#include "smbd/globals.h"
#include "msdfs.h"
#include "auth.h"
+#include "../auth/auth_util.h"
#include "lib/param/loadparm.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_dfsblobs.h"
#include "lib/tsocket/tsocket.h"
+#include "lib/pthreadpool/pthreadpool_tevent.h"
/**********************************************************************
Parse a DFS pathname of the form \hostname\service\reqpath
*********************************************************/
static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
- struct tevent_context *ev,
struct messaging_context *msg,
connection_struct **pconn,
int snum,
const char *vfs_user;
struct smbd_server_connection *sconn;
const char *servicename = lp_const_servicename(snum);
+ int ret;
sconn = talloc_zero(ctx, struct smbd_server_connection);
if (sconn == NULL) {
return NT_STATUS_NO_MEMORY;
}
- sconn->ev_ctx = ev;
+ sconn->raw_ev_ctx = samba_tevent_context_init(sconn);
+ if (sconn->raw_ev_ctx == NULL) {
+ TALLOC_FREE(sconn);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ sconn->root_ev_ctx = smbd_impersonate_root_create(sconn->raw_ev_ctx);
+ if (sconn->root_ev_ctx == NULL) {
+ TALLOC_FREE(sconn);
+ return NT_STATUS_NO_MEMORY;
+ }
+ sconn->guest_ev_ctx = smbd_impersonate_guest_create(sconn->raw_ev_ctx);
+ if (sconn->guest_ev_ctx == NULL) {
+ TALLOC_FREE(sconn);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /*
+ * We only provide sync threadpools.
+ */
+ ret = pthreadpool_tevent_init(sconn, 0, &sconn->sync_thread_pool);
+ if (ret != 0) {
+ TALLOC_FREE(sconn);
+ return NT_STATUS_NO_MEMORY;
+ }
+ sconn->raw_thread_pool = sconn->sync_thread_pool;
+
sconn->msg_ctx = msg;
conn = conn_new(sconn);
TALLOC_FREE(conn);
return NT_STATUS_NO_MEMORY;
}
- vfs_user = conn->session_info->unix_info->unix_name;
+ /* unix_info could be NULL in session_info */
+ if (conn->session_info->unix_info != NULL) {
+ vfs_user = conn->session_info->unix_info->unix_name;
+ } else {
+ vfs_user = get_current_username();
+ }
} else {
/* use current authenticated user in absence of session_info */
vfs_user = get_current_username();
}
+ /*
+ * The impersonation has to be done by the caller
+ * of create_conn_struct_tos[_cwd]().
+ *
+ * Note: the context can't be changed anyway
+ * as we're using our own tevent_context
+ * and not a global one were other requests
+ * could change the current unix token.
+ *
+ * We just use a wrapper tevent_context in order
+ * to avoid crashes because TALLOC_FREE(conn->user_ev_ctx)
+ * would also remove sconn->raw_ev_ctx.
+ */
+ conn->user_ev_ctx = smbd_impersonate_debug_create(sconn->raw_ev_ctx,
+ "FAKE impersonation",
+ DBGLVL_DEBUG);
+ if (conn->user_ev_ctx == NULL) {
+ TALLOC_FREE(conn);
+ return NT_STATUS_NO_MEMORY;
+ }
+
set_conn_connectpath(conn, connpath);
/*
return NT_STATUS_UNSUCCESSFUL;
}
- conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn, &conn->ts_res);
- *pconn = conn;
-
- return NT_STATUS_OK;
-}
-
-/********************************************************
- Fake up a connection struct for the VFS layer, for use in
- applications (such as the python bindings), that do not want the
- global working directory changed under them.
-
- SMB_VFS_CONNECT requires root privileges.
-*********************************************************/
-
-NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
- struct tevent_context *ev,
- struct messaging_context *msg,
- connection_struct **pconn,
- int snum,
- const char *path,
- const struct auth_session_info *session_info)
-{
- NTSTATUS status;
- become_root();
- status = create_conn_struct_as_root(ctx, ev,
- msg, pconn,
- snum, path,
- session_info);
- unbecome_root();
-
- return status;
-}
-
-/********************************************************
- Fake up a connection struct for the VFS layer.
- Note: this performs a vfs connect and CHANGES CWD !!!! JRA.
-
- The old working directory is returned on *poldcwd, allocated on ctx.
-*********************************************************/
-
-NTSTATUS create_conn_struct_cwd(TALLOC_CTX *ctx,
- struct tevent_context *ev,
- struct messaging_context *msg,
- connection_struct **pconn,
- int snum,
- const char *path,
- const struct auth_session_info *session_info,
- struct smb_filename **poldcwd_fname)
-{
- connection_struct *conn;
- struct smb_filename *oldcwd_fname = NULL;
- struct smb_filename smb_fname_connectpath = {0};
-
- NTSTATUS status = create_conn_struct(ctx, ev,
- msg, &conn,
- snum, path,
- session_info);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- /*
- * Windows seems to insist on doing trans2getdfsreferral() calls on
- * the IPC$ share as the anonymous user. If we try to chdir as that
- * user we will fail.... WTF ? JRA.
- */
-
- oldcwd_fname = vfs_GetWd(ctx, conn);
- if (oldcwd_fname == NULL) {
- status = map_nt_error_from_unix(errno);
- DEBUG(3, ("vfs_GetWd failed: %s\n", strerror(errno)));
- conn_free(conn);
- return status;
- }
-
- smb_fname_connectpath = (struct smb_filename) {
- .base_name = conn->connectpath
- };
-
- if (vfs_ChDir(conn, &smb_fname_connectpath) != 0) {
- status = map_nt_error_from_unix(errno);
- DEBUG(3,("create_conn_struct: Can't ChDir to new conn path %s. "
- "Error was %s\n",
- conn->connectpath, strerror(errno) ));
- TALLOC_FREE(oldcwd_fname);
+ talloc_free(conn->origpath);
+ conn->origpath = talloc_strdup(conn, conn->connectpath);
+ if (conn->origpath == NULL) {
conn_free(conn);
- return status;
+ return NT_STATUS_NO_MEMORY;
}
- *pconn = conn;
- *poldcwd_fname = oldcwd_fname;
+ conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn, &conn->ts_res);
+ conn->tcon_done = true;
+ *pconn = talloc_move(ctx, &conn);
return NT_STATUS_OK;
}
struct conn_struct_tos **_c)
{
struct conn_struct_tos *c = NULL;
- struct tevent_context *ev = NULL;
NTSTATUS status;
*_c = NULL;
return NT_STATUS_NO_MEMORY;
}
- ev = samba_tevent_context_init(c);
- if (ev == NULL) {
- TALLOC_FREE(c);
- return NT_STATUS_NO_MEMORY;
- }
-
- status = create_conn_struct(c,
- ev,
- msg,
- &c->conn,
- snum,
- path,
- session_info);
+ become_root();
+ status = create_conn_struct_as_root(c,
+ msg,
+ &c->conn,
+ snum,
+ path,
+ session_info);
+ unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(c);
return status;
}
- talloc_steal(c, c->conn);
talloc_set_destructor(c, conn_struct_tos_destructor);
return NT_STATUS_OK;
}
- status = create_conn_struct_tos_cwd(server_messaging_context(),
+ status = create_conn_struct_tos_cwd(global_messaging_context(),
snum,
lp_path(frame, snum),
NULL,
if(snum < 0) {
return False;
}
- status = create_conn_struct_tos_cwd(server_messaging_context(),
+ status = create_conn_struct_tos_cwd(global_messaging_context(),
snum,
lp_path(talloc_tos(), snum),
NULL,
* Fake up a connection struct for the VFS layer.
*/
- status = create_conn_struct_tos_cwd(server_messaging_context(),
+ status = create_conn_struct_tos_cwd(global_messaging_context(),
snum,
connect_path,
NULL,
* Fake up a connection struct for the VFS layer.
*/
- status = create_conn_struct_tos_cwd(server_messaging_context(),
+ status = create_conn_struct_tos_cwd(global_messaging_context(),
snum,
connect_path,
NULL,