4bc5ca1a5cfd60e93d4368af648a006c8d9518d1
[ira/wip.git] / source3 / smbd / service.c
1 /* 
2    Unix SMB/CIFS implementation.
3    service (connection) opening and closing
4    Copyright (C) Andrew Tridgell 1992-1998
5    
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10    
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15    
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "smbd/globals.h"
22
23 extern userdom_struct current_user_info;
24
25 static bool canonicalize_connect_path(connection_struct *conn)
26 {
27 #ifdef REALPATH_TAKES_NULL
28         bool ret;
29         char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath,NULL);
30         if (!resolved_name) {
31                 return false;
32         }
33         ret = set_conn_connectpath(conn,resolved_name);
34         SAFE_FREE(resolved_name);
35         return ret;
36 #else
37         char resolved_name_buf[PATH_MAX+1];
38         char *resolved_name = SMB_VFS_REALPATH(conn,conn->connectpath,resolved_name_buf);
39         if (!resolved_name) {
40                 return false;
41         }
42         return set_conn_connectpath(conn,resolved_name);
43 #endif /* REALPATH_TAKES_NULL */
44 }
45
46 /****************************************************************************
47  Ensure when setting connectpath it is a canonicalized (no ./ // or ../)
48  absolute path stating in / and not ending in /.
49  Observent people will notice a similarity between this and check_path_syntax :-).
50 ****************************************************************************/
51
52 bool set_conn_connectpath(connection_struct *conn, const char *connectpath)
53 {
54         char *destname;
55         char *d;
56         const char *s = connectpath;
57         bool start_of_name_component = true;
58
59         if (connectpath == NULL || connectpath[0] == '\0') {
60                 return false;
61         }
62
63         /* Allocate for strlen + '\0' + possible leading '/' */
64         destname = (char *)SMB_MALLOC(strlen(connectpath) + 2);
65         if (!destname) {
66                 return false;
67         }
68         d = destname;
69
70         *d++ = '/'; /* Always start with root. */
71
72         while (*s) {
73                 if (*s == '/') {
74                         /* Eat multiple '/' */
75                         while (*s == '/') {
76                                 s++;
77                         }
78                         if ((d > destname + 1) && (*s != '\0')) {
79                                 *d++ = '/';
80                         }
81                         start_of_name_component = True;
82                         continue;
83                 }
84
85                 if (start_of_name_component) {
86                         if ((s[0] == '.') && (s[1] == '.') && (s[2] == '/' || s[2] == '\0')) {
87                                 /* Uh oh - "/../" or "/..\0" ! */
88
89                                 /* Go past the ../ or .. */
90                                 if (s[2] == '/') {
91                                         s += 3;
92                                 } else {
93                                         s += 2; /* Go past the .. */
94                                 }
95
96                                 /* If  we just added a '/' - delete it */
97                                 if ((d > destname) && (*(d-1) == '/')) {
98                                         *(d-1) = '\0';
99                                         d--;
100                                 }
101
102                                 /* Are we at the start ? Can't go back further if so. */
103                                 if (d <= destname) {
104                                         *d++ = '/'; /* Can't delete root */
105                                         continue;
106                                 }
107                                 /* Go back one level... */
108                                 /* Decrement d first as d points to the *next* char to write into. */
109                                 for (d--; d > destname; d--) {
110                                         if (*d == '/') {
111                                                 break;
112                                         }
113                                 }
114                                 /* We're still at the start of a name component, just the previous one. */
115                                 continue;
116                         } else if ((s[0] == '.') && ((s[1] == '\0') || s[1] == '/')) {
117                                 /* Component of pathname can't be "." only - skip the '.' . */
118                                 if (s[1] == '/') {
119                                         s += 2;
120                                 } else {
121                                         s++;
122                                 }
123                                 continue;
124                         }
125                 }
126
127                 if (!(*s & 0x80)) {
128                         *d++ = *s++;
129                 } else {
130                         size_t siz;
131                         /* Get the size of the next MB character. */
132                         next_codepoint(s,&siz);
133                         switch(siz) {
134                                 case 5:
135                                         *d++ = *s++;
136                                         /*fall through*/
137                                 case 4:
138                                         *d++ = *s++;
139                                         /*fall through*/
140                                 case 3:
141                                         *d++ = *s++;
142                                         /*fall through*/
143                                 case 2:
144                                         *d++ = *s++;
145                                         /*fall through*/
146                                 case 1:
147                                         *d++ = *s++;
148                                         break;
149                                 default:
150                                         break;
151                         }
152                 }
153                 start_of_name_component = false;
154         }
155         *d = '\0';
156
157         /* And must not end in '/' */
158         if (d > destname + 1 && (*(d-1) == '/')) {
159                 *(d-1) = '\0';
160         }
161
162         DEBUG(10,("set_conn_connectpath: service %s, connectpath = %s\n",
163                 lp_servicename(SNUM(conn)), destname ));
164
165         string_set(&conn->connectpath, destname);
166         SAFE_FREE(destname);
167         return true;
168 }
169
170 /****************************************************************************
171  Load parameters specific to a connection/service.
172 ****************************************************************************/
173
174 bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir)
175 {
176         int snum;
177
178         if (!conn)  {
179                 last_conn = NULL;
180                 return(False);
181         }
182
183         conn->lastused_count++;
184
185         snum = SNUM(conn);
186   
187         if (do_chdir &&
188             vfs_ChDir(conn,conn->connectpath) != 0 &&
189             vfs_ChDir(conn,conn->origpath) != 0) {
190                 DEBUG(((errno!=EACCES)?0:3),("chdir (%s) failed, reason: %s\n",
191                          conn->connectpath, strerror(errno)));
192                 return(False);
193         }
194
195         if ((conn == last_conn) && (last_flags == flags)) {
196                 return(True);
197         }
198
199         last_conn = conn;
200         last_flags = flags;
201         
202         /* Obey the client case sensitivity requests - only for clients that support it. */
203         switch (lp_casesensitive(snum)) {
204                 case Auto:
205                         {
206                                 /* We need this uglyness due to DOS/Win9x clients that lie about case insensitivity. */
207                                 enum remote_arch_types ra_type = get_remote_arch();
208                                 if ((ra_type != RA_SAMBA) && (ra_type != RA_CIFSFS)) {
209                                         /* Client can't support per-packet case sensitive pathnames. */
210                                         conn->case_sensitive = False;
211                                 } else {
212                                         conn->case_sensitive = !(flags & FLAG_CASELESS_PATHNAMES);
213                                 }
214                         }
215                         break;
216                 case True:
217                         conn->case_sensitive = True;
218                         break;
219                 default:
220                         conn->case_sensitive = False;
221                         break;
222         }
223         return(True);
224 }
225
226 static int load_registry_service(const char *servicename)
227 {
228         if (!lp_registry_shares()) {
229                 return -1;
230         }
231
232         if ((servicename == NULL) || (*servicename == '\0')) {
233                 return -1;
234         }
235
236         if (strequal(servicename, GLOBAL_NAME)) {
237                 return -2;
238         }
239
240         if (!process_registry_service(servicename)) {
241                 return -1;
242         }
243
244         return lp_servicenumber(servicename);
245 }
246
247 void load_registry_shares(void)
248 {
249         DEBUG(8, ("load_registry_shares()\n"));
250         if (!lp_registry_shares()) {
251                 return;
252         }
253
254         process_registry_shares();
255
256         return;
257 }
258
259 /****************************************************************************
260  Add a home service. Returns the new service number or -1 if fail.
261 ****************************************************************************/
262
263 int add_home_service(const char *service, const char *username, const char *homedir)
264 {
265         int iHomeService;
266
267         if (!service || !homedir || homedir[0] == '\0')
268                 return -1;
269
270         if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) {
271                 if ((iHomeService = load_registry_service(HOMES_NAME)) < 0) {
272                         return -1;
273                 }
274         }
275
276         /*
277          * If this is a winbindd provided username, remove
278          * the domain component before adding the service.
279          * Log a warning if the "path=" parameter does not
280          * include any macros.
281          */
282
283         {
284                 const char *p = strchr(service,*lp_winbind_separator());
285
286                 /* We only want the 'user' part of the string */
287                 if (p) {
288                         service = p + 1;
289                 }
290         }
291
292         if (!lp_add_home(service, iHomeService, username, homedir)) {
293                 return -1;
294         }
295         
296         return lp_servicenumber(service);
297
298 }
299
300 /**
301  * Find a service entry.
302  *
303  * @param service is modified (to canonical form??)
304  **/
305
306 int find_service(fstring service)
307 {
308         int iService;
309         struct smbd_server_connection *sconn = smbd_server_conn;
310
311         all_string_sub(service,"\\","/",0);
312
313         iService = lp_servicenumber(service);
314
315         /* now handle the special case of a home directory */
316         if (iService < 0) {
317                 char *phome_dir = get_user_home_dir(talloc_tos(), service);
318
319                 if(!phome_dir) {
320                         /*
321                          * Try mapping the servicename, it may
322                          * be a Windows to unix mapped user name.
323                          */
324                         if(map_username(sconn, service))
325                                 phome_dir = get_user_home_dir(
326                                         talloc_tos(), service);
327                 }
328
329                 DEBUG(3,("checking for home directory %s gave %s\n",service,
330                         phome_dir?phome_dir:"(NULL)"));
331
332                 iService = add_home_service(service,service /* 'username' */, phome_dir);
333         }
334
335         /* If we still don't have a service, attempt to add it as a printer. */
336         if (iService < 0) {
337                 int iPrinterService;
338
339                 if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) < 0) {
340                         iPrinterService = load_registry_service(PRINTERS_NAME);
341                 }
342                 if (iPrinterService) {
343                         DEBUG(3,("checking whether %s is a valid printer name...\n", service));
344                         if (pcap_printername_ok(service)) {
345                                 DEBUG(3,("%s is a valid printer name\n", service));
346                                 DEBUG(3,("adding %s as a printer service\n", service));
347                                 lp_add_printer(service, iPrinterService);
348                                 iService = lp_servicenumber(service);
349                                 if (iService < 0) {
350                                         DEBUG(0,("failed to add %s as a printer service!\n", service));
351                                 }
352                         } else {
353                                 DEBUG(3,("%s is not a valid printer name\n", service));
354                         }
355                 }
356         }
357
358         /* Check for default vfs service?  Unsure whether to implement this */
359         if (iService < 0) {
360         }
361
362         if (iService < 0) {
363                 iService = load_registry_service(service);
364         }
365
366         /* Is it a usershare service ? */
367         if (iService < 0 && *lp_usershare_path()) {
368                 /* Ensure the name is canonicalized. */
369                 strlower_m(service);
370                 iService = load_usershare_service(service);
371         }
372
373         /* just possibly it's a default service? */
374         if (iService < 0) {
375                 char *pdefservice = lp_defaultservice();
376                 if (pdefservice && *pdefservice && !strequal(pdefservice,service) && !strstr_m(service,"..")) {
377                         /*
378                          * We need to do a local copy here as lp_defaultservice() 
379                          * returns one of the rotating lp_string buffers that
380                          * could get overwritten by the recursive find_service() call
381                          * below. Fix from Josef Hinteregger <joehtg@joehtg.co.at>.
382                          */
383                         char *defservice = SMB_STRDUP(pdefservice);
384
385                         if (!defservice) {
386                                 goto fail;
387                         }
388
389                         /* Disallow anything except explicit share names. */
390                         if (strequal(defservice,HOMES_NAME) ||
391                                         strequal(defservice, PRINTERS_NAME) ||
392                                         strequal(defservice, "IPC$")) {
393                                 SAFE_FREE(defservice);
394                                 goto fail;
395                         }
396
397                         iService = find_service(defservice);
398                         if (iService >= 0) {
399                                 all_string_sub(service, "_","/",0);
400                                 iService = lp_add_service(service, iService);
401                         }
402                         SAFE_FREE(defservice);
403                 }
404         }
405
406         if (iService >= 0) {
407                 if (!VALID_SNUM(iService)) {
408                         DEBUG(0,("Invalid snum %d for %s\n",iService, service));
409                         iService = -1;
410                 }
411         }
412
413   fail:
414
415         if (iService < 0)
416                 DEBUG(3,("find_service() failed to find service %s\n", service));
417
418         return (iService);
419 }
420
421
422 /****************************************************************************
423  do some basic sainity checks on the share.  
424  This function modifies dev, ecode.
425 ****************************************************************************/
426
427 static NTSTATUS share_sanity_checks(int snum, fstring dev) 
428 {
429         
430         if (!lp_snum_ok(snum) || 
431             !check_access(smbd_server_fd(), 
432                           lp_hostsallow(snum), lp_hostsdeny(snum))) {    
433                 return NT_STATUS_ACCESS_DENIED;
434         }
435
436         if (dev[0] == '?' || !dev[0]) {
437                 if (lp_print_ok(snum)) {
438                         fstrcpy(dev,"LPT1:");
439                 } else if (strequal(lp_fstype(snum), "IPC")) {
440                         fstrcpy(dev, "IPC");
441                 } else {
442                         fstrcpy(dev,"A:");
443                 }
444         }
445
446         strupper_m(dev);
447
448         if (lp_print_ok(snum)) {
449                 if (!strequal(dev, "LPT1:")) {
450                         return NT_STATUS_BAD_DEVICE_TYPE;
451                 }
452         } else if (strequal(lp_fstype(snum), "IPC")) {
453                 if (!strequal(dev, "IPC")) {
454                         return NT_STATUS_BAD_DEVICE_TYPE;
455                 }
456         } else if (!strequal(dev, "A:")) {
457                 return NT_STATUS_BAD_DEVICE_TYPE;
458         }
459
460         /* Behave as a printer if we are supposed to */
461         if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) {
462                 fstrcpy(dev, "LPT1:");
463         }
464
465         return NT_STATUS_OK;
466 }
467
468 /*
469  * Go through lookup_name etc to find the force'd group.  
470  *
471  * Create a new token from src_token, replacing the primary group sid with the
472  * one found.
473  */
474
475 static NTSTATUS find_forced_group(bool force_user,
476                                   int snum, const char *username,
477                                   DOM_SID *pgroup_sid,
478                                   gid_t *pgid)
479 {
480         NTSTATUS result = NT_STATUS_NO_SUCH_GROUP;
481         TALLOC_CTX *frame = talloc_stackframe();
482         DOM_SID group_sid;
483         enum lsa_SidType type;
484         char *groupname;
485         bool user_must_be_member = False;
486         gid_t gid;
487
488         groupname = talloc_strdup(talloc_tos(), lp_force_group(snum));
489         if (groupname == NULL) {
490                 DEBUG(1, ("talloc_strdup failed\n"));
491                 result = NT_STATUS_NO_MEMORY;
492                 goto done;
493         }
494
495         if (groupname[0] == '+') {
496                 user_must_be_member = True;
497                 groupname += 1;
498         }
499
500         groupname = talloc_string_sub(talloc_tos(), groupname,
501                                       "%S", lp_servicename(snum));
502         if (groupname == NULL) {
503                 DEBUG(1, ("talloc_string_sub failed\n"));
504                 result = NT_STATUS_NO_MEMORY;
505                 goto done;
506         }
507
508         if (!lookup_name_smbconf(talloc_tos(), groupname,
509                          LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
510                          NULL, NULL, &group_sid, &type)) {
511                 DEBUG(10, ("lookup_name_smbconf(%s) failed\n",
512                            groupname));
513                 goto done;
514         }
515
516         if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
517             (type != SID_NAME_WKN_GRP)) {
518                 DEBUG(10, ("%s is a %s, not a group\n", groupname,
519                            sid_type_lookup(type)));
520                 goto done;
521         }
522
523         if (!sid_to_gid(&group_sid, &gid)) {
524                 DEBUG(10, ("sid_to_gid(%s) for %s failed\n",
525                            sid_string_dbg(&group_sid), groupname));
526                 goto done;
527         }
528
529         /*
530          * If the user has been forced and the forced group starts with a '+',
531          * then we only set the group to be the forced group if the forced
532          * user is a member of that group.  Otherwise, the meaning of the '+'
533          * would be ignored.
534          */
535
536         if (force_user && user_must_be_member) {
537                 if (user_in_group_sid(username, &group_sid)) {
538                         sid_copy(pgroup_sid, &group_sid);
539                         *pgid = gid;
540                         DEBUG(3,("Forced group %s for member %s\n",
541                                  groupname, username));
542                 } else {
543                         DEBUG(0,("find_forced_group: forced user %s is not a member "
544                                 "of forced group %s. Disallowing access.\n",
545                                 username, groupname ));
546                         result = NT_STATUS_MEMBER_NOT_IN_GROUP;
547                         goto done;
548                 }
549         } else {
550                 sid_copy(pgroup_sid, &group_sid);
551                 *pgid = gid;
552                 DEBUG(3,("Forced group %s\n", groupname));
553         }
554
555         result = NT_STATUS_OK;
556  done:
557         TALLOC_FREE(frame);
558         return result;
559 }
560
561 /****************************************************************************
562   Create an auth_serversupplied_info structure for a connection_struct
563 ****************************************************************************/
564
565 static NTSTATUS create_connection_server_info(struct smbd_server_connection *sconn,
566                                               TALLOC_CTX *mem_ctx, int snum,
567                                               struct auth_serversupplied_info *vuid_serverinfo,
568                                               DATA_BLOB password,
569                                               struct auth_serversupplied_info **presult)
570 {
571         if (lp_guest_only(snum)) {
572                 return make_server_info_guest(mem_ctx, presult);
573         }
574
575         if (vuid_serverinfo != NULL) {
576
577                 struct auth_serversupplied_info *result;
578
579                 /*
580                  * This is the normal security != share case where we have a
581                  * valid vuid from the session setup.                 */
582
583                 if (vuid_serverinfo->guest) {
584                         if (!lp_guest_ok(snum)) {
585                                 DEBUG(2, ("guest user (from session setup) "
586                                           "not permitted to access this share "
587                                           "(%s)\n", lp_servicename(snum)));
588                                 return NT_STATUS_ACCESS_DENIED;
589                         }
590                 } else {
591                         if (!user_ok_token(vuid_serverinfo->unix_name,
592                                            pdb_get_domain(vuid_serverinfo->sam_account),
593                                            vuid_serverinfo->ptok, snum)) {
594                                 DEBUG(2, ("user '%s' (from session setup) not "
595                                           "permitted to access this share "
596                                           "(%s)\n",
597                                           vuid_serverinfo->unix_name,
598                                           lp_servicename(snum)));
599                                 return NT_STATUS_ACCESS_DENIED;
600                         }
601                 }
602
603                 result = copy_serverinfo(mem_ctx, vuid_serverinfo);
604                 if (result == NULL) {
605                         return NT_STATUS_NO_MEMORY;
606                 }
607
608                 *presult = result;
609                 return NT_STATUS_OK;
610         }
611
612         if (lp_security() == SEC_SHARE) {
613
614                 fstring user;
615                 bool guest;
616
617                 /* add the sharename as a possible user name if we
618                    are in share mode security */
619
620                 add_session_user(sconn, lp_servicename(snum));
621
622                 /* shall we let them in? */
623
624                 if (!authorise_login(sconn, snum,user,password,&guest)) {
625                         DEBUG( 2, ( "Invalid username/password for [%s]\n",
626                                     lp_servicename(snum)) );
627                         return NT_STATUS_WRONG_PASSWORD;
628                 }
629
630                 return make_serverinfo_from_username(mem_ctx, user, guest,
631                                                      presult);
632         }
633
634         DEBUG(0, ("invalid VUID (vuser) but not in security=share\n"));
635         return NT_STATUS_ACCESS_DENIED;
636 }
637
638
639 /****************************************************************************
640   Make a connection, given the snum to connect to, and the vuser of the
641   connecting user if appropriate.
642 ****************************************************************************/
643
644 connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
645                                         int snum, user_struct *vuser,
646                                         DATA_BLOB password,
647                                         const char *pdev,
648                                         NTSTATUS *pstatus)
649 {
650         connection_struct *conn = NULL;
651         struct smb_filename *smb_fname_cpath = NULL;
652         fstring dev;
653         int ret;
654         char addr[INET6_ADDRSTRLEN];
655         bool on_err_call_dis_hook = false;
656         bool claimed_connection = false;
657         uid_t effuid;
658         gid_t effgid;
659         NTSTATUS status;
660
661         fstrcpy(dev, pdev);
662
663         if (NT_STATUS_IS_ERR(*pstatus = share_sanity_checks(snum, dev))) {
664                 goto err_root_exit;
665         }
666
667         conn = conn_new(sconn);
668         if (!conn) {
669                 DEBUG(0,("Couldn't find free connection.\n"));
670                 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES;
671                 goto err_root_exit;
672         }
673
674         conn->params->service = snum;
675
676         status = create_connection_server_info(sconn,
677                 conn, snum, vuser ? vuser->server_info : NULL, password,
678                 &conn->server_info);
679
680         if (!NT_STATUS_IS_OK(status)) {
681                 DEBUG(1, ("create_connection_server_info failed: %s\n",
682                           nt_errstr(status)));
683                 *pstatus = status;
684                 goto err_root_exit;
685         }
686
687         if ((lp_guest_only(snum)) || (lp_security() == SEC_SHARE)) {
688                 conn->force_user = true;
689         }
690
691         add_session_user(sconn, conn->server_info->unix_name);
692
693         safe_strcpy(conn->client_address,
694                         client_addr(get_client_fd(),addr,sizeof(addr)), 
695                         sizeof(conn->client_address)-1);
696         conn->num_files_open = 0;
697         conn->lastused = conn->lastused_count = time(NULL);
698         conn->used = True;
699         conn->printer = (strncmp(dev,"LPT",3) == 0);
700         conn->ipc = ( (strncmp(dev,"IPC",3) == 0) ||
701                       ( lp_enable_asu_support() && strequal(dev,"ADMIN$")) );
702
703         /* Case options for the share. */
704         if (lp_casesensitive(snum) == Auto) {
705                 /* We will be setting this per packet. Set to be case
706                  * insensitive for now. */
707                 conn->case_sensitive = False;
708         } else {
709                 conn->case_sensitive = (bool)lp_casesensitive(snum);
710         }
711
712         conn->case_preserve = lp_preservecase(snum);
713         conn->short_case_preserve = lp_shortpreservecase(snum);
714
715         conn->encrypt_level = lp_smb_encrypt(snum);
716
717         conn->veto_list = NULL;
718         conn->hide_list = NULL;
719         conn->veto_oplock_list = NULL;
720         conn->aio_write_behind_list = NULL;
721
722         conn->read_only = lp_readonly(SNUM(conn));
723         conn->admin_user = False;
724
725         if (*lp_force_user(snum)) {
726
727                 /*
728                  * Replace conn->server_info with a completely faked up one
729                  * from the username we are forced into :-)
730                  */
731
732                 char *fuser;
733                 struct auth_serversupplied_info *forced_serverinfo;
734
735                 fuser = talloc_string_sub(conn, lp_force_user(snum), "%S",
736                                           lp_servicename(snum));
737                 if (fuser == NULL) {
738                         *pstatus = NT_STATUS_NO_MEMORY;
739                         goto err_root_exit;
740                 }
741
742                 status = make_serverinfo_from_username(
743                         conn, fuser, conn->server_info->guest,
744                         &forced_serverinfo);
745                 if (!NT_STATUS_IS_OK(status)) {
746                         *pstatus = status;
747                         goto err_root_exit;
748                 }
749
750                 TALLOC_FREE(conn->server_info);
751                 conn->server_info = forced_serverinfo;
752
753                 conn->force_user = True;
754                 DEBUG(3,("Forced user %s\n", fuser));
755         }
756
757         /*
758          * If force group is true, then override
759          * any groupid stored for the connecting user.
760          */
761
762         if (*lp_force_group(snum)) {
763
764                 status = find_forced_group(
765                         conn->force_user, snum, conn->server_info->unix_name,
766                         &conn->server_info->ptok->user_sids[1],
767                         &conn->server_info->utok.gid);
768
769                 if (!NT_STATUS_IS_OK(status)) {
770                         *pstatus = status;
771                         goto err_root_exit;
772                 }
773
774                 /*
775                  * We need to cache this gid, to use within
776                  * change_to_user() separately from the conn->server_info
777                  * struct. We only use conn->server_info directly if
778                  * "force_user" was set.
779                  */
780                 conn->force_group_gid = conn->server_info->utok.gid;
781         }
782
783         conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID;
784
785         {
786                 char *s = talloc_sub_advanced(talloc_tos(),
787                                         lp_servicename(SNUM(conn)),
788                                         conn->server_info->unix_name,
789                                         conn->connectpath,
790                                         conn->server_info->utok.gid,
791                                         conn->server_info->sanitized_username,
792                                         pdb_get_domain(conn->server_info->sam_account),
793                                         lp_pathname(snum));
794                 if (!s) {
795                         *pstatus = NT_STATUS_NO_MEMORY;
796                         goto err_root_exit;
797                 }
798
799                 if (!set_conn_connectpath(conn,s)) {
800                         TALLOC_FREE(s);
801                         *pstatus = NT_STATUS_NO_MEMORY;
802                         goto err_root_exit;
803                 }
804                 DEBUG(3,("Connect path is '%s' for service [%s]\n",s,
805                          lp_servicename(snum)));
806                 TALLOC_FREE(s);
807         }
808
809         /*
810          * New code to check if there's a share security descripter
811          * added from NT server manager. This is done after the
812          * smb.conf checks are done as we need a uid and token. JRA.
813          *
814          */
815
816         {
817                 bool can_write = False;
818
819                 can_write = share_access_check(conn->server_info->ptok,
820                                                lp_servicename(snum),
821                                                FILE_WRITE_DATA);
822
823                 if (!can_write) {
824                         if (!share_access_check(conn->server_info->ptok,
825                                                 lp_servicename(snum),
826                                                 FILE_READ_DATA)) {
827                                 /* No access, read or write. */
828                                 DEBUG(0,("make_connection: connection to %s "
829                                          "denied due to security "
830                                          "descriptor.\n",
831                                           lp_servicename(snum)));
832                                 *pstatus = NT_STATUS_ACCESS_DENIED;
833                                 goto err_root_exit;
834                         } else {
835                                 conn->read_only = True;
836                         }
837                 }
838         }
839         /* Initialise VFS function pointers */
840
841         if (!smbd_vfs_init(conn)) {
842                 DEBUG(0, ("vfs_init failed for service %s\n",
843                           lp_servicename(snum)));
844                 *pstatus = NT_STATUS_BAD_NETWORK_NAME;
845                 goto err_root_exit;
846         }
847
848 /* ROOT Activities: */
849         /* explicitly check widelinks here so that we can correctly warn
850          * in the logs. */
851         widelinks_warning(snum);
852
853         /*
854          * Enforce the max connections parameter.
855          */
856
857         if ((lp_max_connections(snum) > 0)
858             && (count_current_connections(lp_servicename(SNUM(conn)), True) >=
859                 lp_max_connections(snum))) {
860
861                 DEBUG(1, ("Max connections (%d) exceeded for %s\n",
862                           lp_max_connections(snum), lp_servicename(snum)));
863                 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES;
864                 goto err_root_exit;
865         }
866
867         /*
868          * Get us an entry in the connections db
869          */
870         if (!claim_connection(conn, lp_servicename(snum), 0)) {
871                 DEBUG(1, ("Could not store connections entry\n"));
872                 *pstatus = NT_STATUS_INTERNAL_DB_ERROR;
873                 goto err_root_exit;
874         }
875         claimed_connection = true;
876
877         /* Invoke VFS make connection hook - this must be the first
878            filesystem operation that we do. */
879
880         if (SMB_VFS_CONNECT(conn, lp_servicename(snum),
881                             conn->server_info->unix_name) < 0) {
882                 DEBUG(0,("make_connection: VFS make connection failed!\n"));
883                 *pstatus = NT_STATUS_UNSUCCESSFUL;
884                 goto err_root_exit;
885         }
886
887         /* Any error exit after here needs to call the disconnect hook. */
888         on_err_call_dis_hook = true;
889
890         if ((!conn->printer) && (!conn->ipc)) {
891                 conn->notify_ctx = notify_init(conn, server_id_self(),
892                                                smbd_messaging_context(),
893                                                smbd_event_context(),
894                                                conn);
895         }
896
897         /*
898          * Fix compatibility issue pointed out by Volker.
899          * We pass the conn->connectpath to the preexec
900          * scripts as a parameter, so attempt to canonicalize
901          * it here before calling the preexec scripts.
902          * We ignore errors here, as it is possible that
903          * the conn->connectpath doesn't exist yet and
904          * the preexec scripts will create them.
905          */
906
907         (void)canonicalize_connect_path(conn);
908
909         /* Preexecs are done here as they might make the dir we are to ChDir
910          * to below */
911         /* execute any "root preexec = " line */
912         if (*lp_rootpreexec(snum)) {
913                 char *cmd = talloc_sub_advanced(talloc_tos(),
914                                         lp_servicename(SNUM(conn)),
915                                         conn->server_info->unix_name,
916                                         conn->connectpath,
917                                         conn->server_info->utok.gid,
918                                         conn->server_info->sanitized_username,
919                                         pdb_get_domain(conn->server_info->sam_account),
920                                         lp_rootpreexec(snum));
921                 DEBUG(5,("cmd=%s\n",cmd));
922                 ret = smbrun(cmd,NULL);
923                 TALLOC_FREE(cmd);
924                 if (ret != 0 && lp_rootpreexec_close(snum)) {
925                         DEBUG(1,("root preexec gave %d - failing "
926                                  "connection\n", ret));
927                         *pstatus = NT_STATUS_ACCESS_DENIED;
928                         goto err_root_exit;
929                 }
930         }
931
932 /* USER Activites: */
933         if (!change_to_user(conn, conn->vuid)) {
934                 /* No point continuing if they fail the basic checks */
935                 DEBUG(0,("Can't become connected user!\n"));
936                 *pstatus = NT_STATUS_LOGON_FAILURE;
937                 goto err_root_exit;
938         }
939
940         effuid = geteuid();
941         effgid = getegid();
942
943         /* Remember that a different vuid can connect later without these
944          * checks... */
945
946         /* Preexecs are done here as they might make the dir we are to ChDir
947          * to below */
948
949         /* execute any "preexec = " line */
950         if (*lp_preexec(snum)) {
951                 char *cmd = talloc_sub_advanced(talloc_tos(),
952                                         lp_servicename(SNUM(conn)),
953                                         conn->server_info->unix_name,
954                                         conn->connectpath,
955                                         conn->server_info->utok.gid,
956                                         conn->server_info->sanitized_username,
957                                         pdb_get_domain(conn->server_info->sam_account),
958                                         lp_preexec(snum));
959                 ret = smbrun(cmd,NULL);
960                 TALLOC_FREE(cmd);
961                 if (ret != 0 && lp_preexec_close(snum)) {
962                         DEBUG(1,("preexec gave %d - failing connection\n",
963                                  ret));
964                         *pstatus = NT_STATUS_ACCESS_DENIED;
965                         goto err_root_exit;
966                 }
967         }
968
969 #ifdef WITH_FAKE_KASERVER
970         if (lp_afs_share(snum)) {
971                 afs_login(conn);
972         }
973 #endif
974
975         /*
976          * we've finished with the user stuff - go back to root
977          * so the SMB_VFS_STAT call will only fail on path errors,
978          * not permission problems.
979          */
980         change_to_root_user();
981 /* ROOT Activites: */
982
983         /*
984          * If widelinks are disallowed we need to canonicalise the connect
985          * path here to ensure we don't have any symlinks in the
986          * connectpath. We will be checking all paths on this connection are
987          * below this directory. We must do this after the VFS init as we
988          * depend on the realpath() pointer in the vfs table. JRA.
989          */
990         if (!lp_widelinks(snum)) {
991                 if (!canonicalize_connect_path(conn)) {
992                         DEBUG(0, ("canonicalize_connect_path failed "
993                         "for service %s, path %s\n",
994                                 lp_servicename(snum),
995                                 conn->connectpath));
996                         *pstatus = NT_STATUS_BAD_NETWORK_NAME;
997                         goto err_root_exit;
998                 }
999         }
1000
1001         /* Add veto/hide lists */
1002         if (!IS_IPC(conn) && !IS_PRINT(conn)) {
1003                 set_namearray( &conn->veto_list, lp_veto_files(snum));
1004                 set_namearray( &conn->hide_list, lp_hide_files(snum));
1005                 set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(snum));
1006                 set_namearray( &conn->aio_write_behind_list,
1007                                 lp_aio_write_behind(snum));
1008         }
1009         status = create_synthetic_smb_fname(talloc_tos(), conn->connectpath,
1010                                             NULL, NULL, &smb_fname_cpath);
1011         if (!NT_STATUS_IS_OK(status)) {
1012                 *pstatus = status;
1013                 goto err_root_exit;
1014         }
1015
1016         /* win2000 does not check the permissions on the directory
1017            during the tree connect, instead relying on permission
1018            check during individual operations. To match this behaviour
1019            I have disabled this chdir check (tridge) */
1020         /* the alternative is just to check the directory exists */
1021
1022         if ((ret = SMB_VFS_STAT(conn, smb_fname_cpath)) != 0 ||
1023             !S_ISDIR(smb_fname_cpath->st.st_ex_mode)) {
1024                 if (ret == 0 && !S_ISDIR(smb_fname_cpath->st.st_ex_mode)) {
1025                         DEBUG(0,("'%s' is not a directory, when connecting to "
1026                                  "[%s]\n", conn->connectpath,
1027                                  lp_servicename(snum)));
1028                 } else {
1029                         DEBUG(0,("'%s' does not exist or permission denied "
1030                                  "when connecting to [%s] Error was %s\n",
1031                                  conn->connectpath, lp_servicename(snum),
1032                                  strerror(errno) ));
1033                 }
1034                 *pstatus = NT_STATUS_BAD_NETWORK_NAME;
1035                 goto err_root_exit;
1036         }
1037
1038         string_set(&conn->origpath,conn->connectpath);
1039
1040         /* Figure out the characteristics of the underlying filesystem. This
1041          * assumes that all the filesystem mounted withing a share path have
1042          * the same characteristics, which is likely but not guaranteed.
1043          */
1044
1045         conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn, &conn->ts_res);
1046
1047         /*
1048          * Print out the 'connected as' stuff here as we need
1049          * to know the effective uid and gid we will be using
1050          * (at least initially).
1051          */
1052
1053         if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) {
1054                 dbgtext( "%s (%s) ", get_remote_machine_name(),
1055                          conn->client_address );
1056                 dbgtext( "%s", srv_is_signing_active(smbd_server_conn) ? "signed " : "");
1057                 dbgtext( "connect to service %s ", lp_servicename(snum) );
1058                 dbgtext( "initially as user %s ",
1059                          conn->server_info->unix_name );
1060                 dbgtext( "(uid=%d, gid=%d) ", (int)effuid, (int)effgid );
1061                 dbgtext( "(pid %d)\n", (int)sys_getpid() );
1062         }
1063
1064         return(conn);
1065
1066   err_root_exit:
1067         TALLOC_FREE(smb_fname_cpath);
1068         /* We must exit this function as root. */
1069         if (geteuid() != 0) {
1070                 change_to_root_user();
1071         }
1072         if (on_err_call_dis_hook) {
1073                 /* Call VFS disconnect hook */
1074                 SMB_VFS_DISCONNECT(conn);
1075         }
1076         if (claimed_connection) {
1077                 yield_connection(conn, lp_servicename(snum));
1078         }
1079         if (conn) {
1080                 conn_free(conn);
1081         }
1082         return NULL;
1083 }
1084
1085 /****************************************************************************
1086  Make a connection to a service.
1087  *
1088  * @param service 
1089 ****************************************************************************/
1090
1091 connection_struct *make_connection(struct smbd_server_connection *sconn,
1092                                    const char *service_in, DATA_BLOB password,
1093                                    const char *pdev, uint16 vuid,
1094                                    NTSTATUS *status)
1095 {
1096         uid_t euid;
1097         user_struct *vuser = NULL;
1098         fstring service;
1099         fstring dev;
1100         int snum = -1;
1101         char addr[INET6_ADDRSTRLEN];
1102
1103         fstrcpy(dev, pdev);
1104
1105         /* This must ONLY BE CALLED AS ROOT. As it exits this function as
1106          * root. */
1107         if (!non_root_mode() && (euid = geteuid()) != 0) {
1108                 DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot "
1109                          "(%u)\n", (unsigned int)euid ));
1110                 smb_panic("make_connection: PANIC ERROR. Called as nonroot\n");
1111         }
1112
1113         if (conn_num_open(sconn) > 2047) {
1114                 *status = NT_STATUS_INSUFF_SERVER_RESOURCES;
1115                 return NULL;
1116         }
1117
1118         if(lp_security() != SEC_SHARE) {
1119                 vuser = get_valid_user_struct(sconn, vuid);
1120                 if (!vuser) {
1121                         DEBUG(1,("make_connection: refusing to connect with "
1122                                  "no session setup\n"));
1123                         *status = NT_STATUS_ACCESS_DENIED;
1124                         return NULL;
1125                 }
1126         }
1127
1128         /* Logic to try and connect to the correct [homes] share, preferably
1129            without too many getpwnam() lookups.  This is particulary nasty for
1130            winbind usernames, where the share name isn't the same as unix
1131            username.
1132
1133            The snum of the homes share is stored on the vuser at session setup
1134            time.
1135         */
1136
1137         if (strequal(service_in,HOMES_NAME)) {
1138                 if(lp_security() != SEC_SHARE) {
1139                         DATA_BLOB no_pw = data_blob_null;
1140                         if (vuser->homes_snum == -1) {
1141                                 DEBUG(2, ("[homes] share not available for "
1142                                           "this user because it was not found "
1143                                           "or created at session setup "
1144                                           "time\n"));
1145                                 *status = NT_STATUS_BAD_NETWORK_NAME;
1146                                 return NULL;
1147                         }
1148                         DEBUG(5, ("making a connection to [homes] service "
1149                                   "created at session setup time\n"));
1150                         return make_connection_snum(sconn,
1151                                                     vuser->homes_snum,
1152                                                     vuser, no_pw, 
1153                                                     dev, status);
1154                 } else {
1155                         /* Security = share. Try with
1156                          * current_user_info.smb_name as the username.  */
1157                         if (*current_user_info.smb_name) {
1158                                 fstring unix_username;
1159                                 fstrcpy(unix_username,
1160                                         current_user_info.smb_name);
1161                                 map_username(sconn, unix_username);
1162                                 snum = find_service(unix_username);
1163                         } 
1164                         if (snum != -1) {
1165                                 DEBUG(5, ("making a connection to 'homes' "
1166                                           "service %s based on "
1167                                           "security=share\n", service_in));
1168                                 return make_connection_snum(sconn,
1169                                                             snum, NULL,
1170                                                             password,
1171                                                             dev, status);
1172                         }
1173                 }
1174         } else if ((lp_security() != SEC_SHARE) && (vuser->homes_snum != -1)
1175                    && strequal(service_in,
1176                                lp_servicename(vuser->homes_snum))) {
1177                 DATA_BLOB no_pw = data_blob_null;
1178                 DEBUG(5, ("making a connection to 'homes' service [%s] "
1179                           "created at session setup time\n", service_in));
1180                 return make_connection_snum(sconn,
1181                                             vuser->homes_snum,
1182                                             vuser, no_pw, 
1183                                             dev, status);
1184         }
1185         
1186         fstrcpy(service, service_in);
1187
1188         strlower_m(service);
1189
1190         snum = find_service(service);
1191
1192         if (snum < 0) {
1193                 if (strequal(service,"IPC$") ||
1194                     (lp_enable_asu_support() && strequal(service,"ADMIN$"))) {
1195                         DEBUG(3,("refusing IPC connection to %s\n", service));
1196                         *status = NT_STATUS_ACCESS_DENIED;
1197                         return NULL;
1198                 }
1199
1200                 DEBUG(3,("%s (%s) couldn't find service %s\n",
1201                         get_remote_machine_name(),
1202                         client_addr(get_client_fd(),addr,sizeof(addr)),
1203                         service));
1204                 *status = NT_STATUS_BAD_NETWORK_NAME;
1205                 return NULL;
1206         }
1207
1208         /* Handle non-Dfs clients attempting connections to msdfs proxy */
1209         if (lp_host_msdfs() && (*lp_msdfs_proxy(snum) != '\0'))  {
1210                 DEBUG(3, ("refusing connection to dfs proxy share '%s' "
1211                           "(pointing to %s)\n", 
1212                         service, lp_msdfs_proxy(snum)));
1213                 *status = NT_STATUS_BAD_NETWORK_NAME;
1214                 return NULL;
1215         }
1216
1217         DEBUG(5, ("making a connection to 'normal' service %s\n", service));
1218
1219         return make_connection_snum(sconn, snum, vuser,
1220                                     password,
1221                                     dev, status);
1222 }
1223
1224 /****************************************************************************
1225  Close a cnum.
1226 ****************************************************************************/
1227
1228 void close_cnum(connection_struct *conn, uint16 vuid)
1229 {
1230         file_close_conn(conn);
1231
1232         if (!IS_IPC(conn)) {
1233                 dptr_closecnum(conn);
1234         }
1235
1236         change_to_root_user();
1237
1238         DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n",
1239                                  get_remote_machine_name(),
1240                                  conn->client_address,
1241                                  lp_servicename(SNUM(conn))));
1242
1243         /* Call VFS disconnect hook */    
1244         SMB_VFS_DISCONNECT(conn);
1245
1246         yield_connection(conn, lp_servicename(SNUM(conn)));
1247
1248         /* make sure we leave the directory available for unmount */
1249         vfs_ChDir(conn, "/");
1250
1251         /* execute any "postexec = " line */
1252         if (*lp_postexec(SNUM(conn)) && 
1253             change_to_user(conn, vuid))  {
1254                 char *cmd = talloc_sub_advanced(talloc_tos(),
1255                                         lp_servicename(SNUM(conn)),
1256                                         conn->server_info->unix_name,
1257                                         conn->connectpath,
1258                                         conn->server_info->utok.gid,
1259                                         conn->server_info->sanitized_username,
1260                                         pdb_get_domain(conn->server_info->sam_account),
1261                                         lp_postexec(SNUM(conn)));
1262                 smbrun(cmd,NULL);
1263                 TALLOC_FREE(cmd);
1264                 change_to_root_user();
1265         }
1266
1267         change_to_root_user();
1268         /* execute any "root postexec = " line */
1269         if (*lp_rootpostexec(SNUM(conn)))  {
1270                 char *cmd = talloc_sub_advanced(talloc_tos(),
1271                                         lp_servicename(SNUM(conn)),
1272                                         conn->server_info->unix_name,
1273                                         conn->connectpath,
1274                                         conn->server_info->utok.gid,
1275                                         conn->server_info->sanitized_username,
1276                                         pdb_get_domain(conn->server_info->sam_account),
1277                                         lp_rootpostexec(SNUM(conn)));
1278                 smbrun(cmd,NULL);
1279                 TALLOC_FREE(cmd);
1280         }
1281
1282         conn_free(conn);
1283 }