#include "includes.h"
-extern int DEBUGLEVEL;
-
extern struct timeval smb_last_time;
extern int case_default;
extern BOOL case_preserve;
extern BOOL case_sensitive;
extern BOOL use_mangled_map;
extern fstring remote_machine;
-extern pstring sesssetup_user;
+extern userdom_struct current_user_info;
extern fstring remote_machine;
/****************************************************************************
-load parameters specific to a connection/service
+ Load parameters specific to a connection/service.
****************************************************************************/
-BOOL become_service(connection_struct *conn,BOOL do_chdir)
+
+BOOL set_current_service(connection_struct *conn,BOOL do_chdir)
{
extern char magic_char;
static connection_struct *last_conn;
snum = SNUM(conn);
if (do_chdir &&
- dos_ChDir(conn->connectpath) != 0 &&
- dos_ChDir(conn->origpath) != 0) {
+ vfs_ChDir(conn,conn->connectpath) != 0 &&
+ vfs_ChDir(conn,conn->origpath) != 0) {
DEBUG(0,("chdir (%s) failed\n",
conn->connectpath));
return(False);
return(True);
}
+/****************************************************************************
+ Add a home service. Returns the new service number or -1 if fail.
+****************************************************************************/
+
+int add_home_service(const char *service, const char *homedir)
+{
+ int iHomeService;
+ int iService;
+ fstring new_service;
+ char *usr_p = NULL;
+
+ if (!service || !homedir)
+ return -1;
+
+ if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0)
+ return -1;
+
+ /*
+ * If this is a winbindd provided username, remove
+ * the domain component before adding the service.
+ * Log a warning if the "path=" parameter does not
+ * include any macros.
+ */
+
+ fstrcpy(new_service, service);
+
+ if ((usr_p = strchr_m(service,*lp_winbind_separator())) != NULL)
+ fstrcpy(new_service, usr_p+1);
+
+ lp_add_home(new_service,iHomeService,homedir);
+ iService = lp_servicenumber(new_service);
+
+ return iService;
+}
/****************************************************************************
- find a service entry
+ Find a service entry. service is always in dos codepage.
****************************************************************************/
+
int find_service(char *service)
{
int iService;
DEBUG(3,("checking for home directory %s gave %s\n",service,
phome_dir?phome_dir:"(NULL)"));
- if (phome_dir)
- {
- int iHomeService;
- if ((iHomeService = lp_servicenumber(HOMES_NAME)) >= 0)
- {
- lp_add_home(service,iHomeService,phome_dir);
- iService = lp_servicenumber(service);
- }
- }
+ iService = add_home_service(service,phome_dir);
}
/* If we still don't have a service, attempt to add it as a printer. */
/****************************************************************************
- make a connection to a service
+ do some basic sainity checks on the share.
+ This function modifies dev, ecode.
+****************************************************************************/
+static NTSTATUS share_sanity_checks(int snum, char* service, char *dev)
+{
+
+ if (!lp_snum_ok(snum) ||
+ !check_access(smbd_server_fd(),
+ lp_hostsallow(snum), lp_hostsdeny(snum))) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ /* you can only connect to the IPC$ service as an ipc device */
+ if (strequal(service,"IPC$") || strequal(service,"ADMIN$"))
+ pstrcpy(dev,"IPC");
+
+ if (*dev == '?' || !*dev) {
+ if (lp_print_ok(snum)) {
+ pstrcpy(dev,"LPT1:");
+ } else {
+ pstrcpy(dev,"A:");
+ }
+ }
+
+ /* if the request is as a printer and you can't print then refuse */
+ strupper(dev);
+ if (!lp_print_ok(snum) && (strncmp(dev,"LPT",3) == 0)) {
+ DEBUG(1,("Attempt to connect to non-printer as a printer\n"));
+ return NT_STATUS_BAD_DEVICE_TYPE;
+ }
+
+ /* Behave as a printer if we are supposed to */
+ if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) {
+ pstrcpy(dev, "LPT1:");
+ }
+
+ return NT_STATUS_OK;
+}
+
+
+/****************************************************************************
+ readonly share?
****************************************************************************/
-connection_struct *make_connection(char *service,char *user,char *password, int pwlen, char *dev,uint16 vuid, int *ecode)
+static void set_read_only(connection_struct *conn)
+{
+ char **list;
+ char *service = lp_servicename(conn->service);
+ conn->read_only = lp_readonly(conn->service);
+
+ if (!service) return;
+
+ lp_list_copy(&list, lp_readlist(conn->service));
+ if (list) {
+ if (!lp_list_substitute(list, "%S", service)) {
+ DEBUG(0, ("ERROR: read list substitution failed\n"));
+ }
+ if (user_in_list(conn->user, list))
+ conn->read_only = True;
+ lp_list_free(&list);
+ }
+
+ lp_list_copy(&list, lp_writelist(conn->service));
+ if (list) {
+ if (!lp_list_substitute(list, "%S", service)) {
+ DEBUG(0, ("ERROR: write list substitution failed\n"));
+ }
+ if (user_in_list(conn->user, list))
+ conn->read_only = False;
+ lp_list_free(&list);
+ }
+}
+
+
+/****************************************************************************
+ admin user check
+****************************************************************************/
+static void set_admin_user(connection_struct *conn)
+{
+ /* admin user check */
+
+ /* JRA - original code denied admin user if the share was
+ marked read_only. Changed as I don't think this is needed,
+ but old code left in case there is a problem here.
+ */
+ if (user_in_list(conn->user,lp_admin_users(conn->service))
+#if 0
+ && !conn->read_only
+#endif
+ ) {
+ conn->admin_user = True;
+ DEBUG(0,("%s logged in as admin user (root privileges)\n",conn->user));
+ } else {
+ conn->admin_user = False;
+ }
+
+#if 0 /* This done later, for now */
+ /* admin users always run as uid=0 */
+ if (conn->admin_user) {
+ conn->uid = 0;
+ }
+#endif
+}
+
+/****************************************************************************
+ Make a connection to a service.
+****************************************************************************/
+
+connection_struct *make_connection(char *service, DATA_BLOB password,
+ char *dev,uint16 vuid, NTSTATUS *status)
{
int snum;
struct passwd *pass = NULL;
BOOL guest = False;
BOOL force = False;
connection_struct *conn;
- int ret;
+ uid_t euid;
+
+ fstring user;
+ ZERO_STRUCT(user);
+
+ /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */
+ if (!non_root_mode() && (euid = geteuid()) != 0) {
+ DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot (%u)\n", (unsigned int)euid ));
+ smb_panic("make_connection: PANIC ERROR. Called as nonroot\n");
+ }
strlower(service);
snum = find_service(service);
+
if (snum < 0) {
- if (strequal(service,"IPC$")) {
+ if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) {
DEBUG(3,("refusing IPC connection\n"));
- *ecode = ERRnoipc;
+ *status = NT_STATUS_ACCESS_DENIED;
return NULL;
}
DEBUG(0,("%s (%s) couldn't find service %s\n",
remote_machine, client_addr(), service));
- *ecode = ERRinvnetname;
+ *status = NT_STATUS_BAD_NETWORK_NAME;
return NULL;
}
if (strequal(service,HOMES_NAME)) {
- if (*user && Get_Pwnam(user,True)) {
- fstring dos_username;
- fstrcpy(dos_username, user);
- unix_to_dos(dos_username, True);
- return(make_connection(dos_username,user,password,
- pwlen,dev,vuid,ecode));
- }
-
if(lp_security() != SEC_SHARE) {
if (validated_username(vuid)) {
- fstring dos_username;
- fstrcpy(user,validated_username(vuid));
- fstrcpy(dos_username, user);
- unix_to_dos(dos_username, True);
- return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode));
+ fstring unix_username;
+ fstrcpy(unix_username,validated_username(vuid));
+ return(make_connection(unix_username,password,dev,vuid,status));
}
} else {
- /* Security = share. Try with sesssetup_user
+ /* Security = share. Try with current_user_info.smb_name
* as the username. */
- if(*sesssetup_user) {
- fstring dos_username;
- fstrcpy(user,sesssetup_user);
- fstrcpy(dos_username, user);
- unix_to_dos(dos_username, True);
- return(make_connection(dos_username,user,password,pwlen,dev,vuid,ecode));
+ if(*current_user_info.smb_name) {
+ fstring unix_username;
+ fstrcpy(unix_username,current_user_info.smb_name);
+ map_username(unix_username);
+ return(make_connection(unix_username,password,dev,vuid,status));
}
}
}
- if (!lp_snum_ok(snum) ||
- !check_access(smbd_server_fd(),
- lp_hostsallow(snum), lp_hostsdeny(snum))) {
- *ecode = ERRaccess;
+ if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, service, dev))) {
return NULL;
- }
-
- /* you can only connect to the IPC$ service as an ipc device */
- if (strequal(service,"IPC$"))
- pstrcpy(dev,"IPC");
-
- if (*dev == '?' || !*dev) {
- if (lp_print_ok(snum)) {
- pstrcpy(dev,"LPT1:");
- } else {
- pstrcpy(dev,"A:");
- }
- }
+ }
- /* if the request is as a printer and you can't print then refuse */
- strupper(dev);
- if (!lp_print_ok(snum) && (strncmp(dev,"LPT",3) == 0)) {
- DEBUG(1,("Attempt to connect to non-printer as a printer\n"));
- *ecode = ERRinvdevice;
- return NULL;
+ /* add it as a possible user name if we
+ are in share mode security */
+ if (lp_security() == SEC_SHARE) {
+ add_session_user(service);
}
- /* lowercase the user name */
- strlower(user);
-
- /* add it as a possible user name */
- add_session_user(service);
/* shall we let them in? */
- if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) {
- DEBUG( 2, ( "Invalid username/password for %s\n", service ) );
- *ecode = ERRbadpw;
+ if (!authorise_login(snum,user,password,&guest,&force,vuid)) {
+ DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) );
+ *status = NT_STATUS_WRONG_PASSWORD;
return NULL;
}
+
+ add_session_user(user);
conn = conn_new();
if (!conn) {
DEBUG(0,("Couldn't find free connection.\n"));
- *ecode = ERRnoresource;
- conn_free(conn);
+ *status = NT_STATUS_INSUFFICIENT_RESOURCES;
return NULL;
}
/* find out some info about the user */
- pass = Get_Pwnam(user,True);
+ pass = smb_getpwnam(user,True);
if (pass == NULL) {
DEBUG(0,( "Couldn't find account %s\n",user));
- *ecode = ERRbaduid;
+ *status = NT_STATUS_NO_SUCH_USER;
conn_free(conn);
return NULL;
}
- conn->read_only = lp_readonly(snum);
-
- {
- pstring list;
- StrnCpy(list,lp_readlist(snum),sizeof(pstring)-1);
- pstring_sub(list,"%S",service);
-
- if (user_in_list(user,list))
- conn->read_only = True;
-
- StrnCpy(list,lp_writelist(snum),sizeof(pstring)-1);
- pstring_sub(list,"%S",service);
-
- if (user_in_list(user,list))
- conn->read_only = False;
- }
-
- /* admin user check */
-
- /* JRA - original code denied admin user if the share was
- marked read_only. Changed as I don't think this is needed,
- but old code left in case there is a problem here.
- */
- if (user_in_list(user,lp_admin_users(snum))
-#if 0
- && !conn->read_only
-#endif
- ) {
- conn->admin_user = True;
- DEBUG(0,("%s logged in as admin user (root privileges)\n",user));
- } else {
- conn->admin_user = False;
- }
-
conn->force_user = force;
conn->vuid = vuid;
conn->uid = pass->pw_uid;
conn->gid = pass->pw_gid;
- safe_strcpy(conn->client_address, client_addr(), sizeof(conn->client_address)-1);
+ safe_strcpy(conn->client_address, client_addr(),
+ sizeof(conn->client_address)-1);
conn->num_files_open = 0;
conn->lastused = time(NULL);
conn->service = snum;
conn->used = True;
conn->printer = (strncmp(dev,"LPT",3) == 0);
- conn->ipc = (strncmp(dev,"IPC",3) == 0);
+ conn->ipc = ((strncmp(dev,"IPC",3) == 0) || strequal(dev,"ADMIN$"));
conn->dirptr = NULL;
conn->veto_list = NULL;
conn->hide_list = NULL;
conn->veto_oplock_list = NULL;
string_set(&conn->dirpath,"");
string_set(&conn->user,user);
+ conn->nt_user_token = NULL;
- conn->vfs_conn = (struct vfs_connection_struct *)
- malloc(sizeof(struct vfs_connection_struct));
-
- if (conn->vfs_conn == NULL) {
- DEBUG(0, ("No memory to create vfs_connection_struct"));
- return NULL;
- }
-
- ZERO_STRUCTP(conn->vfs_conn);
-
- /* Copy across relevant data from connection struct */
-
- conn->vfs_conn->printer = conn->printer;
- conn->vfs_conn->ipc = conn->ipc;
- conn->vfs_conn->read_only = conn->read_only;
- conn->vfs_conn->admin_user = conn->admin_user;
-
- pstrcpy(conn->vfs_conn->dirpath, conn->dirpath);
- pstrcpy(conn->vfs_conn->connectpath, conn->connectpath);
- pstrcpy(conn->vfs_conn->origpath, conn->origpath);
-
- pstrcpy(conn->vfs_conn->service, service);
- pstrcpy(conn->vfs_conn->user, conn->user);
-
- conn->vfs_conn->uid = conn->uid;
- conn->vfs_conn->gid = conn->gid;
- conn->vfs_conn->ngroups = conn->ngroups;
- if (conn->vfs_conn->ngroups != 0) {
- conn->vfs_conn->groups = (gid_t *)memdup(conn->groups,
- conn->ngroups * sizeof(gid_t));
- } else {
- conn->vfs_conn->groups = NULL;
- }
-
- /* Initialise VFS function pointers */
-
- if (*lp_vfsobj(SNUM(conn))) {
-
-#ifdef HAVE_LIBDL
-
- /* Loadable object file */
-
- if (!vfs_init_custom(conn)) {
- return NULL;
- }
-#else
- DEBUG(0, ("No libdl present - cannot use VFS objects\n"));
- conn_free(conn);
- return NULL;
-#endif
-
- } else {
-
- /* Normal share - initialise with disk access functions */
-
- vfs_init_default(conn);
- }
+ set_read_only(conn);
+
+ set_admin_user(conn);
/*
* If force user is true, then store the
/* Allow %S to be used by force user. */
pstring_sub(fuser,"%S",service);
- pass2 = (struct passwd *)Get_Pwnam(fuser,True);
+ pass2 = (struct passwd *)Get_Pwnam_Modify(fuser);
if (pass2) {
conn->uid = pass2->pw_uid;
conn->gid = pass2->pw_gid;
}
}
+ /* admin users always run as uid=0 */
+ if (conn->admin_user) {
+ conn->uid = 0;
+ }
+
#ifdef HAVE_GETGRNAM
/*
* If force group is true, then override
*/
if (*lp_force_group(snum)) {
- struct group *gptr;
+ gid_t gid;
pstring gname;
pstring tmp_gname;
BOOL user_must_be_member = False;
}
/* default service may be a group name */
pstring_sub(gname,"%S",service);
- gptr = (struct group *)getgrnam(gname);
+ gid = nametogid(gname);
- if (gptr) {
+ if (gid != (gid_t)-1) {
/*
* If the user has been forced and the forced group starts
* with a '+', then we only set the group to be the forced
* Otherwise, the meaning of the '+' would be ignored.
*/
if (conn->force_user && user_must_be_member) {
- int i;
- for (i = 0; gptr->gr_mem[i] != NULL; i++) {
- if (strcmp(user,gptr->gr_mem[i]) == 0) {
- conn->gid = gptr->gr_gid;
+ if (user_in_group_list( user, gname )) {
+ conn->gid = gid;
DEBUG(3,("Forced group %s for member %s\n",gname,user));
- break;
- }
}
} else {
- conn->gid = gptr->gr_gid;
+ conn->gid = gid;
DEBUG(3,("Forced group %s\n",gname));
}
} else {
conn->ngroups = 0;
conn->groups = NULL;
- if (!IS_IPC(conn)) {
- /* Find all the groups this uid is in and
- store them. Used by become_user() */
- setup_groups(conn->user,conn->uid,conn->gid,
- &conn->ngroups,&conn->groups);
-
- /* check number of connections */
- if (!claim_connection(conn,
- lp_servicename(SNUM(conn)),
- lp_max_connections(SNUM(conn)),
- False)) {
- DEBUG(1,("too many connections - rejected\n"));
- *ecode = ERRnoresource;
- conn_free(conn);
- return NULL;
- }
+ /* Find all the groups this uid is in and
+ store them. Used by change_to_user() */
+ initialise_groups(conn->user, conn->uid, conn->gid);
+ get_current_groups(&conn->ngroups,&conn->groups);
- if (lp_status(SNUM(conn)))
- claim_connection(conn,"",
- MAXSTATUS,False);
- } /* IS_IPC */
-
+ conn->nt_user_token = create_nt_token(conn->uid, conn->gid,
+ conn->ngroups, conn->groups,
+ guest, NULL);
+
+ /*
+ * New code to check if there's a share security descripter
+ * added from NT server manager. This is done after the
+ * smb.conf checks are done as we need a uid and token. JRA.
+ */
+
+ {
+ BOOL can_write = share_access_check(conn, snum, vuid, FILE_WRITE_DATA);
+
+ if (!can_write) {
+ if (!share_access_check(conn, snum, vuid, FILE_READ_DATA)) {
+ /* No access, read or write. */
+ *status = NT_STATUS_ACCESS_DENIED;
+ DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
+ service ));
+ conn_free(conn);
+ return NULL;
+ } else {
+ conn->read_only = True;
+ }
+ }
+ }
+ /* Initialise VFS function pointers */
+
+ if (!smbd_vfs_init(conn)) {
+ DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn))));
+ conn_free(conn);
+ return NULL;
+ }
+
+/* ROOT Activities: */
+ /* check number of connections */
+ if (!claim_connection(conn,
+ lp_servicename(SNUM(conn)),
+ lp_max_connections(SNUM(conn)),
+ False)) {
+ DEBUG(1,("too many connections - rejected\n"));
+ *status = NT_STATUS_INSUFFICIENT_RESOURCES;
+ conn_free(conn);
+ return NULL;
+ }
+
+ /* Preexecs are done here as they might make the dir we are to ChDir to below */
/* execute any "root preexec = " line */
if (*lp_rootpreexec(SNUM(conn))) {
+ int ret;
pstring cmd;
pstrcpy(cmd,lp_rootpreexec(SNUM(conn)));
standard_sub_conn(conn,cmd);
DEBUG(5,("cmd=%s\n",cmd));
- ret = smbrun(cmd,NULL,False);
+ ret = smbrun(cmd,NULL);
if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) {
- DEBUG(1,("preexec gave %d - failing connection\n", ret));
+ DEBUG(1,("root preexec gave %d - failing connection\n", ret));
+ yield_connection(conn,
+ lp_servicename(SNUM(conn)),
+ lp_max_connections(SNUM(conn)));
conn_free(conn);
- *ecode = ERRsrverror;
+ *status = NT_STATUS_UNSUCCESSFUL;
return NULL;
}
}
-
- if (!become_user(conn, conn->vuid)) {
+
+/* USER Activites: */
+ if (!change_to_user(conn, conn->vuid)) {
+ /* No point continuing if they fail the basic checks */
DEBUG(0,("Can't become connected user!\n"));
- if (!IS_IPC(conn)) {
- yield_connection(conn,
- lp_servicename(SNUM(conn)),
- lp_max_connections(SNUM(conn)));
- if (lp_status(SNUM(conn))) {
- yield_connection(conn,"",MAXSTATUS);
- }
- }
conn_free(conn);
- *ecode = ERRbadpw;
+ *status = NT_STATUS_LOGON_FAILURE;
return NULL;
}
-
- if (dos_ChDir(conn->connectpath) != 0) {
- DEBUG(0,("Can't change directory to %s (%s)\n",
- conn->connectpath,strerror(errno)));
- unbecome_user();
- if (!IS_IPC(conn)) {
- yield_connection(conn,
- lp_servicename(SNUM(conn)),
- lp_max_connections(SNUM(conn)));
- if (lp_status(SNUM(conn)))
- yield_connection(conn,"",MAXSTATUS);
+
+ /* Remember that a different vuid can connect later without these checks... */
+
+ /* Preexecs are done here as they might make the dir we are to ChDir to below */
+ /* execute any "preexec = " line */
+ if (*lp_preexec(SNUM(conn))) {
+ int ret;
+ pstring cmd;
+ pstrcpy(cmd,lp_preexec(SNUM(conn)));
+ standard_sub_conn(conn,cmd);
+ ret = smbrun(cmd,NULL);
+ if (ret != 0 && lp_preexec_close(SNUM(conn))) {
+ DEBUG(1,("preexec gave %d - failing connection\n", ret));
+ change_to_root_user();
+ yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn)));
+ conn_free(conn);
+ *status = NT_STATUS_UNSUCCESSFUL;
+ return NULL;
}
+ }
+
+ if (vfs_ChDir(conn,conn->connectpath) != 0) {
+ DEBUG(0,("%s (%s) Can't change directory to %s (%s)\n",
+ remote_machine, conn->client_address,
+ conn->connectpath,strerror(errno)));
+ change_to_root_user();
+ yield_connection(conn,
+ lp_servicename(SNUM(conn)),
+ lp_max_connections(SNUM(conn)));
conn_free(conn);
- *ecode = ERRinvnetname;
+ *status = NT_STATUS_BAD_NETWORK_NAME;
return NULL;
}
{
pstring s;
pstrcpy(s,conn->connectpath);
- dos_GetWd(s);
+ vfs_GetWd(conn,s);
string_set(&conn->connectpath,s);
- dos_ChDir(conn->connectpath);
+ vfs_ChDir(conn,conn->connectpath);
}
#endif
- add_session_user(user);
-
- /* execute any "preexec = " line */
- if (*lp_preexec(SNUM(conn))) {
- pstring cmd;
- pstrcpy(cmd,lp_preexec(SNUM(conn)));
- standard_sub_conn(conn,cmd);
- ret = smbrun(cmd,NULL,False);
- if (ret != 0 && lp_preexec_close(SNUM(conn))) {
- DEBUG(1,("preexec gave %d - failing connection\n", ret));
- conn_free(conn);
- *ecode = ERRsrverror;
- return NULL;
- }
- }
-
/*
* Print out the 'connected as' stuff here as we need
- * to know the effective uid and gid we will be using.
+ * to know the effective uid and gid we will be using
+ * (at least initially).
*/
if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) {
dbgtext( "%s (%s) ", remote_machine, conn->client_address );
dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) );
- dbgtext( "as user %s ", user );
+ dbgtext( "initially as user %s ", user );
dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() );
dbgtext( "(pid %d)\n", (int)sys_getpid() );
}
- /* we've finished with the sensitive stuff */
- unbecome_user();
-
/* Add veto/hide lists */
if (!IS_IPC(conn) && !IS_PRINT(conn)) {
set_namearray( &conn->veto_list, lp_veto_files(SNUM(conn)));
/* Invoke VFS make connection hook */
- if (conn->vfs_ops.connect) {
- if (conn->vfs_ops.connect(conn->vfs_conn, service, user) < 0) {
- return NULL;
- }
- }
+ if (conn->vfs_ops.connect) {
+ if (conn->vfs_ops.connect(conn, service, user) < 0) {
+ DEBUG(0,("make_connection: VFS make connection failed!\n"));
+ *status = NT_STATUS_UNSUCCESSFUL;
+ change_to_root_user();
+ conn_free(conn);
+ return NULL;
+ }
+ }
+
+ /* we've finished with the user stuff - go back to root */
+ change_to_root_user();
- return(conn);
+ return(conn);
}
{
DirCacheFlush(SNUM(conn));
- unbecome_user();
+ change_to_root_user();
DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n",
remote_machine,conn->client_address,
/* Call VFS disconnect hook */
- conn->vfs_ops.disconnect();
+ conn->vfs_ops.disconnect(conn);
}
lp_servicename(SNUM(conn)),
lp_max_connections(SNUM(conn)));
- if (lp_status(SNUM(conn)))
- yield_connection(conn,"",MAXSTATUS);
-
file_close_conn(conn);
dptr_closecnum(conn);
/* execute any "postexec = " line */
if (*lp_postexec(SNUM(conn)) &&
- become_user(conn, vuid)) {
+ change_to_user(conn, vuid)) {
pstring cmd;
pstrcpy(cmd,lp_postexec(SNUM(conn)));
standard_sub_conn(conn,cmd);
- smbrun(cmd,NULL,False);
- unbecome_user();
+ smbrun(cmd,NULL);
+ change_to_root_user();
}
- unbecome_user();
+ change_to_root_user();
/* execute any "root postexec = " line */
if (*lp_rootpostexec(SNUM(conn))) {
pstring cmd;
pstrcpy(cmd,lp_rootpostexec(SNUM(conn)));
standard_sub_conn(conn,cmd);
- smbrun(cmd,NULL,False);
+ smbrun(cmd,NULL);
}
conn_free(conn);
}
git.samba.org / ira / wip.git / blobdiff