static void init_srv_share_info_501(pipes_struct *p, SRV_SHARE_INFO_501 *sh501, int snum)
{
- int len_net_name;
pstring remark;
- char *net_name = lp_servicename(snum);
+ const char *net_name = lp_servicename(snum);
pstrcpy(remark, lp_comment(snum));
standard_sub_conn(p->conn, remark, sizeof(remark));
- len_net_name = strlen(net_name);
-
init_srv_share_info501(&sh501->info_501, net_name, get_share_type(snum), remark, (lp_csc_policy(snum) << 4));
init_srv_share_info501_str(&sh501->info_501_str, net_name, remark);
}
static void init_srv_share_info_502(pipes_struct *p, SRV_SHARE_INFO_502 *sh502, int snum)
{
- int len_net_name;
pstring net_name;
pstring remark;
pstring path;
string_replace(path, '/', '\\');
pstrcpy(passwd, "");
- len_net_name = strlen(net_name);
sd = get_share_security(ctx, snum, &sd_size);
static BOOL is_hidden_share(int snum)
{
- pstring net_name;
+ const char *net_name = lp_servicename(snum);
- pstrcpy(net_name, lp_servicename(snum));
- return (net_name[strlen(net_name)] == '$') ? True : False;
+ return (net_name[strlen(net_name) - 1] == '$') ? True : False;
}
/*******************************************************************
switch (info_level) {
case 0:
{
- SRV_SHARE_INFO_0 *info0;
+ SRV_SHARE_INFO_0 *info0 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_0, num_entries);
int i = 0;
- info0 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_0));
+ if (!info0) {
+ return False;
+ }
for (snum = *resume_hnd; snum < num_services; snum++) {
if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
case 1:
{
- SRV_SHARE_INFO_1 *info1;
+ SRV_SHARE_INFO_1 *info1 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1, num_entries);
int i = 0;
- info1 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1));
+ if (!info1) {
+ return False;
+ }
for (snum = *resume_hnd; snum < num_services; snum++) {
if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
case 2:
{
- SRV_SHARE_INFO_2 *info2;
+ SRV_SHARE_INFO_2 *info2 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_2, num_entries);
int i = 0;
- info2 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_2));
+ if (!info2) {
+ return False;
+ }
for (snum = *resume_hnd; snum < num_services; snum++) {
if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
case 501:
{
- SRV_SHARE_INFO_501 *info501;
+ SRV_SHARE_INFO_501 *info501 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_501, num_entries);
int i = 0;
- info501 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_501));
+ if (!info501) {
+ return False;
+ }
for (snum = *resume_hnd; snum < num_services; snum++) {
if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
case 502:
{
- SRV_SHARE_INFO_502 *info502;
+ SRV_SHARE_INFO_502 *info502 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_502, num_entries);
int i = 0;
- info502 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_502));
+ if (!info502) {
+ return False;
+ }
for (snum = *resume_hnd; snum < num_services; snum++) {
if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
case 1004:
{
- SRV_SHARE_INFO_1004 *info1004;
+ SRV_SHARE_INFO_1004 *info1004 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1004, num_entries);
int i = 0;
- info1004 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1004));
+ if (!info1004) {
+ return False;
+ }
for (snum = *resume_hnd; snum < num_services; snum++) {
if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
case 1005:
{
- SRV_SHARE_INFO_1005 *info1005;
+ SRV_SHARE_INFO_1005 *info1005 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1005, num_entries);
int i = 0;
- info1005 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1005));
+ if (!info1005) {
+ return False;
+ }
for (snum = *resume_hnd; snum < num_services; snum++) {
if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
case 1006:
{
- SRV_SHARE_INFO_1006 *info1006;
+ SRV_SHARE_INFO_1006 *info1006 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1006, num_entries);
int i = 0;
- info1006 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1006));
+ if (!info1006) {
+ return False;
+ }
for (snum = *resume_hnd; snum < num_services; snum++) {
if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
case 1007:
{
- SRV_SHARE_INFO_1007 *info1007;
+ SRV_SHARE_INFO_1007 *info1007 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1007, num_entries);
int i = 0;
- info1007 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1007));
+ if (!info1007) {
+ return False;
+ }
for (snum = *resume_hnd; snum < num_services; snum++) {
if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
case 1501:
{
- SRV_SHARE_INFO_1501 *info1501;
+ SRV_SHARE_INFO_1501 *info1501 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1501, num_entries);
int i = 0;
- info1501 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1501));
+ if (!info1501) {
+ return False;
+ }
for (snum = *resume_hnd; snum < num_services; snum++) {
if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
int i;
if (*total_entries > 0) {
ctr->ptr_entries = 1;
- ctr->file.info3 = talloc(ctx, ctr->num_entries *
- sizeof(SRV_FILE_INFO_3));
+ ctr->file.info3 = TALLOC_ARRAY(ctx, SRV_FILE_INFO_3, ctr->num_entries);
}
for (i=0 ;i<ctr->num_entries;i++) {
init_srv_file_info3(&ctr->file.info3[i].info_3, i+*resume_hnd, 0x35, 0, "\\PIPE\\samr", "dummy user");
WERROR _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R_NET_SRV_GET_INFO *r_u)
{
WERROR status = WERR_OK;
- SRV_INFO_CTR *ctr = (SRV_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_INFO_CTR));
+ SRV_INFO_CTR *ctr = TALLOC_P(p->mem_ctx, SRV_INFO_CTR);
if (!ctr)
return WERR_NOMEM;
{
DEBUG(5,("srv_net_conn_enum: %d\n", __LINE__));
- r_u->ctr = (SRV_CONN_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_CONN_INFO_CTR));
+ r_u->ctr = TALLOC_P(p->mem_ctx, SRV_CONN_INFO_CTR);
if (!r_u->ctr)
return WERR_NOMEM;
{
DEBUG(5,("_srv_net_sess_enum: %d\n", __LINE__));
- r_u->ctr = (SRV_SESS_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_SESS_INFO_CTR));
+ r_u->ctr = TALLOC_P(p->mem_ctx, SRV_SESS_INFO_CTR);
if (!r_u->ctr)
return WERR_NOMEM;
static char *valid_share_pathname(char *dos_pathname)
{
- pstring saved_pathname;
- pstring unix_pathname;
char *ptr;
- int ret;
/* Convert any '\' paths to '/' */
unix_format(dos_pathname);
if (*ptr != '/')
return NULL;
- /* Can we cd to it ? */
-
- /* First save our current directory. */
- if (getcwd(saved_pathname, sizeof(saved_pathname)) == NULL)
- return False;
-
- pstrcpy(unix_pathname, ptr);
-
- ret = chdir(unix_pathname);
-
- /* We *MUST* be able to chdir back. Abort if we can't. */
- if (chdir(saved_pathname) == -1)
- smb_panic("valid_share_pathname: Unable to restore current directory.\n");
-
- return (ret != -1) ? ptr : NULL;
+ return ptr;
}
/*******************************************************************
int type;
int snum;
int ret;
- char *ptr;
+ char *path;
SEC_DESC *psd = NULL;
+ SE_PRIV se_diskop = SE_DISK_OPERATOR;
+ BOOL is_disk_op;
DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__));
get_current_user(&user,p);
- if (user.uid != sec_initial_uid())
+ is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+
+ /* fail out now if you are not root and not a disk op */
+
+ if ( user.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
switch (q_u->info_level) {
return WERR_ACCESS_DENIED;
/* Check if the pathname is valid. */
- if (!(ptr = valid_share_pathname( pathname )))
+ if (!(path = valid_share_pathname( pathname )))
return WERR_OBJECT_PATH_INVALID;
/* Ensure share name, pathname and comment don't contain '"' characters. */
string_replace(share_name, '"', ' ');
- string_replace(ptr, '"', ' ');
+ string_replace(path, '"', ' ');
string_replace(comment, '"', ' ');
DEBUG(10,("_srv_net_share_set_info: change share command = %s\n",
lp_change_share_cmd() ? lp_change_share_cmd() : "NULL" ));
/* Only call modify function if something changed. */
-
- if (strcmp(ptr, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) {
- if (!lp_change_share_cmd() || !*lp_change_share_cmd())
+
+ if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) )
+ {
+ if (!lp_change_share_cmd() || !*lp_change_share_cmd())
return WERR_ACCESS_DENIED;
slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
- lp_change_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment);
+ lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment);
DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command ));
- if ((ret = smbrun(command, NULL)) != 0) {
- DEBUG(0,("_srv_net_share_set_info: Running [%s] returned (%d)\n", command, ret ));
+
+ /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/
+
+ if ( is_disk_op )
+ become_root();
+
+ ret = smbrun(command, NULL);
+
+ if ( is_disk_op )
+ unbecome_root();
+
+ /********* END SeDiskOperatorPrivilege BLOCK *********/
+
+ DEBUG(3,("_srv_net_share_set_info: Running [%s] returned (%d)\n", command, ret ));
+
+ if ( ret != 0 )
return WERR_ACCESS_DENIED;
- }
/* Tell everyone we updated smb.conf. */
message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
-
} else {
DEBUG(10,("_srv_net_share_set_info: No change to share name (%s)\n", share_name ));
}
share_name ));
}
}
-
+
DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__));
return WERR_OK;
int type;
int snum;
int ret;
- char *ptr;
+ char *path;
SEC_DESC *psd = NULL;
+ SE_PRIV se_diskop = SE_DISK_OPERATOR;
+ BOOL is_disk_op;
DEBUG(5,("_srv_net_share_add: %d\n", __LINE__));
get_current_user(&user,p);
- if (user.uid != sec_initial_uid()) {
- DEBUG(10,("_srv_net_share_add: uid != sec_initial_uid(). Access denied.\n"));
+ is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+
+ if (user.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
- }
if (!lp_add_share_cmd() || !*lp_add_share_cmd()) {
DEBUG(10,("_srv_net_share_add: No add share command\n"));
return WERR_ACCESS_DENIED;
}
-
+
switch (q_u->info_level) {
case 0:
/* No path. Not enough info in a level 0 to do anything. */
return WERR_ACCESS_DENIED;
/* Check if the pathname is valid. */
- if (!(ptr = valid_share_pathname( pathname )))
+ if (!(path = valid_share_pathname( pathname )))
return WERR_OBJECT_PATH_INVALID;
/* Ensure share name, pathname and comment don't contain '"' characters. */
string_replace(share_name, '"', ' ');
- string_replace(ptr, '"', ' ');
+ string_replace(path, '"', ' ');
string_replace(comment, '"', ' ');
slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
- lp_add_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment);
-
+ lp_add_share_cmd(), dyn_CONFIGFILE, share_name, path, comment);
+
DEBUG(10,("_srv_net_share_add: Running [%s]\n", command ));
- if ((ret = smbrun(command, NULL)) != 0) {
- DEBUG(0,("_srv_net_share_add: Running [%s] returned (%d)\n", command, ret ));
- return WERR_ACCESS_DENIED;
- }
+
+ /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/
+
+ if ( is_disk_op )
+ become_root();
- if (psd) {
- if (!set_share_security(p->mem_ctx, share_name, psd))
- DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n",
- share_name ));
- }
+ ret = smbrun(command, NULL);
+
+ if ( is_disk_op )
+ unbecome_root();
+
+ /********* END SeDiskOperatorPrivilege BLOCK *********/
+
+ DEBUG(3,("_srv_net_share_add: Running [%s] returned (%d)\n", command, ret ));
+
+ if ( ret != 0 )
+ return WERR_ACCESS_DENIED;
/* Tell everyone we updated smb.conf. */
message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
+ if (psd) {
+ if (!set_share_security(p->mem_ctx, share_name, psd)) {
+ DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n", share_name ));
+ }
+ }
+
/*
* We don't call reload_services() here, the message will
* cause this to be done before the next packet is read
fstring share_name;
int ret;
int snum;
+ SE_PRIV se_diskop = SE_DISK_OPERATOR;
+ BOOL is_disk_op;
DEBUG(5,("_srv_net_share_del: %d\n", __LINE__));
get_current_user(&user,p);
- if (user.uid != sec_initial_uid())
+ is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+
+ if (user.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
if (!lp_delete_share_cmd() || !*lp_delete_share_cmd())
return WERR_ACCESS_DENIED;
-
+
slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"",
lp_delete_share_cmd(), dyn_CONFIGFILE, lp_servicename(snum));
DEBUG(10,("_srv_net_share_del: Running [%s]\n", command ));
- if ((ret = smbrun(command, NULL)) != 0) {
- DEBUG(0,("_srv_net_share_del: Running [%s] returned (%d)\n", command, ret ));
- return WERR_ACCESS_DENIED;
- }
- /* Delete the SD in the database. */
- delete_share_security(snum);
+ /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/
+
+ if ( is_disk_op )
+ become_root();
+
+ ret = smbrun(command, NULL);
+
+ if ( is_disk_op )
+ unbecome_root();
+
+ /********* END SeDiskOperatorPrivilege BLOCK *********/
+
+ DEBUG(3,("_srv_net_share_del: Running [%s] returned (%d)\n", command, ret ));
+
+ if ( ret != 0 )
+ return WERR_ACCESS_DENIED;
/* Tell everyone we updated smb.conf. */
message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
+ /* Delete the SD in the database. */
+ delete_share_security(snum);
+
lp_killservice(snum);
return WERR_OK;
struct tm *t;
time_t unixdate = time(NULL);
- tod = (TIME_OF_DAY_INFO *)talloc(p->mem_ctx, sizeof(TIME_OF_DAY_INFO));
+ tod = TALLOC_P(p->mem_ctx, TIME_OF_DAY_INFO);
if (!tod)
return WERR_NOMEM;
unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename));
unix_convert(filename, conn, NULL, &bad_path, &st);
- fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDONLY),
- (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action);
+ if (bad_path) {
+ DEBUG(3,("_srv_net_file_query_secdesc: bad pathname %s\n", filename));
+ r_u->status = WERR_ACCESS_DENIED;
+ goto error_exit;
+ }
+
+ if (!check_name(filename,conn)) {
+ DEBUG(3,("_srv_net_file_query_secdesc: can't access %s\n", filename));
+ r_u->status = WERR_ACCESS_DENIED;
+ goto error_exit;
+ }
+
+ fsp = open_file_shared(conn, filename, &st, SET_DENY_MODE(DENY_NONE)|SET_OPEN_MODE(DOS_OPEN_RDONLY),
+ (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), FILE_ATTRIBUTE_NORMAL, INTERNAL_OPEN_ONLY,
+ &access_mode, &action);
if (!fsp) {
/* Perhaps it is a directory */
if (errno == EISDIR)
fsp = open_directory(conn, filename, &st,FILE_READ_ATTRIBUTES,0,
- (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action);
+ (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), &action);
if (!fsp) {
DEBUG(3,("_srv_net_file_query_secdesc: Unable to open file %s\n", filename));
unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename));
unix_convert(filename, conn, NULL, &bad_path, &st);
+ if (bad_path) {
+ DEBUG(3,("_srv_net_file_set_secdesc: bad pathname %s\n", filename));
+ r_u->status = WERR_ACCESS_DENIED;
+ goto error_exit;
+ }
+
+ if (!check_name(filename,conn)) {
+ DEBUG(3,("_srv_net_file_set_secdesc: can't access %s\n", filename));
+ r_u->status = WERR_ACCESS_DENIED;
+ goto error_exit;
+ }
- fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDWR),
- (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action);
+
+ fsp = open_file_shared(conn, filename, &st, SET_DENY_MODE(DENY_NONE)|SET_OPEN_MODE(DOS_OPEN_RDWR),
+ (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), FILE_ATTRIBUTE_NORMAL, INTERNAL_OPEN_ONLY,
+ &access_mode, &action);
if (!fsp) {
/* Perhaps it is a directory */
if (errno == EISDIR)
fsp = open_directory(conn, filename, &st,FILE_READ_ATTRIBUTES,0,
- (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action);
+ (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), &action);
if (!fsp) {
DEBUG(3,("_srv_net_file_set_secdesc: Unable to open file %s\n", filename));
r_u->disk_enum_ctr.unknown = 0;
- {
- DISK_INFO *dinfo;
-
- int dinfo_size = MAX_SERVER_DISK_ENTRIES * sizeof(*dinfo);
-
- if(!(dinfo = talloc(ctx, dinfo_size))) {
- return WERR_NOMEM;
- }
-
- r_u->disk_enum_ctr.disk_info = dinfo;
+ if(!(r_u->disk_enum_ctr.disk_info = TALLOC_ARRAY(ctx, DISK_INFO, MAX_SERVER_DISK_ENTRIES))) {
+ return WERR_NOMEM;
}
r_u->disk_enum_ctr.disk_info_ptr = r_u->disk_enum_ctr.disk_info ? 1 : 0;