4 Unix SMB/Netbios implementation.
6 service (connection) opening and closing
7 Copyright (C) Andrew Tridgell 1992-1998
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 extern int DEBUGLEVEL;
28 extern struct timeval smb_last_time;
29 extern int case_default;
30 extern BOOL case_preserve;
31 extern BOOL short_case_preserve;
32 extern BOOL case_mangle;
33 extern BOOL case_sensitive;
34 extern BOOL use_mangled_map;
35 extern fstring remote_machine;
36 extern userdom_struct current_user_info;
37 extern fstring remote_machine;
40 /****************************************************************************
41 load parameters specific to a connection/service
42 ****************************************************************************/
43 BOOL become_service(connection_struct *conn,BOOL do_chdir)
45 extern char magic_char;
46 static connection_struct *last_conn;
54 conn->lastused = smb_last_time.tv_sec;
59 vfs_ChDir(conn,conn->connectpath) != 0 &&
60 vfs_ChDir(conn,conn->origpath) != 0) {
61 DEBUG(0,("chdir (%s) failed\n",
66 if (conn == last_conn)
71 case_default = lp_defaultcase(snum);
72 case_preserve = lp_preservecase(snum);
73 short_case_preserve = lp_shortpreservecase(snum);
74 case_mangle = lp_casemangle(snum);
75 case_sensitive = lp_casesensitive(snum);
76 magic_char = lp_magicchar(snum);
77 use_mangled_map = (*lp_mangled_map(snum) ? True:False);
82 /****************************************************************************
83 find a service entry. service is always in dos codepage
84 ****************************************************************************/
85 int find_service(char *service)
89 all_string_sub(service,"\\","/",0);
91 iService = lp_servicenumber(service);
93 /* now handle the special case of a home directory */
96 char *phome_dir = get_user_home_dir(service);
101 * Try mapping the servicename, it may
102 * be a Windows to unix mapped user name.
104 if(map_username(service))
105 phome_dir = get_user_home_dir(service);
108 DEBUG(3,("checking for home directory %s gave %s\n",service,
109 phome_dir?phome_dir:"(NULL)"));
114 if ((iHomeService = lp_servicenumber(HOMES_NAME)) >= 0)
117 * If this is a winbindd provided username, remove
118 * the domain component before adding the service.
119 * Log a warning if the "path=" parameter does not
120 * include any macros.
126 fstrcpy(new_service, service);
128 if ((usr_p = strchr(service,*lp_winbind_separator())) != NULL)
129 fstrcpy(new_service, usr_p+1);
131 lp_add_home(new_service,iHomeService,phome_dir);
132 iService = lp_servicenumber(new_service);
134 if (usr_p && (strchr(lp_pathname(iService),'%') == NULL))
135 DEBUG(0,("find_service: Service %s added for user %s - contains non-local (Domain) user \
136 with non parameterised path (%s). This may be cause the wrong directory to be seen.\n",
137 new_service, service, lp_pathname(iService) ));
142 /* If we still don't have a service, attempt to add it as a printer. */
147 if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0)
151 DEBUG(3,("checking whether %s is a valid printer name...\n", service));
153 if ((pszTemp != NULL) && pcap_printername_ok(service, pszTemp))
155 DEBUG(3,("%s is a valid printer name\n", service));
156 DEBUG(3,("adding %s as a printer service\n", service));
157 lp_add_printer(service,iPrinterService);
158 iService = lp_servicenumber(service);
160 DEBUG(0,("failed to add %s as a printer service!\n", service));
163 DEBUG(3,("%s is not a valid printer name\n", service));
167 /* Check for default vfs service? Unsure whether to implement this */
172 /* just possibly it's a default service? */
175 char *pdefservice = lp_defaultservice();
176 if (pdefservice && *pdefservice &&
177 !strequal(pdefservice,service) &&
178 !strstr(service,".."))
181 * We need to do a local copy here as lp_defaultservice()
182 * returns one of the rotating lp_string buffers that
183 * could get overwritten by the recursive find_service() call
184 * below. Fix from Josef Hinteregger <joehtg@joehtg.co.at>.
187 pstrcpy(defservice, pdefservice);
188 iService = find_service(defservice);
191 all_string_sub(service,"_","/",0);
192 iService = lp_add_service(service,iService);
198 if (!VALID_SNUM(iService))
200 DEBUG(0,("Invalid snum %d for %s\n",iService,service));
205 DEBUG(3,("find_service() failed to find service %s\n", service));
211 /****************************************************************************
212 make a connection to a service
213 ****************************************************************************/
214 connection_struct *make_connection(char *service,char *user,char *password, int pwlen, char *dev,uint16 vuid, int *ecode)
217 struct passwd *pass = NULL;
220 connection_struct *conn;
225 snum = find_service(service);
227 if (strequal(service,"IPC$")) {
228 DEBUG(3,("refusing IPC connection\n"));
233 DEBUG(0,("%s (%s) couldn't find service %s\n",
234 remote_machine, client_addr(), service));
235 *ecode = ERRnosuchshare;
239 if (strequal(service,HOMES_NAME)) {
240 if (*user && Get_Pwnam(user,True)) {
241 fstring dos_username;
242 fstrcpy(dos_username, user);
243 unix_to_dos(dos_username, True);
244 return(make_connection(dos_username,user,password,
245 pwlen,dev,vuid,ecode));
248 if(lp_security() != SEC_SHARE) {
249 if (validated_username(vuid)) {
250 fstring dos_username;
251 fstrcpy(user,validated_username(vuid));
252 fstrcpy(dos_username, user);
253 unix_to_dos(dos_username, True);
254 return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode));
257 /* Security = share. Try with current_user_info.smb_name
258 * as the username. */
259 if(*current_user_info.smb_name) {
260 fstring dos_username;
261 fstrcpy(user,current_user_info.smb_name);
262 fstrcpy(dos_username, user);
263 unix_to_dos(dos_username, True);
264 return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode));
269 if (!lp_snum_ok(snum) ||
270 !check_access(smbd_server_fd(),
271 lp_hostsallow(snum), lp_hostsdeny(snum))) {
276 /* you can only connect to the IPC$ service as an ipc device */
277 if (strequal(service,"IPC$"))
280 if (*dev == '?' || !*dev) {
281 if (lp_print_ok(snum)) {
282 pstrcpy(dev,"LPT1:");
288 /* if the request is as a printer and you can't print then refuse */
290 if (!lp_print_ok(snum) && (strncmp(dev,"LPT",3) == 0)) {
291 DEBUG(1,("Attempt to connect to non-printer as a printer\n"));
292 *ecode = ERRinvdevice;
296 /* Behave as a printer if we are supposed to */
297 if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) {
298 pstrcpy(dev, "LPT1:");
301 /* lowercase the user name */
304 /* add it as a possible user name if we
305 are in share mode security */
306 if (lp_security() == SEC_SHARE) {
307 add_session_user(service);
310 /* shall we let them in? */
311 if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) {
312 DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) );
319 DEBUG(0,("Couldn't find free connection.\n"));
320 *ecode = ERRnoresource;
325 /* find out some info about the user */
326 pass = smb_getpwnam(user,True);
329 DEBUG(0,( "Couldn't find account %s\n",user));
335 conn->read_only = lp_readonly(snum);
339 StrnCpy(list,lp_readlist(snum),sizeof(pstring)-1);
340 pstring_sub(list,"%S",service);
342 if (user_in_list(user,list))
343 conn->read_only = True;
345 StrnCpy(list,lp_writelist(snum),sizeof(pstring)-1);
346 pstring_sub(list,"%S",service);
348 if (user_in_list(user,list))
349 conn->read_only = False;
352 /* admin user check */
354 /* JRA - original code denied admin user if the share was
355 marked read_only. Changed as I don't think this is needed,
356 but old code left in case there is a problem here.
358 if (user_in_list(user,lp_admin_users(snum))
363 conn->admin_user = True;
364 DEBUG(0,("%s logged in as admin user (root privileges)\n",user));
366 conn->admin_user = False;
369 conn->force_user = force;
371 conn->uid = pass->pw_uid;
372 conn->gid = pass->pw_gid;
373 safe_strcpy(conn->client_address, client_addr(), sizeof(conn->client_address)-1);
374 conn->num_files_open = 0;
375 conn->lastused = time(NULL);
376 conn->service = snum;
378 conn->printer = (strncmp(dev,"LPT",3) == 0);
379 conn->ipc = (strncmp(dev,"IPC",3) == 0);
381 conn->veto_list = NULL;
382 conn->hide_list = NULL;
383 conn->veto_oplock_list = NULL;
384 string_set(&conn->dirpath,"");
385 string_set(&conn->user,user);
386 conn->nt_user_token = NULL;
389 * If force user is true, then store the
390 * given userid and also the primary groupid
391 * of the user we're forcing.
394 if (*lp_force_user(snum)) {
395 struct passwd *pass2;
397 pstrcpy(fuser,lp_force_user(snum));
399 /* Allow %S to be used by force user. */
400 pstring_sub(fuser,"%S",service);
402 pass2 = (struct passwd *)Get_Pwnam(fuser,True);
404 conn->uid = pass2->pw_uid;
405 conn->gid = pass2->pw_gid;
406 string_set(&conn->user,fuser);
408 conn->force_user = True;
409 DEBUG(3,("Forced user %s\n",fuser));
411 DEBUG(1,("Couldn't find user %s\n",fuser));
415 /* admin users always run as uid=0 */
416 if (conn->admin_user) {
422 * If force group is true, then override
423 * any groupid stored for the connecting user.
426 if (*lp_force_group(snum)) {
430 BOOL user_must_be_member = False;
432 StrnCpy(tmp_gname,lp_force_group(snum),sizeof(pstring)-1);
434 if (tmp_gname[0] == '+') {
435 user_must_be_member = True;
436 StrnCpy(gname,&tmp_gname[1],sizeof(pstring)-2);
438 StrnCpy(gname,tmp_gname,sizeof(pstring)-1);
440 /* default service may be a group name */
441 pstring_sub(gname,"%S",service);
442 gid = nametogid(gname);
444 if (gid != (gid_t)-1) {
446 * If the user has been forced and the forced group starts
447 * with a '+', then we only set the group to be the forced
448 * group if the forced user is a member of that group.
449 * Otherwise, the meaning of the '+' would be ignored.
451 if (conn->force_user && user_must_be_member) {
452 if (user_in_group_list( user, gname )) {
454 DEBUG(3,("Forced group %s for member %s\n",gname,user));
458 DEBUG(3,("Forced group %s\n",gname));
461 DEBUG(1,("Couldn't find group %s\n",gname));
464 #endif /* HAVE_GETGRNAM */
468 pstrcpy(s,lp_pathname(snum));
469 standard_sub_conn(conn,s);
470 string_set(&conn->connectpath,s);
471 DEBUG(3,("Connect path is %s\n",s));
474 /* groups stuff added by ih */
478 /* Find all the groups this uid is in and
479 store them. Used by become_user() */
480 initialise_groups(conn->user, conn->uid, conn->gid);
481 get_current_groups(&conn->ngroups,&conn->groups);
483 /* check number of connections */
484 if (!claim_connection(conn,
485 lp_servicename(SNUM(conn)),
486 lp_max_connections(SNUM(conn)),
488 DEBUG(1,("too many connections - rejected\n"));
489 *ecode = ERRnoresource;
494 conn->nt_user_token = create_nt_token(conn->uid, conn->gid,
495 conn->ngroups, conn->groups,
498 /* Initialise VFS function pointers */
500 if (*lp_vfsobj(SNUM(conn))) {
504 /* Loadable object file */
506 if (!vfs_init_custom(conn)) {
507 DEBUG(0, ("vfs_init failed\n"));
512 DEBUG(0, ("No libdl present - cannot use VFS objects\n"));
519 /* Normal share - initialise with disk access functions */
521 vfs_init_default(conn);
524 /* execute any "root preexec = " line */
525 if (*lp_rootpreexec(SNUM(conn))) {
527 pstrcpy(cmd,lp_rootpreexec(SNUM(conn)));
528 standard_sub_conn(conn,cmd);
529 DEBUG(5,("cmd=%s\n",cmd));
530 ret = smbrun(cmd,NULL,False);
531 if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) {
532 DEBUG(1,("preexec gave %d - failing connection\n", ret));
534 *ecode = ERRsrverror;
539 if (!become_user(conn, conn->vuid)) {
540 DEBUG(0,("Can't become connected user!\n"));
541 yield_connection(conn,
542 lp_servicename(SNUM(conn)),
543 lp_max_connections(SNUM(conn)));
549 if (vfs_ChDir(conn,conn->connectpath) != 0) {
550 DEBUG(0,("Can't change directory to %s (%s)\n",
551 conn->connectpath,strerror(errno)));
553 yield_connection(conn,
554 lp_servicename(SNUM(conn)),
555 lp_max_connections(SNUM(conn)));
557 *ecode = ERRnosuchshare;
561 string_set(&conn->origpath,conn->connectpath);
563 #if SOFTLINK_OPTIMISATION
564 /* resolve any soft links early */
567 pstrcpy(s,conn->connectpath);
569 string_set(&conn->connectpath,s);
570 vfs_ChDir(conn,conn->connectpath);
574 add_session_user(user);
576 /* execute any "preexec = " line */
577 if (*lp_preexec(SNUM(conn))) {
579 pstrcpy(cmd,lp_preexec(SNUM(conn)));
580 standard_sub_conn(conn,cmd);
581 ret = smbrun(cmd,NULL,False);
582 if (ret != 0 && lp_preexec_close(SNUM(conn))) {
583 DEBUG(1,("preexec gave %d - failing connection\n", ret));
585 *ecode = ERRsrverror;
591 * Print out the 'connected as' stuff here as we need
592 * to know the effective uid and gid we will be using.
595 if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) {
596 dbgtext( "%s (%s) ", remote_machine, conn->client_address );
597 dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) );
598 dbgtext( "as user %s ", user );
599 dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() );
600 dbgtext( "(pid %d)\n", (int)sys_getpid() );
603 /* we've finished with the sensitive stuff */
606 /* Add veto/hide lists */
607 if (!IS_IPC(conn) && !IS_PRINT(conn)) {
608 set_namearray( &conn->veto_list, lp_veto_files(SNUM(conn)));
609 set_namearray( &conn->hide_list, lp_hide_files(SNUM(conn)));
610 set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(SNUM(conn)));
613 /* Invoke VFS make connection hook */
615 if (conn->vfs_ops.connect) {
616 if (conn->vfs_ops.connect(conn, service, user) < 0)
624 /****************************************************************************
626 ****************************************************************************/
627 void close_cnum(connection_struct *conn, uint16 vuid)
629 DirCacheFlush(SNUM(conn));
633 DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n",
634 remote_machine,conn->client_address,
635 lp_servicename(SNUM(conn))));
637 if (conn->vfs_ops.disconnect != NULL) {
639 /* Call VFS disconnect hook */
641 conn->vfs_ops.disconnect(conn);
645 yield_connection(conn,
646 lp_servicename(SNUM(conn)),
647 lp_max_connections(SNUM(conn)));
649 file_close_conn(conn);
650 dptr_closecnum(conn);
652 /* execute any "postexec = " line */
653 if (*lp_postexec(SNUM(conn)) &&
654 become_user(conn, vuid)) {
656 pstrcpy(cmd,lp_postexec(SNUM(conn)));
657 standard_sub_conn(conn,cmd);
658 smbrun(cmd,NULL,False);
663 /* execute any "root postexec = " line */
664 if (*lp_rootpostexec(SNUM(conn))) {
666 pstrcpy(cmd,lp_rootpostexec(SNUM(conn)));
667 standard_sub_conn(conn,cmd);
668 smbrun(cmd,NULL,False);