Removed version number from file header.
[kai/samba.git] / source3 / smbd / service.c
1 /* 
2    Unix SMB/CIFS implementation.
3    service (connection) opening and closing
4    Copyright (C) Andrew Tridgell 1992-1998
5    
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 2 of the License, or
9    (at your option) any later version.
10    
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15    
16    You should have received a copy of the GNU General Public License
17    along with this program; if not, write to the Free Software
18    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22
23 extern struct timeval smb_last_time;
24 extern int case_default;
25 extern BOOL case_preserve;
26 extern BOOL short_case_preserve;
27 extern BOOL case_mangle;
28 extern BOOL case_sensitive;
29 extern BOOL use_mangled_map;
30 extern fstring remote_machine;
31 extern userdom_struct current_user_info;
32 extern fstring remote_machine;
33
34
35 /****************************************************************************
36  Load parameters specific to a connection/service.
37 ****************************************************************************/
38
39 BOOL set_current_service(connection_struct *conn,BOOL do_chdir)
40 {
41         extern char magic_char;
42         static connection_struct *last_conn;
43         int snum;
44
45         if (!conn)  {
46                 last_conn = NULL;
47                 return(False);
48         }
49
50         conn->lastused = smb_last_time.tv_sec;
51
52         snum = SNUM(conn);
53   
54         if (do_chdir &&
55             vfs_ChDir(conn,conn->connectpath) != 0 &&
56             vfs_ChDir(conn,conn->origpath) != 0) {
57                 DEBUG(0,("chdir (%s) failed\n",
58                          conn->connectpath));
59                 return(False);
60         }
61
62         if (conn == last_conn)
63                 return(True);
64
65         last_conn = conn;
66
67         case_default = lp_defaultcase(snum);
68         case_preserve = lp_preservecase(snum);
69         short_case_preserve = lp_shortpreservecase(snum);
70         case_mangle = lp_casemangle(snum);
71         case_sensitive = lp_casesensitive(snum);
72         magic_char = lp_magicchar(snum);
73         use_mangled_map = (*lp_mangled_map(snum) ? True:False);
74         return(True);
75 }
76
77 /****************************************************************************
78  Add a home service. Returns the new service number or -1 if fail.
79 ****************************************************************************/
80
81 int add_home_service(const char *service, const char *homedir)
82 {
83         int iHomeService;
84         int iService;
85         fstring new_service;
86         fstring domain;
87
88         if (!service || !homedir)
89                 return -1;
90
91         if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0)
92                 return -1;
93
94         /*
95          * If this is a winbindd provided username, remove
96          * the domain component before adding the service.
97          * Log a warning if the "path=" parameter does not
98          * include any macros.
99          */
100
101         split_domain_and_name(service, domain, new_service);
102         lp_add_home(new_service, iHomeService, homedir);
103         iService = lp_servicenumber(new_service);
104
105         return iService;
106 }
107
108
109 /**
110  * Find a service entry. service is always in dos codepage.
111  *
112  * @param service is modified (to canonical form??)
113  **/
114 int find_service(fstring service)
115 {
116    int iService;
117
118    all_string_sub(service,"\\","/",0);
119
120    iService = lp_servicenumber(service);
121
122    /* now handle the special case of a home directory */
123    if (iService < 0)
124    {
125       char *phome_dir = get_user_service_home_dir(service);
126
127       if(!phome_dir)
128       {
129         /*
130          * Try mapping the servicename, it may
131          * be a Windows to unix mapped user name.
132          */
133         if(map_username(service))
134           phome_dir = get_user_service_home_dir(service);
135       }
136
137       DEBUG(3,("checking for home directory %s gave %s\n",service,
138             phome_dir?phome_dir:"(NULL)"));
139
140       iService = add_home_service(service,phome_dir);
141    }
142
143    /* If we still don't have a service, attempt to add it as a printer. */
144    if (iService < 0)
145    {
146       int iPrinterService;
147
148       if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0)
149       {
150          char *pszTemp;
151
152          DEBUG(3,("checking whether %s is a valid printer name...\n", service));
153          pszTemp = PRINTCAP;
154          if ((pszTemp != NULL) && pcap_printername_ok(service, pszTemp))
155          {
156             DEBUG(3,("%s is a valid printer name\n", service));
157             DEBUG(3,("adding %s as a printer service\n", service));
158             lp_add_printer(service, iPrinterService);
159             iService = lp_servicenumber(service);
160             if (iService < 0)
161                DEBUG(0,("failed to add %s as a printer service!\n", service));
162          }
163          else
164             DEBUG(3,("%s is not a valid printer name\n", service));
165       }
166    }
167
168    /* Check for default vfs service?  Unsure whether to implement this */
169    if (iService < 0)
170    {
171    }
172
173    /* just possibly it's a default service? */
174    if (iService < 0) 
175    {
176      char *pdefservice = lp_defaultservice();
177      if (pdefservice && *pdefservice && 
178          !strequal(pdefservice,service) &&
179          !strstr(service,".."))
180      {
181        /*
182         * We need to do a local copy here as lp_defaultservice() 
183         * returns one of the rotating lp_string buffers that
184         * could get overwritten by the recursive find_service() call
185         * below. Fix from Josef Hinteregger <joehtg@joehtg.co.at>.
186         */
187        pstring defservice;
188        pstrcpy(defservice, pdefservice);
189        iService = find_service(defservice);
190        if (iService >= 0)
191        {
192          all_string_sub(service, "_","/",0);
193          iService = lp_add_service(service, iService);
194        }
195      }
196    }
197
198    if (iService >= 0)
199      if (!VALID_SNUM(iService))
200      {
201        DEBUG(0,("Invalid snum %d for %s\n",iService, service));
202        iService = -1;
203      }
204
205    if (iService < 0)
206      DEBUG(3,("find_service() failed to find service %s\n", service));
207
208    return (iService);
209 }
210
211
212 /****************************************************************************
213  do some basic sainity checks on the share.  
214  This function modifies dev, ecode.
215 ****************************************************************************/
216 static NTSTATUS share_sanity_checks(int snum, const char* service, pstring dev) 
217 {
218         
219         if (!lp_snum_ok(snum) || 
220             !check_access(smbd_server_fd(), 
221                           lp_hostsallow(snum), lp_hostsdeny(snum))) {    
222                 return NT_STATUS_ACCESS_DENIED;
223         }
224
225         /* you can only connect to the IPC$ service as an ipc device */
226         if (strequal(service,"IPC$") || strequal(service,"ADMIN$"))
227                 pstrcpy(dev,"IPC");
228         
229         if (dev[0] == '?' || !dev[0]) {
230                 if (lp_print_ok(snum)) {
231                         pstrcpy(dev,"LPT1:");
232                 } else {
233                         pstrcpy(dev,"A:");
234                 }
235         }
236
237         /* if the request is as a printer and you can't print then refuse */
238         strupper(dev);
239         if (!lp_print_ok(snum) && (strncmp(dev,"LPT",3) == 0)) {
240                 DEBUG(1,("Attempt to connect to non-printer as a printer\n"));
241                 return NT_STATUS_BAD_DEVICE_TYPE;
242         }
243
244         /* Behave as a printer if we are supposed to */
245         if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) {
246                 pstrcpy(dev, "LPT1:");
247         }
248
249         return NT_STATUS_OK;
250 }
251
252
253 /****************************************************************************
254  readonly share?
255 ****************************************************************************/
256 static void set_read_only(connection_struct *conn) 
257 {
258         char **list;
259         char *service = lp_servicename(conn->service);
260         conn->read_only = lp_readonly(conn->service);
261
262         if (!service) return;
263
264         lp_list_copy(&list, lp_readlist(conn->service));
265         if (list) {
266                 if (!lp_list_substitute(list, "%S", service)) {
267                         DEBUG(0, ("ERROR: read list substitution failed\n"));
268                 }
269                 if (user_in_list(conn->user, list))
270                         conn->read_only = True;
271                 lp_list_free(&list);
272         }
273         
274         lp_list_copy(&list, lp_writelist(conn->service));
275         if (list) {
276                 if (!lp_list_substitute(list, "%S", service)) {
277                         DEBUG(0, ("ERROR: write list substitution failed\n"));
278                 }
279                 if (user_in_list(conn->user, list))
280                         conn->read_only = False;
281                 lp_list_free(&list);
282         }
283 }
284
285
286 /****************************************************************************
287   admin user check
288 ****************************************************************************/
289 static void set_admin_user(connection_struct *conn) 
290 {
291         /* admin user check */
292         
293         /* JRA - original code denied admin user if the share was
294            marked read_only. Changed as I don't think this is needed,
295            but old code left in case there is a problem here.
296         */
297         if (user_in_list(conn->user,lp_admin_users(conn->service)) 
298 #if 0
299             && !conn->read_only
300 #endif
301             ) {
302                 conn->admin_user = True;
303                 DEBUG(0,("%s logged in as admin user (root privileges)\n",conn->user));
304         } else {
305                 conn->admin_user = False;
306         }
307
308 #if 0 /* This done later, for now */    
309         /* admin users always run as uid=0 */
310         if (conn->admin_user) {
311                 conn->uid = 0;
312         }
313 #endif
314 }
315
316 /****************************************************************************
317  Make a connection to a service.
318  *
319  * @param service (May be modified to canonical form???)
320 ****************************************************************************/
321
322 connection_struct *make_connection(char *service, DATA_BLOB password, 
323                                    char *dev, uint16 vuid, NTSTATUS *status)
324 {
325         int snum;
326         struct passwd *pass = NULL;
327         BOOL guest = False;
328         BOOL force = False;
329         connection_struct *conn;
330         uid_t euid;
331
332         fstring user;
333         ZERO_STRUCT(user);
334
335         /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */
336         if (!non_root_mode() && (euid = geteuid()) != 0) {
337                 DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot (%u)\n", (unsigned int)euid ));
338                 smb_panic("make_connection: PANIC ERROR. Called as nonroot\n");
339         }
340
341         strlower(service);
342
343         snum = find_service(service);
344
345         if (snum < 0) {
346                 if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) {
347                         DEBUG(3,("refusing IPC connection\n"));
348                         *status = NT_STATUS_ACCESS_DENIED;
349                         return NULL;
350                 }
351
352                 DEBUG(0,("%s (%s) couldn't find service %s\n",
353                          remote_machine, client_addr(), service));
354                 *status = NT_STATUS_BAD_NETWORK_NAME;
355                 return NULL;
356         }
357
358         if (strequal(service,HOMES_NAME)) {
359                 if(lp_security() != SEC_SHARE) {
360                         if (validated_username(vuid)) {
361                                 fstring unix_username;
362                                 fstrcpy(unix_username,validated_username(vuid));
363                                 return make_connection(unix_username,
364                                                        password,dev,vuid,status);
365                         }
366                 } else {
367                         /* Security = share. Try with current_user_info.smb_name
368                          * as the username.  */
369                         if (* current_user_info.smb_name) {
370                                 fstring unix_username;
371                                 fstrcpy(unix_username,
372                                         current_user_info.smb_name);
373                                 map_username(unix_username);
374                                 return make_connection(unix_username,
375                                                        password,dev,vuid,status);
376                         }
377                 }
378         }
379
380         if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, service, dev))) {
381                 return NULL;
382         }       
383
384         /* add it as a possible user name if we 
385            are in share mode security */
386         if (lp_security() == SEC_SHARE) {
387                 add_session_user(service);
388         }
389
390
391         /* shall we let them in? */
392         if (!authorise_login(snum,user,password,&guest,&force,vuid)) {
393                 DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) );
394                 *status = NT_STATUS_WRONG_PASSWORD;
395                 return NULL;
396         }
397
398         add_session_user(user);
399   
400         conn = conn_new();
401         if (!conn) {
402                 DEBUG(0,("Couldn't find free connection.\n"));
403                 *status = NT_STATUS_INSUFFICIENT_RESOURCES;
404                 return NULL;
405         }
406
407         /* find out some info about the user */
408         pass = smb_getpwnam(user,True);
409
410         if (pass == NULL) {
411                 DEBUG(0,( "Couldn't find account %s\n",user));
412                 *status = NT_STATUS_NO_SUCH_USER;
413                 conn_free(conn);
414                 return NULL;
415         }
416
417         conn->force_user = force;
418         conn->vuid = vuid;
419         conn->uid = pass->pw_uid;
420         conn->gid = pass->pw_gid;
421         safe_strcpy(conn->client_address, client_addr(), 
422                     sizeof(conn->client_address)-1);
423         conn->num_files_open = 0;
424         conn->lastused = time(NULL);
425         conn->service = snum;
426         conn->used = True;
427         conn->printer = (strncmp(dev,"LPT",3) == 0);
428         conn->ipc = ((strncmp(dev,"IPC",3) == 0) || strequal(dev,"ADMIN$"));
429         conn->dirptr = NULL;
430         conn->veto_list = NULL;
431         conn->hide_list = NULL;
432         conn->veto_oplock_list = NULL;
433         string_set(&conn->dirpath,"");
434         string_set(&conn->user,user);
435         conn->nt_user_token = NULL;
436         
437         set_read_only(conn);
438         
439         set_admin_user(conn);
440
441         /*
442          * If force user is true, then store the
443          * given userid and also the primary groupid
444          * of the user we're forcing.
445          */
446         
447         if (*lp_force_user(snum)) {
448                 struct passwd *pass2;
449                 pstring fuser;
450                 pstrcpy(fuser,lp_force_user(snum));
451
452                 /* Allow %S to be used by force user. */
453                 pstring_sub(fuser,"%S",service);
454
455                 pass2 = (struct passwd *)Get_Pwnam_Modify(fuser);
456                 if (pass2) {
457                         conn->uid = pass2->pw_uid;
458                         conn->gid = pass2->pw_gid;
459                         string_set(&conn->user,fuser);
460                         fstrcpy(user,fuser);
461                         conn->force_user = True;
462                         DEBUG(3,("Forced user %s\n",fuser));      
463                 } else {
464                         DEBUG(1,("Couldn't find user %s\n",fuser));
465                 }
466         }
467
468         /* admin users always run as uid=0 */
469         if (conn->admin_user) {
470                 conn->uid = 0;
471         }
472
473 #ifdef HAVE_GETGRNAM 
474         /*
475          * If force group is true, then override
476          * any groupid stored for the connecting user.
477          */
478         
479         if (*lp_force_group(snum)) {
480                 gid_t gid;
481                 pstring gname;
482                 pstring tmp_gname;
483                 BOOL user_must_be_member = False;
484                 
485                 StrnCpy(tmp_gname,lp_force_group(snum),sizeof(pstring)-1);
486
487                 if (tmp_gname[0] == '+') {
488                         user_must_be_member = True;
489                         StrnCpy(gname,&tmp_gname[1],sizeof(pstring)-2);
490                 } else {
491                         StrnCpy(gname,tmp_gname,sizeof(pstring)-1);
492                 }
493                 /* default service may be a group name          */
494                 pstring_sub(gname,"%S",service);
495                 gid = nametogid(gname);
496                 
497                 if (gid != (gid_t)-1) {
498                         /*
499                          * If the user has been forced and the forced group starts
500                          * with a '+', then we only set the group to be the forced
501                          * group if the forced user is a member of that group.
502                          * Otherwise, the meaning of the '+' would be ignored.
503                          */
504                         if (conn->force_user && user_must_be_member) {
505                                 if (user_in_group_list( user, gname )) {
506                                                 conn->gid = gid;
507                                                 DEBUG(3,("Forced group %s for member %s\n",gname,user));
508                                 }
509                         } else {
510                                 conn->gid = gid;
511                                 DEBUG(3,("Forced group %s\n",gname));
512                         }
513                 } else {
514                         DEBUG(1,("Couldn't find group %s\n",gname));
515                 }
516         }
517 #endif /* HAVE_GETGRNAM */
518
519         {
520                 pstring s;
521                 pstrcpy(s,lp_pathname(snum));
522                 standard_sub_conn(conn,s);
523                 string_set(&conn->connectpath,s);
524                 DEBUG(3,("Connect path is %s\n",s));
525         }
526
527         /* groups stuff added by ih */
528         conn->ngroups = 0;
529         conn->groups = NULL;
530         
531         /* Find all the groups this uid is in and
532            store them. Used by change_to_user() */
533         initialise_groups(conn->user, conn->uid, conn->gid); 
534         get_current_groups(&conn->ngroups,&conn->groups);
535                 
536         conn->nt_user_token = create_nt_token(conn->uid, conn->gid, 
537                                               conn->ngroups, conn->groups,
538                                               guest, NULL);
539
540         /*
541          * New code to check if there's a share security descripter
542          * added from NT server manager. This is done after the
543          * smb.conf checks are done as we need a uid and token. JRA.
544          */
545
546         {
547                 BOOL can_write = share_access_check(conn, snum, vuid, FILE_WRITE_DATA);
548
549                 if (!can_write) {
550                         if (!share_access_check(conn, snum, vuid, FILE_READ_DATA)) {
551                                 /* No access, read or write. */
552                                 *status = NT_STATUS_ACCESS_DENIED;
553                                 DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
554                                         service ));
555                                 conn_free(conn);
556                                 return NULL;
557                         } else {
558                                 conn->read_only = True;
559                         }
560                 }
561         }
562         /* Initialise VFS function pointers */
563
564         if (!smbd_vfs_init(conn)) {
565                 DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn))));
566                 conn_free(conn);
567                 return NULL;
568         }
569
570 /* ROOT Activities: */  
571         /* check number of connections */
572         if (!claim_connection(conn,
573                               lp_servicename(SNUM(conn)),
574                               lp_max_connections(SNUM(conn)),
575                               False)) {
576                 DEBUG(1,("too many connections - rejected\n"));
577                 *status = NT_STATUS_INSUFFICIENT_RESOURCES;
578                 conn_free(conn);
579                 return NULL;
580         }  
581
582         /* Preexecs are done here as they might make the dir we are to ChDir to below */
583         /* execute any "root preexec = " line */
584         if (*lp_rootpreexec(SNUM(conn))) {
585                 int ret;
586                 pstring cmd;
587                 pstrcpy(cmd,lp_rootpreexec(SNUM(conn)));
588                 standard_sub_conn(conn,cmd);
589                 DEBUG(5,("cmd=%s\n",cmd));
590                 ret = smbrun(cmd,NULL);
591                 if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) {
592                         DEBUG(1,("root preexec gave %d - failing connection\n", ret));
593                         yield_connection(conn, lp_servicename(SNUM(conn)));
594                         conn_free(conn);
595                         *status = NT_STATUS_UNSUCCESSFUL;
596                         return NULL;
597                 }
598         }
599
600 /* USER Activites: */
601         if (!change_to_user(conn, conn->vuid)) {
602                 /* No point continuing if they fail the basic checks */
603                 DEBUG(0,("Can't become connected user!\n"));
604                 conn_free(conn);
605                 *status = NT_STATUS_LOGON_FAILURE;
606                 return NULL;
607         }
608
609         /* Remember that a different vuid can connect later without these checks... */
610
611         /* Preexecs are done here as they might make the dir we are to ChDir to below */
612         /* execute any "preexec = " line */
613         if (*lp_preexec(SNUM(conn))) {
614                 int ret;
615                 pstring cmd;
616                 pstrcpy(cmd,lp_preexec(SNUM(conn)));
617                 standard_sub_conn(conn,cmd);
618                 ret = smbrun(cmd,NULL);
619                 if (ret != 0 && lp_preexec_close(SNUM(conn))) {
620                         DEBUG(1,("preexec gave %d - failing connection\n", ret));
621                         change_to_root_user();
622                         yield_connection(conn, lp_servicename(SNUM(conn)));
623                         conn_free(conn);
624                         *status = NT_STATUS_UNSUCCESSFUL;
625                         return NULL;
626                 }
627         }
628
629         if (vfs_ChDir(conn,conn->connectpath) != 0) {
630                 DEBUG(0,("%s (%s) Can't change directory to %s (%s)\n",
631                          remote_machine, conn->client_address,
632                          conn->connectpath,strerror(errno)));
633                 change_to_root_user();
634                 yield_connection(conn, lp_servicename(SNUM(conn)));
635                 conn_free(conn);
636                 *status = NT_STATUS_BAD_NETWORK_NAME;
637                 return NULL;
638         }
639         
640         string_set(&conn->origpath,conn->connectpath);
641         
642 #if SOFTLINK_OPTIMISATION
643         /* resolve any soft links early */
644         {
645                 pstring s;
646                 pstrcpy(s,conn->connectpath);
647                 vfs_GetWd(conn,s);
648                 string_set(&conn->connectpath,s);
649                 vfs_ChDir(conn,conn->connectpath);
650         }
651 #endif
652         
653         /*
654          * Print out the 'connected as' stuff here as we need
655          * to know the effective uid and gid we will be using
656          * (at least initially).
657          */
658
659         if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) {
660                 dbgtext( "%s (%s) ", remote_machine, conn->client_address );
661                 dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) );
662                 dbgtext( "initially as user %s ", user );
663                 dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() );
664                 dbgtext( "(pid %d)\n", (int)sys_getpid() );
665         }
666         
667         /* Add veto/hide lists */
668         if (!IS_IPC(conn) && !IS_PRINT(conn)) {
669                 set_namearray( &conn->veto_list, lp_veto_files(SNUM(conn)));
670                 set_namearray( &conn->hide_list, lp_hide_files(SNUM(conn)));
671                 set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(SNUM(conn)));
672         }
673         
674         /* Invoke VFS make connection hook */
675
676         if (conn->vfs_ops.connect) {
677                 if (conn->vfs_ops.connect(conn, service, user) < 0) {
678                         DEBUG(0,("make_connection: VFS make connection failed!\n"));
679                         *status = NT_STATUS_UNSUCCESSFUL;
680                         change_to_root_user();
681                         conn_free(conn);
682                         return NULL;
683                 }
684         }
685
686         /* we've finished with the user stuff - go back to root */
687         change_to_root_user();
688             
689         return(conn);
690 }
691
692
693 /****************************************************************************
694 close a cnum
695 ****************************************************************************/
696 void close_cnum(connection_struct *conn, uint16 vuid)
697 {
698         DirCacheFlush(SNUM(conn));
699
700         change_to_root_user();
701
702         DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n",
703                                  remote_machine,conn->client_address,
704                                  lp_servicename(SNUM(conn))));
705
706         if (conn->vfs_ops.disconnect != NULL) {
707
708             /* Call VFS disconnect hook */
709             
710             conn->vfs_ops.disconnect(conn);
711             
712         }
713
714         yield_connection(conn, lp_servicename(SNUM(conn)));
715
716         file_close_conn(conn);
717         dptr_closecnum(conn);
718
719         /* execute any "postexec = " line */
720         if (*lp_postexec(SNUM(conn)) && 
721             change_to_user(conn, vuid))  {
722                 pstring cmd;
723                 pstrcpy(cmd,lp_postexec(SNUM(conn)));
724                 standard_sub_conn(conn,cmd);
725                 smbrun(cmd,NULL);
726                 change_to_root_user();
727         }
728
729         change_to_root_user();
730         /* execute any "root postexec = " line */
731         if (*lp_rootpostexec(SNUM(conn)))  {
732                 pstring cmd;
733                 pstrcpy(cmd,lp_rootpostexec(SNUM(conn)));
734                 standard_sub_conn(conn,cmd);
735                 smbrun(cmd,NULL);
736         }
737         conn_free(conn);
738 }