summaryrefslogtreecommitdiff
path: root/source/rpc_server/srv_srvsvc_nt.c
diff options
context:
space:
mode:
Diffstat (limited to 'source/rpc_server/srv_srvsvc_nt.c')
-rw-r--r--source/rpc_server/srv_srvsvc_nt.c270
1 files changed, 142 insertions, 128 deletions
diff --git a/source/rpc_server/srv_srvsvc_nt.c b/source/rpc_server/srv_srvsvc_nt.c
index fb7478653d..3672219dec 100644
--- a/source/rpc_server/srv_srvsvc_nt.c
+++ b/source/rpc_server/srv_srvsvc_nt.c
@@ -259,11 +259,9 @@ static void init_srv_share_info_1(pipes_struct *p, struct srvsvc_NetShareInfo1 *
char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = talloc_sub_advanced(
- p->mem_ctx, lp_servicename(snum),
- get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
- "", remark);
+ remark = standard_sub_conn(p->mem_ctx,
+ p->conn,
+ remark);
}
init_srvsvc_NetShareInfo1(r, net_name,
@@ -286,11 +284,9 @@ static void init_srv_share_info_2(pipes_struct *p, struct srvsvc_NetShareInfo2 *
remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = talloc_sub_advanced(
- p->mem_ctx, lp_servicename(snum),
- get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
- "", remark);
+ remark = standard_sub_conn(p->mem_ctx,
+ p->conn,
+ remark);
}
path = talloc_asprintf(p->mem_ctx,
"C:%s", lp_pathname(snum));
@@ -352,11 +348,7 @@ static void init_srv_share_info_501(pipes_struct *p, struct srvsvc_NetShareInfo5
char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = talloc_sub_advanced(
- p->mem_ctx, lp_servicename(snum),
- get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
- "", remark);
+ remark = standard_sub_conn(p->mem_ctx, p->conn, remark);
}
init_srvsvc_NetShareInfo501(r, net_name,
@@ -380,11 +372,7 @@ static void init_srv_share_info_502(pipes_struct *p, struct srvsvc_NetShareInfo5
char *remark = talloc_strdup(ctx, lp_comment(snum));;
if (remark) {
- remark = talloc_sub_advanced(
- p->mem_ctx, lp_servicename(snum),
- get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
- "", remark);
+ remark = standard_sub_conn(ctx, p->conn, remark);
}
path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum));
if (path) {
@@ -419,11 +407,7 @@ static void init_srv_share_info_1004(pipes_struct *p, struct srvsvc_NetShareInfo
char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));
if (remark) {
- remark = talloc_sub_advanced(
- p->mem_ctx, lp_servicename(snum),
- get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
- "", remark);
+ remark = standard_sub_conn(p->mem_ctx, p->conn, remark);
}
init_srvsvc_NetShareInfo1004(r, remark ? remark : "");
@@ -1700,9 +1684,7 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p,
DEBUG(5,("_srvsvc_NetShareAdd: %d\n", __LINE__));
- if (r->out.parm_error) {
- *r->out.parm_error = 0;
- }
+ *r->out.parm_error = 0;
get_current_user(&user,p);
@@ -2028,78 +2010,89 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
{
SEC_DESC *psd = NULL;
size_t sd_size;
- fstring servicename;
+ DATA_BLOB null_pw;
+ char *filename_in = NULL;
+ char *filename = NULL;
+ char *qualname = NULL;
SMB_STRUCT_STAT st;
NTSTATUS nt_status;
WERROR werr;
+ struct current_user user;
connection_struct *conn = NULL;
- struct sec_desc_buf *sd_buf = NULL;
- files_struct *fsp = NULL;
- int snum;
- char *oldcwd = NULL;
+ bool became_user = False;
+ TALLOC_CTX *ctx = p->mem_ctx;
+ struct sec_desc_buf *sd_buf;
ZERO_STRUCT(st);
- fstrcpy(servicename, r->in.share);
+ werr = WERR_OK;
- snum = find_service(servicename);
- if (snum == -1) {
- DEBUG(10, ("Could not find service %s\n", servicename));
- werr = WERR_NET_NAME_NOT_FOUND;
+ qualname = talloc_strdup(ctx, r->in.share);
+ if (!qualname) {
+ werr = WERR_ACCESS_DENIED;
goto error_exit;
}
- nt_status = create_conn_struct(talloc_tos(), &conn, snum,
- lp_pathname(snum), &oldcwd);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(10, ("create_conn_struct failed: %s\n",
- nt_errstr(nt_status)));
+ /* Null password is ok - we are already an authenticated user... */
+ null_pw = data_blob_null;
+
+ get_current_user(&user, p);
+
+ become_root();
+ conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
+ unbecome_root();
+
+ if (conn == NULL) {
+ DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to connect to %s\n",
+ qualname));
werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- conn->server_info = p->server_info;
-
- nt_status = create_file(
- conn, /* conn */
- NULL, /* req */
- 0, /* root_dir_fid */
- r->in.file, /* fname */
- FILE_READ_ATTRIBUTES, /* access_mask */
- FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */
- FILE_OPEN, /* create_disposition*/
- 0, /* create_options */
- 0, /* file_attributes */
- INTERNAL_OPEN_ONLY, /* oplock_request */
- 0, /* allocation_size */
- NULL, /* sd */
- NULL, /* ea_list */
- &fsp, /* result */
- NULL, /* pinfo */
- NULL); /* psbuf */
+ if (!become_user(conn, conn->vuid)) {
+ DEBUG(0,("_srvsvc_NetGetFileSecurity: Can't become connected user!\n"));
+ werr = WERR_ACCESS_DENIED;
+ goto error_exit;
+ }
+ became_user = True;
+
+ filename_in = talloc_strdup(ctx, r->in.file);
+ if (!filename_in) {
+ werr = WERR_ACCESS_DENIED;
+ goto error_exit;
+ }
+ nt_status = unix_convert(ctx, conn, filename_in, False, &filename, NULL, &st);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetGetFileSecurity: can't open %s\n",
- r->in.file));
- werr = ntstatus_to_werror(nt_status);
+ DEBUG(3,("_srvsvc_NetGetFileSecurity: bad pathname %s\n",
+ filename));
+ werr = WERR_ACCESS_DENIED;
+ goto error_exit;
+ }
+
+ nt_status = check_name(conn, filename);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(3,("_srvsvc_NetGetFileSecurity: can't access %s\n",
+ filename));
+ werr = WERR_ACCESS_DENIED;
goto error_exit;
}
- nt_status = SMB_VFS_FGET_NT_ACL(fsp,
+ nt_status = SMB_VFS_GET_NT_ACL(conn, filename,
(OWNER_SECURITY_INFORMATION
|GROUP_SECURITY_INFORMATION
|DACL_SECURITY_INFORMATION), &psd);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL "
- "for file %s\n", r->in.file));
+ DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL for file %s\n",
+ filename));
werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
sd_size = ndr_size_security_descriptor(psd, 0);
- sd_buf = TALLOC_ZERO_P(p->mem_ctx, struct sec_desc_buf);
+ sd_buf = TALLOC_ZERO_P(ctx, struct sec_desc_buf);
if (!sd_buf) {
werr = WERR_NOMEM;
goto error_exit;
@@ -2112,24 +2105,17 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
psd->dacl->revision = NT4_ACL_REVISION;
- close_file(fsp, NORMAL_CLOSE);
- vfs_ChDir(conn, oldcwd);
- conn_free_internal(conn);
- return WERR_OK;
+ unbecome_user();
+ close_cnum(conn, user.vuid);
+ return werr;
error_exit:
- if (fsp) {
- close_file(fsp, NORMAL_CLOSE);
- }
+ if (became_user)
+ unbecome_user();
- if (oldcwd) {
- vfs_ChDir(conn, oldcwd);
- }
-
- if (conn) {
- conn_free_internal(conn);
- }
+ if (conn)
+ close_cnum(conn, user.vuid);
return werr;
}
@@ -2142,90 +2128,118 @@ error_exit:
WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
struct srvsvc_NetSetFileSecurity *r)
{
- fstring servicename;
+ char *filename_in = NULL;
+ char *filename = NULL;
+ char *qualname = NULL;
+ DATA_BLOB null_pw;
files_struct *fsp = NULL;
SMB_STRUCT_STAT st;
NTSTATUS nt_status;
WERROR werr;
+ struct current_user user;
connection_struct *conn = NULL;
- int snum;
- char *oldcwd = NULL;
+ bool became_user = False;
+ TALLOC_CTX *ctx = p->mem_ctx;
ZERO_STRUCT(st);
- fstrcpy(servicename, r->in.share);
+ werr = WERR_OK;
- snum = find_service(servicename);
- if (snum == -1) {
- DEBUG(10, ("Could not find service %s\n", servicename));
- werr = WERR_NET_NAME_NOT_FOUND;
+ qualname = talloc_strdup(ctx, r->in.share);
+ if (!qualname) {
+ werr = WERR_ACCESS_DENIED;
goto error_exit;
}
- nt_status = create_conn_struct(talloc_tos(), &conn, snum,
- lp_pathname(snum), &oldcwd);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(10, ("create_conn_struct failed: %s\n",
- nt_errstr(nt_status)));
+ /* Null password is ok - we are already an authenticated user... */
+ null_pw = data_blob_null;
+
+ get_current_user(&user, p);
+
+ become_root();
+ conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
+ unbecome_root();
+
+ if (conn == NULL) {
+ DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to connect to %s\n", qualname));
werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- conn->server_info = p->server_info;
-
- nt_status = create_file(
- conn, /* conn */
- NULL, /* req */
- 0, /* root_dir_fid */
- r->in.file, /* fname */
- FILE_WRITE_ATTRIBUTES, /* access_mask */
- FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */
- FILE_OPEN, /* create_disposition*/
- 0, /* create_options */
- 0, /* file_attributes */
- INTERNAL_OPEN_ONLY, /* oplock_request */
- 0, /* allocation_size */
- NULL, /* sd */
- NULL, /* ea_list */
- &fsp, /* result */
- NULL, /* pinfo */
- NULL); /* psbuf */
+ if (!become_user(conn, conn->vuid)) {
+ DEBUG(0,("_srvsvc_NetSetFileSecurity: Can't become connected user!\n"));
+ werr = WERR_ACCESS_DENIED;
+ goto error_exit;
+ }
+ became_user = True;
+
+ filename_in = talloc_strdup(ctx, r->in.file);
+ if (!filename_in) {
+ werr = WERR_ACCESS_DENIED;
+ goto error_exit;
+ }
+ nt_status = unix_convert(ctx, conn, filename, False, &filename, NULL, &st);
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: can't open %s\n",
- r->in.file));
- werr = ntstatus_to_werror(nt_status);
+ DEBUG(3,("_srvsvc_NetSetFileSecurity: bad pathname %s\n", filename));
+ werr = WERR_ACCESS_DENIED;
+ goto error_exit;
+ }
+
+ nt_status = check_name(conn, filename);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(3,("_srvsvc_NetSetFileSecurity: can't access %s\n", filename));
+ werr = WERR_ACCESS_DENIED;
goto error_exit;
}
- nt_status = SMB_VFS_FSET_NT_ACL(fsp,
+ nt_status = open_file_stat(conn, NULL, filename, &st, &fsp);
+
+ if ( !NT_STATUS_IS_OK(nt_status) ) {
+ /* Perhaps it is a directory */
+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_IS_A_DIRECTORY))
+ nt_status = open_directory(conn, NULL, filename, &st,
+ FILE_READ_ATTRIBUTES,
+ FILE_SHARE_READ|FILE_SHARE_WRITE,
+ FILE_OPEN,
+ 0,
+ FILE_ATTRIBUTE_DIRECTORY,
+ NULL, &fsp);
+
+ if ( !NT_STATUS_IS_OK(nt_status) ) {
+ DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to open file %s\n", filename));
+ werr = ntstatus_to_werror(nt_status);
+ goto error_exit;
+ }
+ }
+
+ nt_status = SMB_VFS_SET_NT_ACL(fsp, fsp->fsp_name,
r->in.securityinformation,
r->in.sd_buf->sd);
if (!NT_STATUS_IS_OK(nt_status) ) {
- DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to set NT ACL "
- "on file %s\n", r->in.share));
+ DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to set NT ACL on file %s\n", filename));
werr = WERR_ACCESS_DENIED;
goto error_exit;
}
close_file(fsp, NORMAL_CLOSE);
- vfs_ChDir(conn, oldcwd);
- conn_free_internal(conn);
- return WERR_OK;
+ unbecome_user();
+ close_cnum(conn, user.vuid);
+ return werr;
error_exit:
- if (fsp) {
+ if(fsp) {
close_file(fsp, NORMAL_CLOSE);
}
- if (oldcwd) {
- vfs_ChDir(conn, oldcwd);
+ if (became_user) {
+ unbecome_user();
}
if (conn) {
- conn_free_internal(conn);
+ close_cnum(conn, user.vuid);
}
return werr;
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-04 21:39:06 +0000