svn commit: samba r12041 - in trunk/source: lib param rpc_server
jra at samba.org
jra at samba.org
Sat Dec 3 01:09:13 GMT 2005
Author: jra
Date: 2005-12-03 01:09:11 +0000 (Sat, 03 Dec 2005)
New Revision: 12041
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12041
Log:
Fixup usershare code more... Still need to make permission
checks efficient and decide about ACL format storage.
Jeremy.
Modified:
trunk/source/lib/dummysmbd.c
trunk/source/param/loadparm.c
trunk/source/rpc_server/srv_srvsvc_nt.c
Changeset:
Modified: trunk/source/lib/dummysmbd.c
===================================================================
--- trunk/source/lib/dummysmbd.c 2005-12-03 01:03:16 UTC (rev 12040)
+++ trunk/source/lib/dummysmbd.c 2005-12-03 01:09:11 UTC (rev 12041)
@@ -38,3 +38,8 @@
{
return False;
}
+
+BOOL set_share_security(TALLOC_CTX *ctx, const char *share_name, SEC_DESC *psd)
+{
+ return False;
+}
Modified: trunk/source/param/loadparm.c
===================================================================
--- trunk/source/param/loadparm.c 2005-12-03 01:03:16 UTC (rev 12040)
+++ trunk/source/param/loadparm.c 2005-12-03 01:09:11 UTC (rev 12041)
@@ -4220,16 +4220,112 @@
}
/***************************************************************************
+ Parse the contents of an acl string.
+***************************************************************************/
+
+static BOOL parse_share_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
+{
+ return False;
+}
+
+#if 0
+/***************************************************************************
+ A user and group id cache.
+***************************************************************************/
+
+struct ug_cache {
+ struct ug_cache *prev, *next;
+ uid_t user_id;
+ gid_t *group_list;
+ size_t num_groups;
+};
+#endif
+
+/***************************************************************************
Parse the contents of a usershare file.
***************************************************************************/
static BOOL parse_usershare_file(TALLOC_CTX *ctx,
SMB_STRUCT_STAT *psbuf,
+ int snum,
char **lines,
int numlines,
pstring sharepath,
SEC_DESC **ppsd)
{
+ SMB_STRUCT_DIR *dp;
+ SMB_STRUCT_STAT sbuf;
+
+ if (!strequal(lines[0], "#VERSION 1")) {
+ return False;
+ }
+
+ if (strnequal(lines[1], "path=", 5)) {
+ return False;
+ }
+
+ pstrcpy(sharepath, &lines[1][5]);
+ trim_string(sharepath, " ", " ");
+
+ if (strnequal(lines[2], "usershare_acl=", 14)) {
+ return False;
+ }
+
+ if (!parse_share_acl(ctx, &lines[2][14], ppsd)) {
+ return False;
+ }
+
+ if (snum != -1 && strequal(sharepath, ServicePtrs[snum]->szPath)) {
+ /* Path didn't change, no checks needed. */
+ return True;
+ }
+
+ /* Ensure this is pointing to a directory. */
+ dp = sys_opendir(sharepath);
+
+ if (!dp) {
+ DEBUG(0,("parse_usershare_file: path %s is not a directory.\n",
+ sharepath));
+ return False;
+ }
+
+ /* Ensure the owner of the usershare file has permission to share
+ this directory. */
+
+ if (sys_stat(sharepath, &sbuf) == -1) {
+ DEBUG(0,("parse_usershare_file: stat failed on path %s. %s\n",
+ sharepath, strerror(errno) ));
+ sys_closedir(dp);
+ return False;
+ }
+
+ if (!S_ISDIR(sbuf.st_mode)) {
+ DEBUG(0,("parse_usershare_file: %s is not a directory.\n",
+ sharepath ));
+ sys_closedir(dp);
+ return False;
+ }
+
+ /* Owner can always share. */
+ if (sbuf.st_uid == psbuf->st_uid) {
+ sys_closedir(dp);
+ return True;
+ }
+
+#if 0
+ /* We have to check if the user requesting the share is in the
+ owning group of the directory. */
+
+ username = uidtoname(psbuf->st_uid);
+ owning_group_name = gidtoname(sbuf.st_gid);
+
+ getgroups_user();
+
+ user_in_group_list(u_name, g_name, NULL, 0);
+#endif
+
+ sys_closedir(dp);
+
return False;
}
@@ -4347,7 +4443,7 @@
return 1;
}
- if (!parse_usershare_file(ctx, &sbuf, lines, numlines, sharepath, &psd)) {
+ if (!parse_usershare_file(ctx, &sbuf, snum, lines, numlines, sharepath, &psd)) {
talloc_destroy(ctx);
SAFE_FREE(lines);
return -1;
@@ -4371,6 +4467,14 @@
}
/* Write the ACL of the new/modified share. */
+ if (!set_share_security(ctx, service_name, psd)) {
+ DEBUG(0, ("process_usershare_file: Failed to set share "
+ "security for user share %s\n",
+ service_name ));
+ lp_remove_service(snum);
+ talloc_destroy(ctx);
+ return 1;
+ }
talloc_destroy(ctx);
@@ -4383,6 +4487,8 @@
/* And note when it was loaded. */
ServicePtrs[snum]->usershare_last_mod = sbuf.st_mtime;
+ string_set(&ServicePtrs[snum]->szPath, sharepath);
+
return 0;
}
Modified: trunk/source/rpc_server/srv_srvsvc_nt.c
===================================================================
--- trunk/source/rpc_server/srv_srvsvc_nt.c 2005-12-03 01:03:16 UTC (rev 12040)
+++ trunk/source/rpc_server/srv_srvsvc_nt.c 2005-12-03 01:09:11 UTC (rev 12041)
@@ -231,7 +231,7 @@
Store a security descriptor in the share db.
********************************************************************/
-static BOOL set_share_security(TALLOC_CTX *ctx, const char *share_name, SEC_DESC *psd)
+BOOL set_share_security(TALLOC_CTX *ctx, const char *share_name, SEC_DESC *psd)
{
prs_struct ps;
TALLOC_CTX *mem_ctx = NULL;
More information about the samba-cvs
mailing list