search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: fix guest auth when winbindd is running
[Samba.git] / source / utils / net_usershare.c
blob550157a1037d5e3274893aff48f23de7cfd26748
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4
5 Copyright (C) Jeremy Allison (jra@samba.org) 2005
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>. */
19
20 #include "includes.h"
21 #include "utils/net.h"
22
23 struct {
24 const char *us_errstr;
25 enum usershare_err us_err;
26 } us_errs [] = {
27 {"",USERSHARE_OK},
28 {"Malformed usershare file", USERSHARE_MALFORMED_FILE},
29 {"Bad version number", USERSHARE_BAD_VERSION},
30 {"Malformed path entry", USERSHARE_MALFORMED_PATH},
31 {"Malformed comment entryfile", USERSHARE_MALFORMED_COMMENT_DEF},
32 {"Malformed acl definition", USERSHARE_MALFORMED_ACL_DEF},
33 {"Acl parse error", USERSHARE_ACL_ERR},
34 {"Path not absolute", USERSHARE_PATH_NOT_ABSOLUTE},
35 {"Path is denied", USERSHARE_PATH_IS_DENIED},
36 {"Path not allowed", USERSHARE_PATH_NOT_ALLOWED},
37 {"Path is not a directory", USERSHARE_PATH_NOT_DIRECTORY},
38 {"System error", USERSHARE_POSIX_ERR},
39 {NULL,(enum usershare_err)-1}
40 };
41
42 static const char *get_us_error_code(enum usershare_err us_err)
43 {
44 char *result;
45 int idx = 0;
46
47 while (us_errs[idx].us_errstr != NULL) {
48 if (us_errs[idx].us_err == us_err) {
49 return us_errs[idx].us_errstr;
50 }
51 idx++;
52 }
53
54 result = talloc_asprintf(talloc_tos(), "Usershare error code (0x%x)",
55 (unsigned int)us_err);
56 SMB_ASSERT(result != NULL);
57 return result;
58 }
59
60 /* The help subsystem for the USERSHARE subcommand */
61
62 static int net_usershare_add_usage(int argc, const char **argv)
63 {
64 char c = *lp_winbind_separator();
65 d_printf(
66 "net usershare add [-l|--long] <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>]\n"
67 "\tAdds the specified share name for this user.\n"
68 "\t<sharename> is the new share name.\n"
69 "\t<path> is the path on the filesystem to export.\n"
70 "\t<comment> is the optional comment for the new share.\n"
71 "\t<acl> is an optional share acl in the format \"DOMAIN%cname:X,DOMAIN%cname:X,....\"\n"
72 "\t<guest_ok=y> if present sets \"guest ok = yes\" on this usershare.\n"
73 "\t\t\"X\" represents a permission and can be any one of the characters f, r or d\n"
74 "\t\twhere \"f\" means full control, \"r\" means read-only, \"d\" means deny access.\n"
75 "\t\tname may be a domain user or group. For local users use the local server name "
76 "instead of \"DOMAIN\"\n"
77 "\t\tThe default acl is \"Everyone:r\" which allows everyone read-only access.\n"
78 "\tAdd -l or --long to print the info on the newly added share.\n",
79 c, c );
80 return -1;
81 }
82
83 static int net_usershare_delete_usage(int argc, const char **argv)
84 {
85 d_printf(
86 "net usershare delete <sharename>\n"\
87 "\tdeletes the specified share name for this user.\n");
88 return -1;
89 }
90
91 static int net_usershare_info_usage(int argc, const char **argv)
92 {
93 d_printf(
94 "net usershare info [-l|--long] [wildcard sharename]\n"\
95 "\tPrints out the path, comment and acl elements of shares that match the wildcard.\n"
96 "\tBy default only gives info on shares owned by the current user\n"
97 "\tAdd -l or --long to apply this to all shares\n"
98 "\tOmit the sharename or use a wildcard of '*' to see all shares\n");
99 return -1;
100 }
101
102 static int net_usershare_list_usage(int argc, const char **argv)
103 {
104 d_printf(
105 "net usershare list [-l|--long] [wildcard sharename]\n"\
106 "\tLists the names of all shares that match the wildcard.\n"
107 "\tBy default only lists shares owned by the current user\n"
108 "\tAdd -l or --long to apply this to all shares\n"
109 "\tOmit the sharename or use a wildcard of '*' to see all shares\n");
110 return -1;
111 }
112
113 int net_usershare_usage(int argc, const char **argv)
114 {
115 d_printf("net usershare add <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>] to "
116 "add or change a user defined share.\n"
117 "net usershare delete <sharename> to delete a user defined share.\n"
118 "net usershare info [-l|--long] [wildcard sharename] to print info about a user defined share.\n"
119 "net usershare list [-l|--long] [wildcard sharename] to list user defined shares.\n"
120 "net usershare help\n"\
121 "\nType \"net usershare help <option>\" to get more information on that option\n\n");
122
123 net_common_flags_usage(argc, argv);
124 return -1;
125 }
126
127 /***************************************************************************
128 ***************************************************************************/
129
130 static char *get_basepath(TALLOC_CTX *ctx)
131 {
132 char *basepath = talloc_strdup(ctx, lp_usershare_path());
133
134 if (!basepath) {
135 return NULL;
136 }
137 if ((basepath[0] != '\0') && (basepath[strlen(basepath)-1] == '/')) {
138 basepath[strlen(basepath)-1] = '\0';
139 }
140 return basepath;
141 }
142
143 /***************************************************************************
144 Delete a single userlevel share.
145 ***************************************************************************/
146
147 static int net_usershare_delete(int argc, const char **argv)
148 {
149 char *us_path;
150 char *sharename;
151
152 if (argc != 1) {
153 return net_usershare_delete_usage(argc, argv);
154 }
155
156 if ((sharename = strdup_lower(argv[0])) == NULL) {
157 d_fprintf(stderr, "strdup failed\n");
158 return -1;
159 }
160
161 if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
162 d_fprintf(stderr, "net usershare delete: share name %s contains "
163 "invalid characters (any of %s)\n",
164 sharename, INVALID_SHARENAME_CHARS);
165 SAFE_FREE(sharename);
166 return -1;
167 }
168
169 us_path = talloc_asprintf(talloc_tos(),
170 "%s/%s",
171 lp_usershare_path(),
172 sharename);
173 if (!us_path) {
174 SAFE_FREE(sharename);
175 return -1;
176 }
177
178 if (unlink(us_path) != 0) {
179 d_fprintf(stderr, "net usershare delete: unable to remove usershare %s. "
180 "Error was %s\n",
181 us_path, strerror(errno));
182 SAFE_FREE(sharename);
183 return -1;
184 }
185 SAFE_FREE(sharename);
186 return 0;
187 }
188
189 /***************************************************************************
190 Data structures to handle a list of usershare files.
191 ***************************************************************************/
192
193 struct file_list {
194 struct file_list *next, *prev;
195 const char *pathname;
196 };
197
198 static struct file_list *flist;
199
200 /***************************************************************************
201 ***************************************************************************/
202
203 static int get_share_list(TALLOC_CTX *ctx, const char *wcard, bool only_ours)
204 {
205 SMB_STRUCT_DIR *dp;
206 SMB_STRUCT_DIRENT *de;
207 uid_t myuid = geteuid();
208 struct file_list *fl = NULL;
209 char *basepath = get_basepath(ctx);
210
211 if (!basepath) {
212 return -1;
213 }
214 dp = sys_opendir(basepath);
215 if (!dp) {
216 d_fprintf(stderr, "get_share_list: cannot open usershare directory %s. Error %s\n",
217 basepath, strerror(errno) );
218 return -1;
219 }
220
221 while((de = sys_readdir(dp)) != 0) {
222 SMB_STRUCT_STAT sbuf;
223 char *path;
224 const char *n = de->d_name;
225
226 /* Ignore . and .. */
227 if (*n == '.') {
228 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
229 continue;
230 }
231 }
232
233 if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
234 d_fprintf(stderr, "get_share_list: ignoring bad share name %s\n",n);
235 continue;
236 }
237 path = talloc_asprintf(ctx,
238 "%s/%s",
239 basepath,
240 n);
241 if (!path) {
242 sys_closedir(dp);
243 return -1;
244 }
245
246 if (sys_lstat(path, &sbuf) != 0) {
247 d_fprintf(stderr, "get_share_list: can't lstat file %s. Error was %s\n",
248 path, strerror(errno) );
249 continue;
250 }
251
252 if (!S_ISREG(sbuf.st_mode)) {
253 d_fprintf(stderr, "get_share_list: file %s is not a regular file. Ignoring.\n",
254 path );
255 continue;
256 }
257
258 if (only_ours && sbuf.st_uid != myuid) {
259 continue;
260 }
261
262 if (!unix_wild_match(wcard, n)) {
263 continue;
264 }
265
266 /* (Finally) - add to list. */
267 fl = TALLOC_P(ctx, struct file_list);
268 if (!fl) {
269 sys_closedir(dp);
270 return -1;
271 }
272 fl->pathname = talloc_strdup(ctx, n);
273 if (!fl->pathname) {
274 sys_closedir(dp);
275 return -1;
276 }
277
278 DLIST_ADD(flist, fl);
279 }
280
281 sys_closedir(dp);
282 return 0;
283 }
284
285 enum us_priv_op { US_LIST_OP, US_INFO_OP};
286
287 struct us_priv_info {
288 TALLOC_CTX *ctx;
289 enum us_priv_op op;
290 };
291
292 /***************************************************************************
293 Call a function for every share on the list.
294 ***************************************************************************/
295
296 static int process_share_list(int (*fn)(struct file_list *, void *), void *priv)
297 {
298 struct file_list *fl;
299 int ret = 0;
300
301 for (fl = flist; fl; fl = fl->next) {
302 ret = (*fn)(fl, priv);
303 }
304
305 return ret;
306 }
307
308 /***************************************************************************
309 Info function.
310 ***************************************************************************/
311
312 static int info_fn(struct file_list *fl, void *priv)
313 {
314 SMB_STRUCT_STAT sbuf;
315 char **lines = NULL;
316 struct us_priv_info *pi = (struct us_priv_info *)priv;
317 TALLOC_CTX *ctx = pi->ctx;
318 int fd = -1;
319 int numlines = 0;
320 SEC_DESC *psd = NULL;
321 char *basepath;
322 char *sharepath = NULL;
323 char *comment = NULL;
324 char *acl_str;
325 int num_aces;
326 char sep_str[2];
327 enum usershare_err us_err;
328 bool guest_ok = False;
329
330 sep_str[0] = *lp_winbind_separator();
331 sep_str[1] = '\0';
332
333 basepath = get_basepath(ctx);
334 if (!basepath) {
335 return -1;
336 }
337 basepath = talloc_asprintf_append(basepath,
338 "/%s",
339 fl->pathname);
340 if (!basepath) {
341 return -1;
342 }
343
344 #ifdef O_NOFOLLOW
345 fd = sys_open(basepath, O_RDONLY|O_NOFOLLOW, 0);
346 #else
347 fd = sys_open(basepath, O_RDONLY, 0);
348 #endif
349
350 if (fd == -1) {
351 d_fprintf(stderr, "info_fn: unable to open %s. %s\n",
352 basepath, strerror(errno) );
353 return -1;
354 }
355
356 /* Paranoia... */
357 if (sys_fstat(fd, &sbuf) != 0) {
358 d_fprintf(stderr, "info_fn: can't fstat file %s. Error was %s\n",
359 basepath, strerror(errno) );
360 close(fd);
361 return -1;
362 }
363
364 if (!S_ISREG(sbuf.st_mode)) {
365 d_fprintf(stderr, "info_fn: file %s is not a regular file. Ignoring.\n",
366 basepath );
367 close(fd);
368 return -1;
369 }
370
371 lines = fd_lines_load(fd, &numlines, 10240);
372 close(fd);
373
374 if (lines == NULL) {
375 return -1;
376 }
377
378 /* Ensure it's well formed. */
379 us_err = parse_usershare_file(ctx, &sbuf, fl->pathname, -1, lines, numlines,
380 &sharepath,
381 &comment,
382 &psd,
383 &guest_ok);
384
385 file_lines_free(lines);
386
387 if (us_err != USERSHARE_OK) {
388 d_fprintf(stderr, "info_fn: file %s is not a well formed usershare file.\n",
389 basepath );
390 d_fprintf(stderr, "info_fn: Error was %s.\n",
391 get_us_error_code(us_err) );
392 return -1;
393 }
394
395 acl_str = talloc_strdup(ctx, "usershare_acl=");
396 if (!acl_str) {
397 return -1;
398 }
399
400 for (num_aces = 0; num_aces < psd->dacl->num_aces; num_aces++) {
401 const char *domain;
402 const char *name;
403 NTSTATUS ntstatus;
404
405 ntstatus = net_lookup_name_from_sid(ctx, &psd->dacl->aces[num_aces].trustee, &domain, &name);
406
407 if (NT_STATUS_IS_OK(ntstatus)) {
408 if (domain && *domain) {
409 acl_str = talloc_asprintf_append(acl_str,
410 "%s%s",
411 domain,
412 sep_str);
413 if (!acl_str) {
414 return -1;
415 }
416 }
417 acl_str = talloc_asprintf_append(acl_str,
418 "%s",
419 name);
420 if (!acl_str) {
421 return -1;
422 }
423
424 } else {
425 fstring sidstr;
426 sid_to_fstring(sidstr,
427 &psd->dacl->aces[num_aces].trustee);
428 acl_str = talloc_asprintf_append(acl_str,
429 "%s",
430 sidstr);
431 if (!acl_str) {
432 return -1;
433 }
434 }
435 acl_str = talloc_asprintf_append(acl_str, ":");
436 if (!acl_str) {
437 return -1;
438 }
439
440 if (psd->dacl->aces[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) {
441 acl_str = talloc_asprintf_append(acl_str, "D,");
442 if (!acl_str) {
443 return -1;
444 }
445 } else {
446 if (psd->dacl->aces[num_aces].access_mask & GENERIC_ALL_ACCESS) {
447 acl_str = talloc_asprintf_append(acl_str, "F,");
448 } else {
449 acl_str = talloc_asprintf_append(acl_str, "R,");
450 }
451 if (!acl_str) {
452 return -1;
453 }
454 }
455 }
456
457 if (pi->op == US_INFO_OP) {
458 d_printf("[%s]\n", fl->pathname );
459 d_printf("path=%s\n", sharepath );
460 d_printf("comment=%s\n", comment);
461 d_printf("%s\n", acl_str);
462 d_printf("guest_ok=%c\n\n", guest_ok ? 'y' : 'n');
463 } else if (pi->op == US_LIST_OP) {
464 d_printf("%s\n", fl->pathname);
465 }
466
467 return 0;
468 }
469
470 /***************************************************************************
471 Print out info (internal detail) on userlevel shares.
472 ***************************************************************************/
473
474 static int net_usershare_info(int argc, const char **argv)
475 {
476 fstring wcard;
477 bool only_ours = True;
478 int ret = -1;
479 struct us_priv_info pi;
480 TALLOC_CTX *ctx;
481
482 fstrcpy(wcard, "*");
483
484 if (opt_long_list_entries) {
485 only_ours = False;
486 }
487
488 switch (argc) {
489 case 0:
490 break;
491 case 1:
492 fstrcpy(wcard, argv[0]);
493 break;
494 default:
495 return net_usershare_info_usage(argc, argv);
496 }
497
498 strlower_m(wcard);
499
500 ctx = talloc_init("share_info");
501 ret = get_share_list(ctx, wcard, only_ours);
502 if (ret) {
503 return ret;
504 }
505
506 pi.ctx = ctx;
507 pi.op = US_INFO_OP;
508
509 ret = process_share_list(info_fn, &pi);
510 talloc_destroy(ctx);
511 return ret;
512 }
513
514 /***************************************************************************
515 Count the current total number of usershares.
516 ***************************************************************************/
517
518 static int count_num_usershares(void)
519 {
520 SMB_STRUCT_DIR *dp;
521 SMB_STRUCT_DIRENT *de;
522 int num_usershares = 0;
523 TALLOC_CTX *ctx = talloc_tos();
524 char *basepath = get_basepath(ctx);
525
526 if (!basepath) {
527 return -1;
528 }
529
530 dp = sys_opendir(basepath);
531 if (!dp) {
532 d_fprintf(stderr, "count_num_usershares: cannot open usershare directory %s. Error %s\n",
533 basepath, strerror(errno) );
534 return -1;
535 }
536
537 while((de = sys_readdir(dp)) != 0) {
538 SMB_STRUCT_STAT sbuf;
539 char *path;
540 const char *n = de->d_name;
541
542 /* Ignore . and .. */
543 if (*n == '.') {
544 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
545 continue;
546 }
547 }
548
549 if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
550 d_fprintf(stderr, "count_num_usershares: ignoring bad share name %s\n",n);
551 continue;
552 }
553 path = talloc_asprintf(ctx,
554 "%s/%s",
555 basepath,
556 n);
557 if (!path) {
558 sys_closedir(dp);
559 return -1;
560 }
561
562 if (sys_lstat(path, &sbuf) != 0) {
563 d_fprintf(stderr, "count_num_usershares: can't lstat file %s. Error was %s\n",
564 path, strerror(errno) );
565 continue;
566 }
567
568 if (!S_ISREG(sbuf.st_mode)) {
569 d_fprintf(stderr, "count_num_usershares: file %s is not a regular file. Ignoring.\n",
570 path );
571 continue;
572 }
573 num_usershares++;
574 }
575
576 sys_closedir(dp);
577 return num_usershares;
578 }
579
580 /***************************************************************************
581 Add a single userlevel share.
582 ***************************************************************************/
583
584 static int net_usershare_add(int argc, const char **argv)
585 {
586 TALLOC_CTX *ctx = talloc_stackframe();
587 SMB_STRUCT_STAT sbuf;
588 SMB_STRUCT_STAT lsbuf;
589 char *sharename;
590 char *full_path;
591 char *full_path_tmp;
592 const char *us_path;
593 const char *us_comment;
594 const char *arg_acl;
595 char *us_acl;
596 char *file_img;
597 int num_aces = 0;
598 int i;
599 int tmpfd;
600 const char *pacl;
601 size_t to_write;
602 uid_t myeuid = geteuid();
603 bool guest_ok = False;
604 int num_usershares;
605
606 us_comment = "";
607 arg_acl = "S-1-1-0:R";
608
609 switch (argc) {
610 case 0:
611 case 1:
612 default:
613 return net_usershare_add_usage(argc, argv);
614 case 2:
615 sharename = strdup_lower(argv[0]);
616 us_path = argv[1];
617 break;
618 case 3:
619 sharename = strdup_lower(argv[0]);
620 us_path = argv[1];
621 us_comment = argv[2];
622 break;
623 case 4:
624 sharename = strdup_lower(argv[0]);
625 us_path = argv[1];
626 us_comment = argv[2];
627 arg_acl = argv[3];
628 break;
629 case 5:
630 sharename = strdup_lower(argv[0]);
631 us_path = argv[1];
632 us_comment = argv[2];
633 arg_acl = argv[3];
634 if (strlen(arg_acl) == 0) {
635 arg_acl = "S-1-1-0:R";
636 }
637 if (!strnequal(argv[4], "guest_ok=", 9)) {
638 TALLOC_FREE(ctx);
639 return net_usershare_add_usage(argc, argv);
640 }
641 switch (argv[4][9]) {
642 case 'y':
643 case 'Y':
644 guest_ok = True;
645 break;
646 case 'n':
647 case 'N':
648 guest_ok = False;
649 break;
650 default:
651 TALLOC_FREE(ctx);
652 return net_usershare_add_usage(argc, argv);
653 }
654 break;
655 }
656
657 /* Ensure we're under the "usershare max shares" number. Advisory only. */
658 num_usershares = count_num_usershares();
659 if (num_usershares >= lp_usershare_max_shares()) {
660 d_fprintf(stderr, "net usershare add: maximum number of allowed usershares (%d) reached\n",
661 lp_usershare_max_shares() );
662 TALLOC_FREE(ctx);
663 SAFE_FREE(sharename);
664 return -1;
665 }
666
667 if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
668 d_fprintf(stderr, "net usershare add: share name %s contains "
669 "invalid characters (any of %s)\n",
670 sharename, INVALID_SHARENAME_CHARS);
671 TALLOC_FREE(ctx);
672 SAFE_FREE(sharename);
673 return -1;
674 }
675
676 /* Disallow shares the same as users. */
677 if (getpwnam(sharename)) {
678 d_fprintf(stderr, "net usershare add: share name %s is already a valid system user name\n",
679 sharename );
680 TALLOC_FREE(ctx);
681 SAFE_FREE(sharename);
682 return -1;
683 }
684
685 /* Construct the full path for the usershare file. */
686 full_path = get_basepath(ctx);
687 if (!full_path) {
688 TALLOC_FREE(ctx);
689 SAFE_FREE(sharename);
690 return -1;
691 }
692 full_path_tmp = talloc_asprintf(ctx,
693 "%s/:tmpXXXXXX",
694 full_path);
695 if (!full_path_tmp) {
696 TALLOC_FREE(ctx);
697 SAFE_FREE(sharename);
698 return -1;
699 }
700
701 full_path = talloc_asprintf_append(full_path,
702 "/%s",
703 sharename);
704 if (!full_path) {
705 TALLOC_FREE(ctx);
706 SAFE_FREE(sharename);
707 return -1;
708 }
709
710 /* The path *must* be absolute. */
711 if (us_path[0] != '/') {
712 d_fprintf(stderr,"net usershare add: path %s is not an absolute path.\n",
713 us_path);
714 TALLOC_FREE(ctx);
715 SAFE_FREE(sharename);
716 return -1;
717 }
718
719 /* Check the directory to be shared exists. */
720 if (sys_stat(us_path, &sbuf) != 0) {
721 d_fprintf(stderr, "net usershare add: cannot stat path %s to ensure "
722 "this is a directory. Error was %s\n",
723 us_path, strerror(errno) );
724 TALLOC_FREE(ctx);
725 SAFE_FREE(sharename);
726 return -1;
727 }
728
729 if (!S_ISDIR(sbuf.st_mode)) {
730 d_fprintf(stderr, "net usershare add: path %s is not a directory.\n",
731 us_path );
732 TALLOC_FREE(ctx);
733 SAFE_FREE(sharename);
734 return -1;
735 }
736
737 /* If we're not root, check if we're restricted to sharing out directories
738 that we own only. */
739
740 if ((myeuid != 0) && lp_usershare_owner_only() && (myeuid != sbuf.st_uid)) {
741 d_fprintf(stderr, "net usershare add: cannot share path %s as "
742 "we are restricted to only sharing directories we own.\n"
743 "\tAsk the administrator to add the line \"usershare owner only = False\" \n"
744 "\tto the [global] section of the smb.conf to allow this.\n",
745 us_path );
746 TALLOC_FREE(ctx);
747 SAFE_FREE(sharename);
748 return -1;
749 }
750
751 /* No validation needed on comment. Now go through and validate the
752 acl string. Convert names to SID's as needed. Then run it through
753 parse_usershare_acl to ensure it's valid. */
754
755 /* Start off the string we'll append to. */
756 us_acl = talloc_strdup(ctx, "");
757 if (!us_acl) {
758 TALLOC_FREE(ctx);
759 return -1;
760 }
761
762 pacl = arg_acl;
763 num_aces = 1;
764
765 /* Add the number of ',' characters to get the number of aces. */
766 num_aces += count_chars(pacl,',');
767
768 for (i = 0; i < num_aces; i++) {
769 DOM_SID sid;
770 const char *pcolon = strchr_m(pacl, ':');
771 const char *name;
772
773 if (pcolon == NULL) {
774 d_fprintf(stderr, "net usershare add: malformed acl %s (missing ':').\n",
775 pacl );
776 TALLOC_FREE(ctx);
777 SAFE_FREE(sharename);
778 return -1;
779 }
780
781 switch(pcolon[1]) {
782 case 'f':
783 case 'F':
784 case 'd':
785 case 'r':
786 case 'R':
787 break;
788 default:
789 d_fprintf(stderr, "net usershare add: malformed acl %s "
790 "(access control must be 'r', 'f', or 'd')\n",
791 pacl );
792 TALLOC_FREE(ctx);
793 SAFE_FREE(sharename);
794 return -1;
795 }
796
797 if (pcolon[2] != ',' && pcolon[2] != '\0') {
798 d_fprintf(stderr, "net usershare add: malformed terminating character for acl %s\n",
799 pacl );
800 TALLOC_FREE(ctx);
801 SAFE_FREE(sharename);
802 return -1;
803 }
804
805 /* Get the name */
806 if ((name = talloc_strndup(ctx, pacl, pcolon - pacl)) == NULL) {
807 d_fprintf(stderr, "talloc_strndup failed\n");
808 TALLOC_FREE(ctx);
809 SAFE_FREE(sharename);
810 return -1;
811 }
812 if (!string_to_sid(&sid, name)) {
813 /* Convert to a SID */
814 NTSTATUS ntstatus = net_lookup_sid_from_name(ctx, name, &sid);
815 if (!NT_STATUS_IS_OK(ntstatus)) {
816 d_fprintf(stderr, "net usershare add: cannot convert name \"%s\" to a SID. %s.",
817 name, get_friendly_nt_error_msg(ntstatus) );
818 if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_CONNECTION_REFUSED)) {
819 d_fprintf(stderr, " Maybe smbd is not running.\n");
820 } else {
821 d_fprintf(stderr, "\n");
822 }
823 TALLOC_FREE(ctx);
824 SAFE_FREE(sharename);
825 return -1;
826 }
827 }
828 us_acl = talloc_asprintf_append(
829 us_acl, "%s:%c,", sid_string_tos(&sid), pcolon[1]);
830
831 /* Move to the next ACL entry. */
832 if (pcolon[2] == ',') {
833 pacl = &pcolon[3];
834 }
835 }
836
837 /* Remove the last ',' */
838 us_acl[strlen(us_acl)-1] = '\0';
839
840 if (guest_ok && !lp_usershare_allow_guests()) {
841 d_fprintf(stderr, "net usershare add: guest_ok=y requested "
842 "but the \"usershare allow guests\" parameter is not enabled "
843 "by this server.\n");
844 TALLOC_FREE(ctx);
845 SAFE_FREE(sharename);
846 return -1;
847 }
848
849 /* Create a temporary filename for this share. */
850 tmpfd = smb_mkstemp(full_path_tmp);
851
852 if (tmpfd == -1) {
853 d_fprintf(stderr, "net usershare add: cannot create tmp file %s\n",
854 full_path_tmp );
855 TALLOC_FREE(ctx);
856 SAFE_FREE(sharename);
857 return -1;
858 }
859
860 /* Ensure we opened the file we thought we did. */
861 if (sys_lstat(full_path_tmp, &lsbuf) != 0) {
862 d_fprintf(stderr, "net usershare add: cannot lstat tmp file %s\n",
863 full_path_tmp );
864 TALLOC_FREE(ctx);
865 SAFE_FREE(sharename);
866 return -1;
867 }
868
869 /* Check this is the same as the file we opened. */
870 if (sys_fstat(tmpfd, &sbuf) != 0) {
871 d_fprintf(stderr, "net usershare add: cannot fstat tmp file %s\n",
872 full_path_tmp );
873 TALLOC_FREE(ctx);
874 SAFE_FREE(sharename);
875 return -1;
876 }
877
878 if (!S_ISREG(sbuf.st_mode) || sbuf.st_dev != lsbuf.st_dev || sbuf.st_ino != lsbuf.st_ino) {
879 d_fprintf(stderr, "net usershare add: tmp file %s is not a regular file ?\n",
880 full_path_tmp );
881 TALLOC_FREE(ctx);
882 SAFE_FREE(sharename);
883 return -1;
884 }
885
886 if (fchmod(tmpfd, 0644) == -1) {
887 d_fprintf(stderr, "net usershare add: failed to fchmod tmp file %s to 0644n",
888 full_path_tmp );
889 TALLOC_FREE(ctx);
890 SAFE_FREE(sharename);
891 return -1;
892 }
893
894 /* Create the in-memory image of the file. */
895 file_img = talloc_strdup(ctx, "#VERSION 2\npath=");
896 file_img = talloc_asprintf_append(file_img, "%s\ncomment=%s\nusershare_acl=%s\nguest_ok=%c\n",
897 us_path, us_comment, us_acl, guest_ok ? 'y' : 'n');
898
899 to_write = strlen(file_img);
900
901 if (write(tmpfd, file_img, to_write) != to_write) {
902 d_fprintf(stderr, "net usershare add: failed to write %u bytes to file %s. Error was %s\n",
903 (unsigned int)to_write, full_path_tmp, strerror(errno));
904 unlink(full_path_tmp);
905 TALLOC_FREE(ctx);
906 SAFE_FREE(sharename);
907 return -1;
908 }
909
910 /* Attempt to replace any existing share by this name. */
911 if (rename(full_path_tmp, full_path) != 0) {
912 unlink(full_path_tmp);
913 d_fprintf(stderr, "net usershare add: failed to add share %s. Error was %s\n",
914 sharename, strerror(errno));
915 TALLOC_FREE(ctx);
916 close(tmpfd);
917 SAFE_FREE(sharename);
918 return -1;
919 }
920
921 close(tmpfd);
922
923 if (opt_long_list_entries) {
924 const char *my_argv[2];
925 my_argv[0] = sharename;
926 my_argv[1] = NULL;
927 net_usershare_info(1, my_argv);
928 }
929
930 SAFE_FREE(sharename);
931 TALLOC_FREE(ctx);
932 return 0;
933 }
934
935 #if 0
936 /***************************************************************************
937 List function.
938 ***************************************************************************/
939
940 static int list_fn(struct file_list *fl, void *priv)
941 {
942 d_printf("%s\n", fl->pathname);
943 return 0;
944 }
945 #endif
946
947 /***************************************************************************
948 List userlevel shares.
949 ***************************************************************************/
950
951 static int net_usershare_list(int argc, const char **argv)
952 {
953 fstring wcard;
954 bool only_ours = True;
955 int ret = -1;
956 struct us_priv_info pi;
957 TALLOC_CTX *ctx;
958
959 fstrcpy(wcard, "*");
960
961 if (opt_long_list_entries) {
962 only_ours = False;
963 }
964
965 switch (argc) {
966 case 0:
967 break;
968 case 1:
969 fstrcpy(wcard, argv[0]);
970 break;
971 default:
972 return net_usershare_list_usage(argc, argv);
973 }
974
975 strlower_m(wcard);
976
977 ctx = talloc_init("share_list");
978 ret = get_share_list(ctx, wcard, only_ours);
979 if (ret) {
980 return ret;
981 }
982
983 pi.ctx = ctx;
984 pi.op = US_LIST_OP;
985
986 ret = process_share_list(info_fn, &pi);
987 talloc_destroy(ctx);
988 return ret;
989 }
990
991 /***************************************************************************
992 Handle "net usershare help *" subcommands.
993 ***************************************************************************/
994
995 int net_usershare_help(int argc, const char **argv)
996 {
997 struct functable func[] = {
998 {"ADD", net_usershare_add_usage},
999 {"DELETE", net_usershare_delete_usage},
1000 {"INFO", net_usershare_info_usage},
1001 {"LIST", net_usershare_list_usage},
1002 {NULL, NULL}};
1003
1004 return net_run_function(argc, argv, func, net_usershare_usage);
1005 }
1006
1007 /***************************************************************************
1008 Entry-point for all the USERSHARE functions.
1009 ***************************************************************************/
1010
1011 int net_usershare(int argc, const char **argv)
1012 {
1013 SMB_STRUCT_DIR *dp;
1014
1015 struct functable func[] = {
1016 {"ADD", net_usershare_add},
1017 {"DELETE", net_usershare_delete},
1018 {"INFO", net_usershare_info},
1019 {"LIST", net_usershare_list},
1020 {"HELP", net_usershare_help},
1021 {NULL, NULL}
1022 };
1023
1024 if (lp_usershare_max_shares() == 0) {
1025 d_fprintf(stderr, "net usershare: usershares are currently disabled\n");
1026 return -1;
1027 }
1028
1029 dp = sys_opendir(lp_usershare_path());
1030 if (!dp) {
1031 int err = errno;
1032 d_fprintf(stderr, "net usershare: cannot open usershare directory %s. Error %s\n",
1033 lp_usershare_path(), strerror(err) );
1034 if (err == EACCES) {
1035 d_fprintf(stderr, "You do not have permission to create a usershare. Ask your "
1036 "administrator to grant you permissions to create a share.\n");
1037 } else if (err == ENOENT) {
1038 d_fprintf(stderr, "Please ask your system administrator to "
1039 "enable user sharing.\n");
1040 }
1041 return -1;
1042 }
1043 sys_closedir(dp);
1044
1045 return net_run_function(argc, argv, func, net_usershare_usage);
1046 }
Samba GIT mirror