we need to canonicalise the connect
958          * path here to ensure we don't have any symlinks in the
959          * connectpath. We will be checking all paths on this connection are
960          * below this directory. We must do this after the VFS init as we
961          * depend on the realpath() pointer in the vfs table. JRA.
962          */
963         if (!lp_widelinks(snum)) {
964
965                 /* We need to do the path canonicalization
966                  * as root, as we may not have rights to
967                  * this path as the user. */
968
969                 change_to_root_user();
970
971 /* ROOT Activites: */
972                 if (!canonicalize_connect_path(conn)) {
973                         DEBUG(0, ("canonicalize_connect_path failed "
974                         "for service %s, path %s\n",
975                                 lp_servicename(snum),
976                                 conn->connectpath));
977                         *pstatus = NT_STATUS_BAD_NETWORK_NAME;
978                         goto err_root_exit;
979                 }
980
981                 /* Back to the user for the VFS_CONNECT call. */
982                 if (!change_to_user(conn, conn->vuid)) {
983                         *pstatus = NT_STATUS_LOGON_FAILURE;
984                         goto err_root_exit;
985                 }
986 /* USER Activites: */
987         }
988
989 #ifdef WITH_FAKE_KASERVER
990         if (lp_afs_share(snum)) {
991                 afs_login(conn);
992         }
993 #endif
994
995         /* Add veto/hide lists */
996         if (!IS_IPC(conn) && !IS_PRINT(conn)) {
997                 set_namearray( &conn->veto_list, lp_veto_files(snum));
998                 set_namearray( &conn->hide_list, lp_hide_files(snum));
999                 set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(snum));
1000                 set_namearray( &conn->aio_write_behind_list,
1001                                 lp_aio_write_behind(snum));
1002         }
1003
1004         /* Invoke VFS make connection hook - do this before the VFS_STAT call
1005            to allow any filesystems needing user credentials to initialize
1006            themselves. */
1007
1008         if (SMB_VFS_CONNECT(conn, lp_servicename(snum),
1009                             conn->server_info->unix_name) < 0) {
1010                 DEBUG(0,("make_connection: VFS make connection failed!\n"));
1011                 *pstatus = NT_STATUS_UNSUCCESSFUL;
1012                 goto err_root_exit;
1013         }
1014
1015         /* Any error exit after here needs to call the disconnect hook. */
1016         on_err_call_dis_hook = true;
1017
1018         status = create_synthetic_smb_fname(talloc_tos(), conn->connectpath,
1019                                             NULL, NULL, &smb_fname_cpath);
1020         if (!NT_STATUS_IS_OK(status)) {
1021                 *pstatus = status;
1022                 goto err_root_exit;
1023         }
1024
1025         /* win2000 does not check the permissions on the directory
1026            during the tree connect, instead relying on permission
1027            check during individual operations. To match this behaviour
1028            I have disabled this chdir check (tridge) */
1029         /* the alternative is just to check the directory exists */
1030
1031         /*
1032          * we've finished with the user stuff - go back to root
1033          * so the SMB_VFS_STAT call will only fail on path errors,
1034          * not permission problems.
1035          */
1036         change_to_root_user();
1037
1038 /* ROOT Activites: */
1039         if ((ret = SMB_VFS_STAT(conn, smb_fname_cpath)) != 0 ||
1040             !S_ISDIR(smb_fname_cpath->st.st_ex_mode)) {
1041                 if (ret == 0 && !S_ISDIR(smb_fname_cpath->st.st_ex_mode)) {
1042                         DEBUG(0,("'%s' is not a directory, when connecting to "
1043                                  "[%s]\n", conn->connectpath,
1044                                  lp_servicename(snum)));
1045                 } else {
1046                         DEBUG(0,("'%s' does not exist or permission denied "
1047                                  "when connecting to [%s] Error was %s\n",
1048                                  conn->connectpath, lp_servicename(snum),
1049                                  strerror(errno) ));
1050                 }
1051                 *pstatus = NT_STATUS_BAD_NETWORK_NAME;
1052                 goto err_root_exit;
1053         }
1054
1055         string_set(&conn->origpath,conn->connectpath);
1056
1057         /* Figure out the characteristics of the underlying filesystem. This
1058          * assumes that all the filesystem mounted withing a share path have
1059          * the same characteristics, which is likely but not guaranteed.
1060          */
1061
1062         conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn, &conn->ts_res);
1063
1064         /*
1065          * Print out the 'connected as' stuff here as we need
1066          * to know the effective uid and gid we will be using
1067          * (at least initially).
1068          */
1069
1070         if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) {
1071                 dbgtext( "%s (%s) ", get_remote_machine_name(),
1072                          conn->client_address );
1073                 dbgtext( "%s", srv_is_signing_active(smbd_server_conn) ? "signed " : "");
1074                 dbgtext( "connect to service %s ", lp_servicename(snum) );
1075                 dbgtext( "initially as user %s ",
1076                          conn->server_info->unix_name );
1077                 dbgtext( "(uid=%d, gid=%d) ", (int)effuid, (int)effgid );
1078                 dbgtext( "(pid %d)\n", (int)sys_getpid() );
1079         }
1080
1081         return(conn);
1082
1083   err_root_exit:
1084         TALLOC_FREE(smb_fname_cpath);
1085         /* We must exit this function as root. */
1086         if (geteuid() != 0) {
1087                 change_to_root_user();
1088         }
1089         if (on_err_call_dis_hook) {
1090                 /* Call VFS disconnect hook */
1091                 SMB_VFS_DISCONNECT(conn);
1092         }
1093         if (claimed_connection) {
1094                 yield_connection(conn, lp_servicename(snum));
1095         }
1096         if (conn) {
1097                 conn_free(conn);
1098         }
1099         return NULL;
1100 }
1101
1102 /****************************************************************************
1103  Make a connection to a service.
1104  *
1105  * @param service 
1106 ****************************************************************************/
1107
1108 connection_struct *make_connection(struct smbd_server_connection *sconn,
1109                                    const char *service_in, DATA_BLOB password,
1110                                    const char *pdev, uint16 vuid,
1111                                    NTSTATUS *status)
1112 {
1113         uid_t euid;
1114         user_struct *vuser = NULL;
1115         fstring service;
1116         fstring dev;
1117         int snum = -1;
1118         char addr[INET6_ADDRSTRLEN];
1119
1120         fstrcpy(dev, pdev);
1121
1122         /* This must ONLY BE CALLED AS ROOT. As it exits this function as
1123          * root. */
1124         if (!non_root_mode() && (euid = geteuid()) != 0) {
1125                 DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot "
1126                          "(%u)\n", (unsigned int)euid ));
1127                 smb_panic("make_connection: PANIC ERROR. Called as nonroot\n");
1128         }
1129
1130         if (conn_num_open(sconn) > 2047) {
1131                 *status = NT_STATUS_INSUFF_SERVER_RESOURCES;
1132                 return NULL;
1133         }
1134
1135         if(lp_security() != SEC_SHARE) {
1136                 vuser = get_valid_user_struct(sconn, vuid);
1137                 if (!vuser) {
1138                         DEBUG(1,("make_connection: refusing to connect with "
1139                                  "no session setup\n"));
1140                         *status = NT_STATUS_ACCESS_DENIED;
1141                         return NULL;
1142                 }
1143         }
1144
1145         /* Logic to try and connect to the correct [homes] share, preferably
1146            without too many getpwnam() lookups.  This is particulary nasty for
1147            winbind usernames, where the share name isn't the same as unix
1148            username.
1149
1150            The snum of the homes share is stored on the vuser at session setup
1151            time.
1152         */
1153
1154         if (strequal(service_in,HOMES_NAME)) {
1155                 if(lp_security() != SEC_SHARE) {
1156                         DATA_BLOB no_pw = data_blob_null;
1157                         if (vuser->homes_snum == -1) {
1158                                 DEBUG(2, ("[homes] share not available for "
1159                                           "this user because it was not found "
1160                                           "or created at session setup "
1161                                           "time\n"));
1162                                 *status = NT_STATUS_BAD_NETWORK_NAME;
1163                                 return NULL;
1164                         }
1165                         DEBUG(5, ("making a connection to [homes] service "
1166                                   "created at session setup time\n"));
1167                         return make_connection_snum(sconn,
1168                                                     vuser->homes_snum,
1169                                                     vuser, no_pw, 
1170                                                     dev, status);
1171                 } else {
1172                         /* Security = share. Try with
1173                          * current_user_info.smb_name as the username.  */
1174                         if (*current_user_info.smb_name) {
1175                                 fstring unix_username;
1176                                 fstrcpy(unix_username,
1177                                         current_user_info.smb_name);
1178                                 map_username(sconn, unix_username);
1179                                 snum = find_service(unix_username);
1180                         } 
1181                         if (snum != -1) {
1182                                 DEBUG(5, ("making a connection to 'homes' "
1183                                           "service %s based on "
1184                                           "security=share\n", service_in));
1185                                 return make_connection_snum(sconn,
1186                                                             snum, NULL,
1187                                                             password,
1188                                                             dev, status);
1189                         }
1190                 }
1191         } else if ((lp_security() != SEC_SHARE) && (vuser->homes_snum != -1)
1192                    && strequal(service_in,
1193                                lp_servicename(vuser->homes_snum))) {
1194                 DATA_BLOB no_pw = data_blob_null;
1195                 DEBUG(5, ("making a connection to 'homes' service [%s] "
1196                           "created at session setup time\n", service_in));
1197                 return make_connection_snum(sconn,
1198                                             vuser->homes_snum,
1199                                             vuser, no_pw, 
1200                                             dev, status);
1201         }
1202         
1203         fstrcpy(service, service_in);
1204
1205         strlower_m(service);
1206
1207         snum = find_service(service);
1208
1209         if (snum < 0) {
1210                 if (strequal(service,"IPC$") ||
1211                     (lp_enable_asu_support() && strequal(service,"ADMIN$"))) {
1212                         DEBUG(3,("refusing IPC connection to %s\n", service));
1213                         *status = NT_STATUS_ACCESS_DENIED;
1214                         return NULL;
1215                 }
1216
1217                 DEBUG(3,("%s (%s) couldn't find service %s\n",
1218                         get_remote_machine_name(),
1219                         client_addr(get_client_fd(),addr,sizeof(addr)),
1220                         service));
1221                 *status = NT_STATUS_BAD_NETWORK_NAME;
1222                 return NULL;
1223         }
1224
1225         /* Handle non-Dfs clients attempting connections to msdfs proxy */
1226         if (lp_host_msdfs() && (*lp_msdfs_proxy(snum) != '\0'))  {
1227                 DEBUG(3, ("refusing connection to dfs proxy share '%s' "
1228                           "(pointing to %s)\n", 
1229                         service, lp_msdfs_proxy(snum)));
1230                 *status = NT_STATUS_BAD_NETWORK_NAME;
1231                 return NULL;
1232         }
1233
1234         DEBUG(5, ("making a connection to 'normal' service %s\n", service));
1235
1236         return make_connection_snum(sconn, snum, vuser,
1237                                     password,
1238                                     dev, status);
1239 }
1240
1241 /****************************************************************************
1242  Close a cnum.
1243 ****************************************************************************/
1244
1245 void close_cnum(connection_struct *conn, uint16 vuid)
1246 {
1247         file_close_conn(conn);
1248
1249         if (!IS_IPC(conn)) {
1250                 dptr_closecnum(conn);
1251         }
1252
1253         change_to_root_user();
1254
1255         DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n",
1256                                  get_remote_machine_name(),
1257                                  conn->client_address,
1258                                  lp_servicename(SNUM(conn))));
1259
1260         /* Call VFS disconnect hook */    
1261         SMB_VFS_DISCONNECT(conn);
1262
1263         yield_connection(conn, lp_servicename(SNUM(conn)));
1264
1265         /* make sure we leave the directory available for unmount */
1266         vfs_ChDir(conn, "/");
1267
1268         /* execute any "postexec = " line */
1269         if (*lp_postexec(SNUM(conn)) && 
1270             change_to_user(conn, vuid))  {
1271                 char *cmd = talloc_sub_advanced(talloc_tos(),
1272                                         lp_servicename(SNUM(conn)),
1273                                         conn->server_info->unix_name,
1274                                         conn->connectpath,
1275                                         conn->server_info->utok.gid,
1276                                         conn->server_info->sanitized_username,
1277                                         pdb_get_domain(conn->server_info->sam_account),
1278                                         lp_postexec(SNUM(conn)));
1279                 smbrun(cmd,NULL);
1280                 TALLOC_FREE(cmd);
1281                 change_to_root_user();
1282         }
1283
1284         change_to_root_user();
1285         /* execute any "root postexec = " line */
1286         if (*lp_rootpostexec(SNUM(conn)))  {
1287                 char *cmd = talloc_sub_advanced(talloc_tos(),
1288                                         lp_servicename(SNUM(conn)),
1289                                         conn->server_info->unix_name,
1290                                         conn->connectpath,
1291                                         conn->server_info->utok.gid,
1292                                         conn->server_info->sanitized_username,
1293                                         pdb_get_domain(conn->server_info->sam_account),
1294                                         lp_rootpostexec(SNUM(conn)));
1295                 smbrun(cmd,NULL);
1296                 TALLOC_FREE(cmd);
1297         }
1298
1299         conn_free(conn);
1300 }