6919822 assert failed in ndr_outer_fixed during stress test

6923019 sharing '/' could lead to system panic 6919931 local users not displayed via MMC 6725406 [CLI] smbadm tool is not localized 6725433 [CLI] vscanadm tool is not localized for supported locales 6921957 DC lookup fails when the IP address is not in DNS SRV responses 6920753 smd preferred domain controller property should accept hostnames as well as IP addresses 6878463 Optionset properties for autohome shares are not shown when viewing with sharemgr show -vp 6914411 smbadm add-member does not give clear error when run as unauthorized user
author: joyce mcintosh <Joyce.McIntosh@Sun.COM> 2010-02-06 19:03:34 -0800
committer: joyce mcintosh <Joyce.McIntosh@Sun.COM> 2010-02-06 19:03:34 -0800
commit: 96a62ada8aa6cb19b04270da282e7e21ba74b808 (patch)
tree: 6b87c9759b119878c0a540dfc51265580145414c /usr/src/cmd/smbsrv
parent: 593cc11b0ce1691880b59ee5a8bd6adcdc823490 (diff)
download: illumos-gate-96a62ada8aa6cb19b04270da282e7e21ba74b808.tar.gz
2 files changed, 60 insertions, 21 deletions
diff --git a/usr/src/cmd/smbsrv/smbadm/Makefile b/usr/src/cmd/smbsrv/smbadm/Makefile
index e972d0892a..ccf2a8436c 100644
--- a/usr/src/cmd/smbsrv/smbadm/Makefile
+++ b/usr/src/cmd/smbsrv/smbadm/Makefile
@@ -19,11 +19,9 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"@(#)Makefile	1.5	08/07/16 SMI"
-#
 
 PROG=	smbadm
 SRCS=	smbadm.c
@@ -31,7 +29,7 @@ SRCS=	smbadm.c
 include ../../Makefile.cmd
 include ../Makefile.smbsrv.defs
 
-LDLIBS += -L$(ROOT)/usr/lib/smbsrv -lsmb -lumem
+LDLIBS += -L$(ROOT)/usr/lib/smbsrv -lsmb -lsecdb -lumem
 LDFLAGS += -R/usr/lib/smbsrv
 
 all:		$(PROG)
diff --git a/usr/src/cmd/smbsrv/smbadm/smbadm.c b/usr/src/cmd/smbsrv/smbadm/smbadm.c
index a588dc65eb..2533bf6cc4 100644
--- a/usr/src/cmd/smbsrv/smbadm/smbadm.c
+++ b/usr/src/cmd/smbsrv/smbadm/smbadm.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -31,6 +31,7 @@
 #include <err.h>
 #include <ctype.h>
 #include <stdlib.h>
+#include <unistd.h>
 #include <stdio.h>
 #include <syslog.h>
 #include <strings.h>
@@ -38,11 +39,18 @@
 #include <getopt.h>
 #include <libintl.h>
 #include <zone.h>
+#include <pwd.h>
 #include <grp.h>
 #include <libgen.h>
 #include <netinet/in.h>
+#include <auth_attr.h>
+#include <locale.h>
 #include <smbsrv/libsmb.h>
 
+#if !defined(TEXT_DOMAIN)
+#define	TEXT_DOMAIN "SYS_TEST"
+#endif
+
 typedef enum {
 	HELP_ADD_MEMBER,
 	HELP_CREATE,
@@ -58,6 +66,7 @@ typedef enum {
 	HELP_USER_ENABLE
 } smbadm_help_t;
 
+#define	SMBADM_CMDF_NONE	0x00
 #define	SMBADM_CMDF_USER	0x01
 #define	SMBADM_CMDF_GROUP	0x02
 #define	SMBADM_CMDF_TYPEMASK	0x0F
@@ -69,11 +78,18 @@ typedef struct smbadm_cmdinfo {
 	int (*func)(int, char **);
 	smbadm_help_t usage;
 	uint32_t flags;
+	char *auth;
 } smbadm_cmdinfo_t;
 
 smbadm_cmdinfo_t *curcmd;
 static char *progname;
 
+#define	SMBADM_ACTION_AUTH	"solaris.smf.manage.smb"
+#define	SMBADM_VALUE_AUTH	"solaris.smf.value.smb"
+#define	SMBADM_BASIC_AUTH	"solaris.network.hosts.read"
+
+static boolean_t smbadm_checkauth(const char *);
+
 static void smbadm_usage(boolean_t);
 static int smbadm_join_workgroup(const char *);
 static int smbadm_join_domain(const char *, const char *);
@@ -96,27 +112,29 @@ static int smbadm_user_enable(int, char **);
 static smbadm_cmdinfo_t smbadm_cmdtable[] =
 {
 	{ "add-member",		smbadm_group_addmember,	HELP_ADD_MEMBER,
-	SMBADM_CMDF_GROUP },
+		SMBADM_CMDF_GROUP,	SMBADM_ACTION_AUTH },
 	{ "create",		smbadm_group_create,	HELP_CREATE,
-	SMBADM_CMDF_GROUP },
+		SMBADM_CMDF_GROUP,	SMBADM_ACTION_AUTH },
 	{ "delete",		smbadm_group_delete,	HELP_DELETE,
-	SMBADM_CMDF_GROUP },
+		SMBADM_CMDF_GROUP,	SMBADM_ACTION_AUTH },
 	{ "disable-user",	smbadm_user_disable,	HELP_USER_DISABLE,
-	SMBADM_CMDF_USER },
+		SMBADM_CMDF_USER,	SMBADM_ACTION_AUTH },
 	{ "enable-user",	smbadm_user_enable,	HELP_USER_ENABLE,
-	SMBADM_CMDF_USER },
+		SMBADM_CMDF_USER,	SMBADM_ACTION_AUTH },
 	{ "get",		smbadm_group_getprop,	HELP_GET,
-	SMBADM_CMDF_GROUP },
-	{ "join",		smbadm_join,		HELP_JOIN,	0 },
-	{ "list",		smbadm_list,		HELP_LIST,	0 },
+		SMBADM_CMDF_GROUP,	SMBADM_ACTION_AUTH },
+	{ "join",		smbadm_join,		HELP_JOIN,
+		SMBADM_CMDF_NONE,	SMBADM_VALUE_AUTH },
+	{ "list",		smbadm_list,		HELP_LIST,
+		SMBADM_CMDF_NONE,	SMBADM_BASIC_AUTH },
 	{ "remove-member",	smbadm_group_delmember,	HELP_DEL_MEMBER,
-	SMBADM_CMDF_GROUP },
+		SMBADM_CMDF_GROUP,	SMBADM_ACTION_AUTH },
 	{ "rename",		smbadm_group_rename,	HELP_RENAME,
-	SMBADM_CMDF_GROUP },
+		SMBADM_CMDF_GROUP,	SMBADM_ACTION_AUTH },
 	{ "set",		smbadm_group_setprop,	HELP_SET,
-	SMBADM_CMDF_GROUP },
+		SMBADM_CMDF_GROUP,	SMBADM_ACTION_AUTH },
 	{ "show",		smbadm_group_show,	HELP_SHOW,
-	SMBADM_CMDF_GROUP },
+		SMBADM_CMDF_GROUP,	SMBADM_ACTION_AUTH },
 };
 
 #define	SMBADM_NCMD	(sizeof (smbadm_cmdtable) / sizeof (smbadm_cmdtable[0]))
@@ -741,11 +759,10 @@ smbadm_group_create(int argc, char **argv)
 	status = smb_lgrp_add(gname, desc);
 	if (status != SMB_LGRP_SUCCESS) {
 		(void) fprintf(stderr,
-		    gettext("failed to create the group (%s)\n"),
+		    gettext("failed to create %s (%s)\n"), gname,
 		    smb_lgrp_strerror(status));
 	} else {
-		(void) printf(gettext("'%s' created.\n"),
-		    gname);
+		(void) printf(gettext("%s created\n"), gname);
 	}
 
 	return (status);
@@ -945,7 +962,7 @@ smbadm_group_delete(int argc, char **argv)
 		    gettext("failed to delete %s (%s)\n"), gname,
 		    smb_lgrp_strerror(status));
 	} else {
-		(void) printf(gettext("%s deleted.\n"), gname);
+		(void) printf(gettext("%s deleted\n"), gname);
 	}
 
 	return (status);
@@ -1349,6 +1366,9 @@ main(int argc, char **argv)
 	int ret;
 	int i;
 
+	(void) setlocale(LC_ALL, "");
+	(void) textdomain(TEXT_DOMAIN);
+
 	(void) malloc(0);	/* satisfy libumem dependency */
 
 	progname = basename(argv[0]);
@@ -1389,6 +1409,13 @@ main(int argc, char **argv)
 					smbadm_usage(B_TRUE);
 			}
 
+			if (!smbadm_checkauth(curcmd->auth)) {
+				(void) fprintf(stderr,
+				    gettext("%s: %s: authorization denied\n"),
+				    progname, curcmd->name);
+				return (1);
+			}
+
 			if ((ret = smbadm_init()) != 0)
 				return (ret);
 
@@ -1457,6 +1484,20 @@ smbadm_fini(void)
 }
 
 static boolean_t
+smbadm_checkauth(const char *auth)
+{
+	struct passwd *pw;
+
+	if ((pw = getpwuid(getuid())) == NULL)
+		return (B_FALSE);
+
+	if (chkauthattr(auth, pw->pw_name) == 0)
+		return (B_FALSE);
+
+	return (B_TRUE);
+}
+
+static boolean_t
 smbadm_prop_validate(smbadm_prop_t *prop, boolean_t chkval)
 {
 	smbadm_prop_handle_t *pinfo;
author	joyce mcintosh <Joyce.McIntosh@Sun.COM>	2010-02-06 19:03:34 -0800
committer	joyce mcintosh <Joyce.McIntosh@Sun.COM>	2010-02-06 19:03:34 -0800
commit	96a62ada8aa6cb19b04270da282e7e21ba74b808 (patch)
tree	6b87c9759b119878c0a540dfc51265580145414c /usr/src/cmd/smbsrv
parent	593cc11b0ce1691880b59ee5a8bd6adcdc823490 (diff)
download	illumos-gate-96a62ada8aa6cb19b04270da282e7e21ba74b808.tar.gz