search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: "info_fn" only looks at the mode and uid
[Samba/bb.git] / source3 / utils / net_usershare.c
blob1a385a36e018f0d14f6b1501abb6c978ceacff61
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4
5 Copyright (C) Jeremy Allison (jra@samba.org) 2005
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "utils/net.h"
23
24 struct {
25 const char *us_errstr;
26 enum usershare_err us_err;
27 } us_errs [] = {
28 {"",USERSHARE_OK},
29 {N_("Malformed usershare file"), USERSHARE_MALFORMED_FILE},
30 {N_("Bad version number"), USERSHARE_BAD_VERSION},
31 {N_("Malformed path entry"), USERSHARE_MALFORMED_PATH},
32 {N_("Malformed comment entryfile"), USERSHARE_MALFORMED_COMMENT_DEF},
33 {N_("Malformed acl definition"), USERSHARE_MALFORMED_ACL_DEF},
34 {N_("Acl parse error"), USERSHARE_ACL_ERR},
35 {N_("Path not absolute"), USERSHARE_PATH_NOT_ABSOLUTE},
36 {N_("Path is denied"), USERSHARE_PATH_IS_DENIED},
37 {N_("Path not allowed"), USERSHARE_PATH_NOT_ALLOWED},
38 {N_("Path is not a directory"), USERSHARE_PATH_NOT_DIRECTORY},
39 {N_("System error"), USERSHARE_POSIX_ERR},
40 {NULL,(enum usershare_err)-1}
41 };
42
43 static const char *get_us_error_code(enum usershare_err us_err)
44 {
45 char *result;
46 int idx = 0;
47
48 while (us_errs[idx].us_errstr != NULL) {
49 if (us_errs[idx].us_err == us_err) {
50 return us_errs[idx].us_errstr;
51 }
52 idx++;
53 }
54
55 result = talloc_asprintf(talloc_tos(), _("Usershare error code (0x%x)"),
56 (unsigned int)us_err);
57 SMB_ASSERT(result != NULL);
58 return result;
59 }
60
61 /* The help subsystem for the USERSHARE subcommand */
62
63 static int net_usershare_add_usage(struct net_context *c, int argc, const char **argv)
64 {
65 char chr = *lp_winbind_separator();
66 d_printf(_(
67 "net usershare add [-l|--long] <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>]\n"
68 "\tAdds the specified share name for this user.\n"
69 "\t<sharename> is the new share name.\n"
70 "\t<path> is the path on the filesystem to export.\n"
71 "\t<comment> is the optional comment for the new share.\n"
72 "\t<acl> is an optional share acl in the format \"DOMAIN%cname:X,DOMAIN%cname:X,....\"\n"
73 "\t<guest_ok=y> if present sets \"guest ok = yes\" on this usershare.\n"
74 "\t\t\"X\" represents a permission and can be any one of the characters f, r or d\n"
75 "\t\twhere \"f\" means full control, \"r\" means read-only, \"d\" means deny access.\n"
76 "\t\tname may be a domain user or group. For local users use the local server name "
77 "instead of \"DOMAIN\"\n"
78 "\t\tThe default acl is \"Everyone:r\" which allows everyone read-only access.\n"
79 "\tAdd -l or --long to print the info on the newly added share.\n"),
80 chr, chr );
81 return -1;
82 }
83
84 static int net_usershare_delete_usage(struct net_context *c, int argc, const char **argv)
85 {
86 d_printf(_(
87 "net usershare delete <sharename>\n"
88 "\tdeletes the specified share name for this user.\n"));
89 return -1;
90 }
91
92 static int net_usershare_info_usage(struct net_context *c, int argc, const char **argv)
93 {
94 d_printf(_(
95 "net usershare info [-l|--long] [wildcard sharename]\n"
96 "\tPrints out the path, comment and acl elements of shares that match the wildcard.\n"
97 "\tBy default only gives info on shares owned by the current user\n"
98 "\tAdd -l or --long to apply this to all shares\n"
99 "\tOmit the sharename or use a wildcard of '*' to see all shares\n"));
100 return -1;
101 }
102
103 static int net_usershare_list_usage(struct net_context *c, int argc, const char **argv)
104 {
105 d_printf(_(
106 "net usershare list [-l|--long] [wildcard sharename]\n"
107 "\tLists the names of all shares that match the wildcard.\n"
108 "\tBy default only lists shares owned by the current user\n"
109 "\tAdd -l or --long to apply this to all shares\n"
110 "\tOmit the sharename or use a wildcard of '*' to see all shares\n"));
111 return -1;
112 }
113
114 int net_usershare_usage(struct net_context *c, int argc, const char **argv)
115 {
116 d_printf(_("net usershare add <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>] to "
117 "add or change a user defined share.\n"
118 "net usershare delete <sharename> to delete a user defined share.\n"
119 "net usershare info [-l|--long] [wildcard sharename] to print info about a user defined share.\n"
120 "net usershare list [-l|--long] [wildcard sharename] to list user defined shares.\n"
121 "net usershare help\n"
122 "\nType \"net usershare help <option>\" to get more information on that option\n\n"));
123
124 net_common_flags_usage(c, argc, argv);
125 return -1;
126 }
127
128 /***************************************************************************
129 ***************************************************************************/
130
131 static char *get_basepath(TALLOC_CTX *ctx)
132 {
133 char *basepath = talloc_strdup(ctx, lp_usershare_path());
134
135 if (!basepath) {
136 return NULL;
137 }
138 if ((basepath[0] != '\0') && (basepath[strlen(basepath)-1] == '/')) {
139 basepath[strlen(basepath)-1] = '\0';
140 }
141 return basepath;
142 }
143
144 /***************************************************************************
145 Delete a single userlevel share.
146 ***************************************************************************/
147
148 static int net_usershare_delete(struct net_context *c, int argc, const char **argv)
149 {
150 char *us_path;
151 char *sharename;
152
153 if (argc != 1 || c->display_usage) {
154 return net_usershare_delete_usage(c, argc, argv);
155 }
156
157 if ((sharename = strlower_talloc(talloc_tos(), argv[0])) == NULL) {
158 d_fprintf(stderr, _("strlower_talloc failed\n"));
159 return -1;
160 }
161
162 if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
163 d_fprintf(stderr, _("net usershare delete: share name %s contains "
164 "invalid characters (any of %s)\n"),
165 sharename, INVALID_SHARENAME_CHARS);
166 TALLOC_FREE(sharename);
167 return -1;
168 }
169
170 us_path = talloc_asprintf(talloc_tos(),
171 "%s/%s",
172 lp_usershare_path(),
173 sharename);
174 if (!us_path) {
175 TALLOC_FREE(sharename);
176 return -1;
177 }
178
179 if (unlink(us_path) != 0) {
180 d_fprintf(stderr, _("net usershare delete: unable to remove usershare %s. "
181 "Error was %s\n"),
182 us_path, strerror(errno));
183 TALLOC_FREE(sharename);
184 return -1;
185 }
186 TALLOC_FREE(sharename);
187 return 0;
188 }
189
190 /***************************************************************************
191 Data structures to handle a list of usershare files.
192 ***************************************************************************/
193
194 struct file_list {
195 struct file_list *next, *prev;
196 const char *pathname;
197 };
198
199 static struct file_list *flist;
200
201 /***************************************************************************
202 ***************************************************************************/
203
204 static int get_share_list(TALLOC_CTX *ctx, const char *wcard, bool only_ours)
205 {
206 SMB_STRUCT_DIR *dp;
207 SMB_STRUCT_DIRENT *de;
208 uid_t myuid = geteuid();
209 struct file_list *fl = NULL;
210 char *basepath = get_basepath(ctx);
211
212 if (!basepath) {
213 return -1;
214 }
215 dp = sys_opendir(basepath);
216 if (!dp) {
217 d_fprintf(stderr,
218 _("get_share_list: cannot open usershare directory %s. "
219 "Error %s\n"),
220 basepath, strerror(errno) );
221 return -1;
222 }
223
224 while((de = sys_readdir(dp)) != 0) {
225 SMB_STRUCT_STAT sbuf;
226 char *path;
227 const char *n = de->d_name;
228
229 /* Ignore . and .. */
230 if (*n == '.') {
231 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
232 continue;
233 }
234 }
235
236 if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
237 d_fprintf(stderr,
238 _("get_share_list: ignoring bad share "
239 "name %s\n"), n);
240 continue;
241 }
242 path = talloc_asprintf(ctx,
243 "%s/%s",
244 basepath,
245 n);
246 if (!path) {
247 sys_closedir(dp);
248 return -1;
249 }
250
251 if (sys_lstat(path, &sbuf, false) != 0) {
252 d_fprintf(stderr,
253 _("get_share_list: can't lstat file %s. Error "
254 "was %s\n"),
255 path, strerror(errno) );
256 continue;
257 }
258
259 if (!S_ISREG(sbuf.st_ex_mode)) {
260 d_fprintf(stderr,
261 _("get_share_list: file %s is not a regular "
262 "file. Ignoring.\n"),
263 path );
264 continue;
265 }
266
267 if (only_ours && sbuf.st_ex_uid != myuid) {
268 continue;
269 }
270
271 if (!unix_wild_match(wcard, n)) {
272 continue;
273 }
274
275 /* (Finally) - add to list. */
276 fl = TALLOC_P(ctx, struct file_list);
277 if (!fl) {
278 sys_closedir(dp);
279 return -1;
280 }
281 fl->pathname = talloc_strdup(ctx, n);
282 if (!fl->pathname) {
283 sys_closedir(dp);
284 return -1;
285 }
286
287 DLIST_ADD(flist, fl);
288 }
289
290 sys_closedir(dp);
291 return 0;
292 }
293
294 enum us_priv_op { US_LIST_OP, US_INFO_OP};
295
296 struct us_priv_info {
297 TALLOC_CTX *ctx;
298 enum us_priv_op op;
299 struct net_context *c;
300 };
301
302 /***************************************************************************
303 Call a function for every share on the list.
304 ***************************************************************************/
305
306 static int process_share_list(int (*fn)(struct file_list *, void *), void *priv)
307 {
308 struct file_list *fl;
309 int ret = 0;
310
311 for (fl = flist; fl; fl = fl->next) {
312 ret = (*fn)(fl, priv);
313 }
314
315 return ret;
316 }
317
318 /***************************************************************************
319 Info function.
320 ***************************************************************************/
321
322 static int info_fn(struct file_list *fl, void *priv)
323 {
324 SMB_STRUCT_STAT sbuf;
325 char **lines = NULL;
326 struct us_priv_info *pi = (struct us_priv_info *)priv;
327 TALLOC_CTX *ctx = pi->ctx;
328 struct net_context *c = pi->c;
329 int fd = -1;
330 int numlines = 0;
331 SEC_DESC *psd = NULL;
332 char *basepath;
333 char *sharepath = NULL;
334 char *comment = NULL;
335 char *acl_str;
336 int num_aces;
337 char sep_str[2];
338 enum usershare_err us_err;
339 bool guest_ok = false;
340
341 sep_str[0] = *lp_winbind_separator();
342 sep_str[1] = '\0';
343
344 basepath = get_basepath(ctx);
345 if (!basepath) {
346 return -1;
347 }
348 basepath = talloc_asprintf_append(basepath,
349 "/%s",
350 fl->pathname);
351 if (!basepath) {
352 return -1;
353 }
354
355 #ifdef O_NOFOLLOW
356 fd = sys_open(basepath, O_RDONLY|O_NOFOLLOW, 0);
357 #else
358 fd = sys_open(basepath, O_RDONLY, 0);
359 #endif
360
361 if (fd == -1) {
362 d_fprintf(stderr, _("info_fn: unable to open %s. %s\n"),
363 basepath, strerror(errno) );
364 return -1;
365 }
366
367 /* Paranoia... */
368 if (sys_fstat(fd, &sbuf, false) != 0) {
369 d_fprintf(stderr,
370 _("info_fn: can't fstat file %s. Error was %s\n"),
371 basepath, strerror(errno) );
372 close(fd);
373 return -1;
374 }
375
376 if (!S_ISREG(sbuf.st_ex_mode)) {
377 d_fprintf(stderr,
378 _("info_fn: file %s is not a regular file. Ignoring.\n"),
379 basepath );
380 close(fd);
381 return -1;
382 }
383
384 lines = fd_lines_load(fd, &numlines, 10240, NULL);
385 close(fd);
386
387 if (lines == NULL) {
388 return -1;
389 }
390
391 /* Ensure it's well formed. */
392 us_err = parse_usershare_file(ctx, &sbuf, fl->pathname, -1, lines, numlines,
393 &sharepath,
394 &comment,
395 &psd,
396 &guest_ok);
397
398 TALLOC_FREE(lines);
399
400 if (us_err != USERSHARE_OK) {
401 d_fprintf(stderr,
402 _("info_fn: file %s is not a well formed usershare "
403 "file.\n"),
404 basepath );
405 d_fprintf(stderr, _("info_fn: Error was %s.\n"),
406 get_us_error_code(us_err) );
407 return -1;
408 }
409
410 acl_str = talloc_strdup(ctx, "usershare_acl=");
411 if (!acl_str) {
412 return -1;
413 }
414
415 for (num_aces = 0; num_aces < psd->dacl->num_aces; num_aces++) {
416 const char *domain;
417 const char *name;
418 NTSTATUS ntstatus;
419
420 ntstatus = net_lookup_name_from_sid(c, ctx,
421 &psd->dacl->aces[num_aces].trustee,
422 &domain, &name);
423
424 if (NT_STATUS_IS_OK(ntstatus)) {
425 if (domain && *domain) {
426 acl_str = talloc_asprintf_append(acl_str,
427 "%s%s",
428 domain,
429 sep_str);
430 if (!acl_str) {
431 return -1;
432 }
433 }
434 acl_str = talloc_asprintf_append(acl_str,
435 "%s",
436 name);
437 if (!acl_str) {
438 return -1;
439 }
440
441 } else {
442 fstring sidstr;
443 sid_to_fstring(sidstr,
444 &psd->dacl->aces[num_aces].trustee);
445 acl_str = talloc_asprintf_append(acl_str,
446 "%s",
447 sidstr);
448 if (!acl_str) {
449 return -1;
450 }
451 }
452 acl_str = talloc_asprintf_append(acl_str, ":");
453 if (!acl_str) {
454 return -1;
455 }
456
457 if (psd->dacl->aces[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) {
458 acl_str = talloc_asprintf_append(acl_str, "D,");
459 if (!acl_str) {
460 return -1;
461 }
462 } else {
463 if (psd->dacl->aces[num_aces].access_mask & GENERIC_ALL_ACCESS) {
464 acl_str = talloc_asprintf_append(acl_str, "F,");
465 } else {
466 acl_str = talloc_asprintf_append(acl_str, "R,");
467 }
468 if (!acl_str) {
469 return -1;
470 }
471 }
472 }
473
474 /* NOTE: This is smb.conf-like output. Do not translate. */
475 if (pi->op == US_INFO_OP) {
476 d_printf("[%s]\n", fl->pathname );
477 d_printf("path=%s\n", sharepath );
478 d_printf("comment=%s\n", comment);
479 d_printf("%s\n", acl_str);
480 d_printf("guest_ok=%c\n\n", guest_ok ? 'y' : 'n');
481 } else if (pi->op == US_LIST_OP) {
482 d_printf("%s\n", fl->pathname);
483 }
484
485 return 0;
486 }
487
488 /***************************************************************************
489 Print out info (internal detail) on userlevel shares.
490 ***************************************************************************/
491
492 static int net_usershare_info(struct net_context *c, int argc, const char **argv)
493 {
494 fstring wcard;
495 bool only_ours = true;
496 int ret = -1;
497 struct us_priv_info pi;
498 TALLOC_CTX *ctx;
499
500 fstrcpy(wcard, "*");
501
502 if (c->display_usage)
503 return net_usershare_info_usage(c, argc, argv);
504
505 if (c->opt_long_list_entries) {
506 only_ours = false;
507 }
508
509 switch (argc) {
510 case 0:
511 break;
512 case 1:
513 fstrcpy(wcard, argv[0]);
514 break;
515 default:
516 return net_usershare_info_usage(c, argc, argv);
517 }
518
519 strlower_m(wcard);
520
521 ctx = talloc_init("share_info");
522 ret = get_share_list(ctx, wcard, only_ours);
523 if (ret) {
524 return ret;
525 }
526
527 pi.ctx = ctx;
528 pi.op = US_INFO_OP;
529 pi.c = c;
530
531 ret = process_share_list(info_fn, &pi);
532 talloc_destroy(ctx);
533 return ret;
534 }
535
536 /***************************************************************************
537 Count the current total number of usershares.
538 ***************************************************************************/
539
540 static int count_num_usershares(void)
541 {
542 SMB_STRUCT_DIR *dp;
543 SMB_STRUCT_DIRENT *de;
544 int num_usershares = 0;
545 TALLOC_CTX *ctx = talloc_tos();
546 char *basepath = get_basepath(ctx);
547
548 if (!basepath) {
549 return -1;
550 }
551
552 dp = sys_opendir(basepath);
553 if (!dp) {
554 d_fprintf(stderr,
555 _("count_num_usershares: cannot open usershare "
556 "directory %s. Error %s\n"),
557 basepath, strerror(errno) );
558 return -1;
559 }
560
561 while((de = sys_readdir(dp)) != 0) {
562 SMB_STRUCT_STAT sbuf;
563 char *path;
564 const char *n = de->d_name;
565
566 /* Ignore . and .. */
567 if (*n == '.') {
568 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
569 continue;
570 }
571 }
572
573 if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
574 d_fprintf(stderr,
575 _("count_num_usershares: ignoring bad share "
576 "name %s\n"), n);
577 continue;
578 }
579 path = talloc_asprintf(ctx,
580 "%s/%s",
581 basepath,
582 n);
583 if (!path) {
584 sys_closedir(dp);
585 return -1;
586 }
587
588 if (sys_lstat(path, &sbuf, lp_fake_dir_create_times())
589 != 0) {
590 d_fprintf(stderr,
591 _("count_num_usershares: can't lstat file %s. "
592 "Error was %s\n"),
593 path, strerror(errno) );
594 continue;
595 }
596
597 if (!S_ISREG(sbuf.st_ex_mode)) {
598 d_fprintf(stderr,
599 _("count_num_usershares: file %s is not a "
600 "regular file. Ignoring.\n"),
601 path );
602 continue;
603 }
604 num_usershares++;
605 }
606
607 sys_closedir(dp);
608 return num_usershares;
609 }
610
611 /***************************************************************************
612 Add a single userlevel share.
613 ***************************************************************************/
614
615 static int net_usershare_add(struct net_context *c, int argc, const char **argv)
616 {
617 TALLOC_CTX *ctx = talloc_stackframe();
618 SMB_STRUCT_STAT sbuf;
619 SMB_STRUCT_STAT lsbuf;
620 char *sharename;
621 char *full_path;
622 char *full_path_tmp;
623 const char *us_path;
624 const char *us_comment;
625 const char *arg_acl;
626 char *us_acl;
627 char *file_img;
628 int num_aces = 0;
629 int i;
630 int tmpfd;
631 const char *pacl;
632 size_t to_write;
633 uid_t myeuid = geteuid();
634 bool guest_ok = false;
635 int num_usershares;
636
637 us_comment = "";
638 arg_acl = "S-1-1-0:R";
639
640 if (c->display_usage)
641 return net_usershare_add_usage(c, argc, argv);
642
643 switch (argc) {
644 case 0:
645 case 1:
646 default:
647 return net_usershare_add_usage(c, argc, argv);
648 case 2:
649 sharename = strlower_talloc(ctx, argv[0]);
650 us_path = argv[1];
651 break;
652 case 3:
653 sharename = strlower_talloc(ctx, argv[0]);
654 us_path = argv[1];
655 us_comment = argv[2];
656 break;
657 case 4:
658 sharename = strlower_talloc(ctx, argv[0]);
659 us_path = argv[1];
660 us_comment = argv[2];
661 arg_acl = argv[3];
662 break;
663 case 5:
664 sharename = strlower_talloc(ctx, argv[0]);
665 us_path = argv[1];
666 us_comment = argv[2];
667 arg_acl = argv[3];
668 if (strlen(arg_acl) == 0) {
669 arg_acl = "S-1-1-0:R";
670 }
671 if (!strnequal(argv[4], "guest_ok=", 9)) {
672 TALLOC_FREE(ctx);
673 return net_usershare_add_usage(c, argc, argv);
674 }
675 switch (argv[4][9]) {
676 case 'y':
677 case 'Y':
678 guest_ok = true;
679 break;
680 case 'n':
681 case 'N':
682 guest_ok = false;
683 break;
684 default:
685 TALLOC_FREE(ctx);
686 return net_usershare_add_usage(c, argc, argv);
687 }
688 break;
689 }
690
691 /* Ensure we're under the "usershare max shares" number. Advisory only. */
692 num_usershares = count_num_usershares();
693 if (num_usershares >= lp_usershare_max_shares()) {
694 d_fprintf(stderr,
695 _("net usershare add: maximum number of allowed "
696 "usershares (%d) reached\n"),
697 lp_usershare_max_shares() );
698 TALLOC_FREE(ctx);
699 return -1;
700 }
701
702 if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
703 d_fprintf(stderr, _("net usershare add: share name %s contains "
704 "invalid characters (any of %s)\n"),
705 sharename, INVALID_SHARENAME_CHARS);
706 TALLOC_FREE(ctx);
707 return -1;
708 }
709
710 /* Disallow shares the same as users. */
711 if (getpwnam(sharename)) {
712 d_fprintf(stderr,
713 _("net usershare add: share name %s is already a valid "
714 "system user name\n"),
715 sharename );
716 TALLOC_FREE(ctx);
717 return -1;
718 }
719
720 /* Construct the full path for the usershare file. */
721 full_path = get_basepath(ctx);
722 if (!full_path) {
723 TALLOC_FREE(ctx);
724 return -1;
725 }
726 full_path_tmp = talloc_asprintf(ctx,
727 "%s/:tmpXXXXXX",
728 full_path);
729 if (!full_path_tmp) {
730 TALLOC_FREE(ctx);
731 return -1;
732 }
733
734 full_path = talloc_asprintf_append(full_path,
735 "/%s",
736 sharename);
737 if (!full_path) {
738 TALLOC_FREE(ctx);
739 return -1;
740 }
741
742 /* The path *must* be absolute. */
743 if (us_path[0] != '/') {
744 d_fprintf(stderr,
745 _("net usershare add: path %s is not an absolute "
746 "path.\n"),
747 us_path);
748 TALLOC_FREE(ctx);
749 return -1;
750 }
751
752 /* Check the directory to be shared exists. */
753 if (sys_stat(us_path, &sbuf, lp_fake_dir_create_times()) != 0) {
754 d_fprintf(stderr,
755 _("net usershare add: cannot stat path %s to ensure "
756 "this is a directory. Error was %s\n"),
757 us_path, strerror(errno) );
758 TALLOC_FREE(ctx);
759 return -1;
760 }
761
762 if (!S_ISDIR(sbuf.st_ex_mode)) {
763 d_fprintf(stderr,
764 _("net usershare add: path %s is not a directory.\n"),
765 us_path );
766 TALLOC_FREE(ctx);
767 return -1;
768 }
769
770 /* If we're not root, check if we're restricted to sharing out directories
771 that we own only. */
772
773 if ((myeuid != 0) && lp_usershare_owner_only() && (myeuid != sbuf.st_ex_uid)) {
774 d_fprintf(stderr, _("net usershare add: cannot share path %s as "
775 "we are restricted to only sharing directories we own.\n"
776 "\tAsk the administrator to add the line \"usershare owner only = false\" \n"
777 "\tto the [global] section of the smb.conf to allow this.\n"),
778 us_path );
779 TALLOC_FREE(ctx);
780 return -1;
781 }
782
783 /* No validation needed on comment. Now go through and validate the
784 acl string. Convert names to SID's as needed. Then run it through
785 parse_usershare_acl to ensure it's valid. */
786
787 /* Start off the string we'll append to. */
788 us_acl = talloc_strdup(ctx, "");
789 if (!us_acl) {
790 TALLOC_FREE(ctx);
791 return -1;
792 }
793
794 pacl = arg_acl;
795 num_aces = 1;
796
797 /* Add the number of ',' characters to get the number of aces. */
798 num_aces += count_chars(pacl,',');
799
800 for (i = 0; i < num_aces; i++) {
801 DOM_SID sid;
802 const char *pcolon = strchr_m(pacl, ':');
803 const char *name;
804
805 if (pcolon == NULL) {
806 d_fprintf(stderr,
807 _("net usershare add: malformed acl %s "
808 "(missing ':').\n"),
809 pacl );
810 TALLOC_FREE(ctx);
811 return -1;
812 }
813
814 switch(pcolon[1]) {
815 case 'f':
816 case 'F':
817 case 'd':
818 case 'r':
819 case 'R':
820 break;
821 default:
822 d_fprintf(stderr,
823 _("net usershare add: malformed acl %s "
824 "(access control must be 'r', 'f', "
825 "or 'd')\n"),
826 pacl );
827 TALLOC_FREE(ctx);
828 return -1;
829 }
830
831 if (pcolon[2] != ',' && pcolon[2] != '\0') {
832 d_fprintf(stderr,
833 _("net usershare add: malformed terminating "
834 "character for acl %s\n"),
835 pacl );
836 TALLOC_FREE(ctx);
837 return -1;
838 }
839
840 /* Get the name */
841 if ((name = talloc_strndup(ctx, pacl, pcolon - pacl)) == NULL) {
842 d_fprintf(stderr, _("talloc_strndup failed\n"));
843 TALLOC_FREE(ctx);
844 return -1;
845 }
846 if (!string_to_sid(&sid, name)) {
847 /* Convert to a SID */
848 NTSTATUS ntstatus = net_lookup_sid_from_name(c, ctx, name, &sid);
849 if (!NT_STATUS_IS_OK(ntstatus)) {
850 d_fprintf(stderr,
851 _("net usershare add: cannot convert "
852 "name \"%s\" to a SID. %s."),
853 name, get_friendly_nt_error_msg(ntstatus) );
854 if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_CONNECTION_REFUSED)) {
855 d_fprintf(stderr,
856 _(" Maybe smbd is not running.\n"));
857 } else {
858 d_fprintf(stderr, "\n");
859 }
860 TALLOC_FREE(ctx);
861 return -1;
862 }
863 }
864 us_acl = talloc_asprintf_append(
865 us_acl, "%s:%c,", sid_string_tos(&sid), pcolon[1]);
866
867 /* Move to the next ACL entry. */
868 if (pcolon[2] == ',') {
869 pacl = &pcolon[3];
870 }
871 }
872
873 /* Remove the last ',' */
874 us_acl[strlen(us_acl)-1] = '\0';
875
876 if (guest_ok && !lp_usershare_allow_guests()) {
877 d_fprintf(stderr, _("net usershare add: guest_ok=y requested "
878 "but the \"usershare allow guests\" parameter is not "
879 "enabled by this server.\n"));
880 TALLOC_FREE(ctx);
881 return -1;
882 }
883
884 /* Create a temporary filename for this share. */
885 tmpfd = mkstemp(full_path_tmp);
886
887 if (tmpfd == -1) {
888 d_fprintf(stderr,
889 _("net usershare add: cannot create tmp file %s\n"),
890 full_path_tmp );
891 TALLOC_FREE(ctx);
892 return -1;
893 }
894
895 /* Ensure we opened the file we thought we did. */
896 if (sys_lstat(full_path_tmp, &lsbuf, lp_fake_dir_create_times())
897 != 0) {
898 d_fprintf(stderr,
899 _("net usershare add: cannot lstat tmp file %s\n"),
900 full_path_tmp );
901 TALLOC_FREE(ctx);
902 return -1;
903 }
904
905 /* Check this is the same as the file we opened. */
906 if (sys_fstat(tmpfd, &sbuf, lp_fake_dir_create_times()) != 0) {
907 d_fprintf(stderr,
908 _("net usershare add: cannot fstat tmp file %s\n"),
909 full_path_tmp );
910 TALLOC_FREE(ctx);
911 return -1;
912 }
913
914 if (!S_ISREG(sbuf.st_ex_mode) || sbuf.st_ex_dev != lsbuf.st_ex_dev || sbuf.st_ex_ino != lsbuf.st_ex_ino) {
915 d_fprintf(stderr,
916 _("net usershare add: tmp file %s is not a regular "
917 "file ?\n"),
918 full_path_tmp );
919 TALLOC_FREE(ctx);
920 return -1;
921 }
922
923 if (fchmod(tmpfd, 0644) == -1) {
924 d_fprintf(stderr,
925 _("net usershare add: failed to fchmod tmp file %s "
926 "to 0644n"),
927 full_path_tmp );
928 TALLOC_FREE(ctx);
929 return -1;
930 }
931
932 /* Create the in-memory image of the file. */
933 file_img = talloc_strdup(ctx, "#VERSION 2\npath=");
934 file_img = talloc_asprintf_append(file_img, "%s\ncomment=%s\nusershare_acl=%s\nguest_ok=%c\n",
935 us_path, us_comment, us_acl, guest_ok ? 'y' : 'n');
936
937 to_write = strlen(file_img);
938
939 if (write(tmpfd, file_img, to_write) != to_write) {
940 d_fprintf(stderr,
941 _("net usershare add: failed to write %u bytes to "
942 "file %s. Error was %s\n"),
943 (unsigned int)to_write, full_path_tmp, strerror(errno));
944 unlink(full_path_tmp);
945 TALLOC_FREE(ctx);
946 return -1;
947 }
948
949 /* Attempt to replace any existing share by this name. */
950 if (rename(full_path_tmp, full_path) != 0) {
951 unlink(full_path_tmp);
952 d_fprintf(stderr,
953 _("net usershare add: failed to add share %s. Error "
954 "was %s\n"),
955 sharename, strerror(errno));
956 TALLOC_FREE(ctx);
957 close(tmpfd);
958 return -1;
959 }
960
961 close(tmpfd);
962
963 if (c->opt_long_list_entries) {
964 const char *my_argv[2];
965 my_argv[0] = sharename;
966 my_argv[1] = NULL;
967 net_usershare_info(c, 1, my_argv);
968 }
969
970 TALLOC_FREE(ctx);
971 return 0;
972 }
973
974 #if 0
975 /***************************************************************************
976 List function.
977 ***************************************************************************/
978
979 static int list_fn(struct file_list *fl, void *priv)
980 {
981 d_printf("%s\n", fl->pathname);
982 return 0;
983 }
984 #endif
985
986 /***************************************************************************
987 List userlevel shares.
988 ***************************************************************************/
989
990 static int net_usershare_list(struct net_context *c, int argc,
991 const char **argv)
992 {
993 fstring wcard;
994 bool only_ours = true;
995 int ret = -1;
996 struct us_priv_info pi;
997 TALLOC_CTX *ctx;
998
999 fstrcpy(wcard, "*");
1000
1001 if (c->display_usage)
1002 return net_usershare_list_usage(c, argc, argv);
1003
1004 if (c->opt_long_list_entries) {
1005 only_ours = false;
1006 }
1007
1008 switch (argc) {
1009 case 0:
1010 break;
1011 case 1:
1012 fstrcpy(wcard, argv[0]);
1013 break;
1014 default:
1015 return net_usershare_list_usage(c, argc, argv);
1016 }
1017
1018 strlower_m(wcard);
1019
1020 ctx = talloc_init("share_list");
1021 ret = get_share_list(ctx, wcard, only_ours);
1022 if (ret) {
1023 return ret;
1024 }
1025
1026 pi.ctx = ctx;
1027 pi.op = US_LIST_OP;
1028 pi.c = c;
1029
1030 ret = process_share_list(info_fn, &pi);
1031 talloc_destroy(ctx);
1032 return ret;
1033 }
1034
1035 /***************************************************************************
1036 Entry-point for all the USERSHARE functions.
1037 ***************************************************************************/
1038
1039 int net_usershare(struct net_context *c, int argc, const char **argv)
1040 {
1041 SMB_STRUCT_DIR *dp;
1042
1043 struct functable func[] = {
1044 {
1045 "add",
1046 net_usershare_add,
1047 NET_TRANSPORT_LOCAL,
1048 N_("Add/modify user defined share"),
1049 N_("net usershare add\n"
1050 " Add/modify user defined share")
1051 },
1052 {
1053 "delete",
1054 net_usershare_delete,
1055 NET_TRANSPORT_LOCAL,
1056 N_("Delete user defined share"),
1057 N_("net usershare delete\n"
1058 " Delete user defined share")
1059 },
1060 {
1061 "info",
1062 net_usershare_info,
1063 NET_TRANSPORT_LOCAL,
1064 N_("Display information about a user defined share"),
1065 N_("net usershare info\n"
1066 " Display information about a user defined share")
1067 },
1068 {
1069 "list",
1070 net_usershare_list,
1071 NET_TRANSPORT_LOCAL,
1072 N_("List user defined shares"),
1073 N_("net usershare list\n"
1074 " List user defined shares")
1075 },
1076 {NULL, NULL, 0, NULL, NULL}
1077 };
1078
1079 if (lp_usershare_max_shares() == 0) {
1080 d_fprintf(stderr,
1081 _("net usershare: usershares are currently "
1082 "disabled\n"));
1083 return -1;
1084 }
1085
1086 dp = sys_opendir(lp_usershare_path());
1087 if (!dp) {
1088 int err = errno;
1089 d_fprintf(stderr,
1090 _("net usershare: cannot open usershare directory %s. "
1091 "Error %s\n"),
1092 lp_usershare_path(), strerror(err) );
1093 if (err == EACCES) {
1094 d_fprintf(stderr,
1095 _("You do not have permission to create a "
1096 "usershare. Ask your administrator to grant "
1097 "you permissions to create a share.\n"));
1098 } else if (err == ENOENT) {
1099 d_fprintf(stderr,
1100 _("Please ask your system administrator to "
1101 "enable user sharing.\n"));
1102 }
1103 return -1;
1104 }
1105 sys_closedir(dp);
1106
1107 return net_run_function(c, argc, argv, "net usershare", func);
1108 }