svn commit: samba r15341 - in branches/SAMBA_3_0/source: param utils

jra at samba.org jra at samba.org
Sun Apr 30 00:36:27 GMT 2006 

Author: jra
Date: 2006-04-30 00:36:26 +0000 (Sun, 30 Apr 2006)
New Revision: 15341

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15341

Log:
Ok I give up, I've been beaten by bug reports. People
just don't get why "guest ok" is not allowed in usershares.
Added "usershare allow guests" bool parameter that allows
this, reved usershare file version to VERSION#2 which
allows this. Updated user tools.
This should now be (finally) finished and I'll add
the new parameter docs and a HOWTO.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/param/loadparm.c
   branches/SAMBA_3_0/source/utils/net_usershare.c


Changeset:
Modified: branches/SAMBA_3_0/source/param/loadparm.c
===================================================================
--- branches/SAMBA_3_0/source/param/loadparm.c	2006-04-30 00:30:35 UTC (rev 15340)
+++ branches/SAMBA_3_0/source/param/loadparm.c	2006-04-30 00:36:26 UTC (rev 15341)
@@ -309,6 +309,7 @@
 	BOOL bEnablePrivileges;
 	BOOL bASUSupport;
 	BOOL bUsershareOwnerOnly;
+	BOOL bUsershareAllowGuests;
 	int restrict_anonymous;
 	int name_cache_timeout;
 	int client_signing;
@@ -1239,6 +1240,7 @@
 	{"root preexec close", P_BOOL, P_LOCAL, &sDefault.bRootpreexecClose, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE}, 
 	{"root postexec", P_STRING, P_LOCAL, &sDefault.szRootPostExec, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT}, 
 	{"available", P_BOOL, P_LOCAL, &sDefault.bAvailable, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT}, 
+	{"usershare allow guests", P_BOOL, P_GLOBAL, &Globals.bUsershareAllowGuests, NULL, NULL, FLAG_ADVANCED},
 	{"usershare max shares", P_INTEGER, P_GLOBAL, &Globals.iUsershareMaxShares, NULL, NULL, FLAG_ADVANCED},
 	{"usershare owner only", P_BOOL, P_GLOBAL, &Globals.bUsershareOwnerOnly, NULL, NULL, FLAG_ADVANCED}, 
 	{"usershare path", P_STRING, P_GLOBAL, &Globals.szUsersharePath, NULL, NULL, FLAG_ADVANCED},
@@ -1670,6 +1672,8 @@
 	Globals.iUsershareMaxShares = 0;
 	/* By default disallow sharing of directories not owned by the sharer. */
 	Globals.bUsershareOwnerOnly = True;
+	/* By default disallow guest access to usershares. */
+	Globals.bUsershareAllowGuests = False;
 }
 
 static TALLOC_CTX *lp_talloc;
@@ -1875,6 +1879,7 @@
 
 FN_GLOBAL_LIST(lp_eventlog_list, &Globals.szEventLogs)
 
+FN_GLOBAL_BOOL(lp_usershare_allow_guests, &Globals.bUsershareAllowGuests)
 FN_GLOBAL_BOOL(lp_usershare_owner_only, &Globals.bUsershareOwnerOnly)
 FN_GLOBAL_BOOL(lp_disable_netbios, &Globals.bDisableNetbios)
 FN_GLOBAL_BOOL(lp_reset_on_zero_vc, &Globals.bResetOnZeroVC)
@@ -4318,29 +4323,40 @@
 			int numlines,
 			pstring sharepath,
 			pstring comment,
-			SEC_DESC **ppsd)
+			SEC_DESC **ppsd,
+			BOOL *pallow_guest)
 {
 	const char **prefixallowlist = lp_usershare_prefix_allow_list();
 	const char **prefixdenylist = lp_usershare_prefix_deny_list();
+	int us_vers;
 	SMB_STRUCT_DIR *dp;
 	SMB_STRUCT_STAT sbuf;
 
+	*pallow_guest = False;
+
 	if (numlines < 4) {
 		return USERSHARE_MALFORMED_FILE;
 	}
 
-	if (!strequal(lines[0], "#VERSION 1")) {
+	if (strcmp(lines[0], "#VERSION 1") == 0) {
+		us_vers = 1;
+	} else if (strcmp(lines[0], "#VERSION 2") == 0) {
+		us_vers = 2;
+		if (numlines < 5) {
+			return USERSHARE_MALFORMED_FILE;
+		}
+	} else {
 		return USERSHARE_BAD_VERSION;
 	}
 
-	if (!strnequal(lines[1], "path=", 5)) {
+	if (strncmp(lines[1], "path=", 5) != 0) {
 		return USERSHARE_MALFORMED_PATH;
 	}
 
 	pstrcpy(sharepath, &lines[1][5]);
 	trim_string(sharepath, " ", " ");
 
-	if (!strnequal(lines[2], "comment=", 8)) {
+	if (strncmp(lines[2], "comment=", 8) != 0) {
 		return USERSHARE_MALFORMED_COMMENT_DEF;
 	}
 
@@ -4348,7 +4364,7 @@
 	trim_string(comment, " ", " ");
 	trim_char(comment, '"', '"');
 
-	if (!strnequal(lines[3], "usershare_acl=", 14)) {
+	if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
 		return USERSHARE_MALFORMED_ACL_DEF;
 	}
 
@@ -4356,7 +4372,16 @@
 		return USERSHARE_ACL_ERR;
 	}
 
-	if (snum != -1 && strequal(sharepath, ServicePtrs[snum]->szPath)) {
+	if (us_vers == 2) {
+		if (strncmp(lines[4], "guest_ok=", 9) != 0) {
+			return USERSHARE_MALFORMED_ACL_DEF;
+		}
+		if (lines[4][9] == 'y') {
+			*pallow_guest = True;
+		}
+	}
+
+	if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->szPath) == 0)) {
 		/* Path didn't change, no checks needed. */
 		return USERSHARE_OK;
 	}
@@ -4468,6 +4493,7 @@
 	int iService = -1;
 	TALLOC_CTX *ctx = NULL;
 	SEC_DESC *psd = NULL;
+	BOOL guest_ok = False;
 
 	/* Ensure share name doesn't contain invalid characters. */
 	if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
@@ -4561,7 +4587,9 @@
 		return 1;
 	}
 
-	if (parse_usershare_file(ctx, &sbuf, service_name, iService, lines, numlines, sharepath, comment, &psd) != USERSHARE_OK) {
+	if (parse_usershare_file(ctx, &sbuf, service_name,
+			iService, lines, numlines, sharepath,
+			comment, &psd, &guest_ok) != USERSHARE_OK) {
 		talloc_destroy(ctx);
 		SAFE_FREE(lines);
 		return -1;
@@ -4605,6 +4633,11 @@
 	/* Set the service as a valid usershare. */
 	ServicePtrs[iService]->usershare = USERSHARE_VALID;
 
+	/* Set guest access. */
+	if (lp_usershare_allow_guests()) {
+		ServicePtrs[iService]->bGuest_ok = guest_ok;
+	}
+
 	/* And note when it was loaded. */
 	ServicePtrs[iService]->usershare_last_mod = sbuf.st_mtime;
 	string_set(&ServicePtrs[iService]->szPath, sharepath);

Modified: branches/SAMBA_3_0/source/utils/net_usershare.c
===================================================================
--- branches/SAMBA_3_0/source/utils/net_usershare.c	2006-04-30 00:30:35 UTC (rev 15340)
+++ branches/SAMBA_3_0/source/utils/net_usershare.c	2006-04-30 00:36:26 UTC (rev 15341)
@@ -62,12 +62,13 @@
 {
 	char c = *lp_winbind_separator();
 	d_printf(
-		"net usershare add [-l|--long] <sharename> <path> [<comment>] [<acl>]\n"
+		"net usershare add [-l|--long] <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>]\n"
 		"\tAdds the specified share name for this user.\n"
 		"\t<sharename> is the new share name.\n"
 		"\t<path> is the path on the filesystem to export.\n"
 		"\t<comment> is the optional comment for the new share.\n"
 		"\t<acl> is an optional share acl in the format \"DOMAIN%cname:X,DOMAIN%cname:X,....\"\n"
+		"\t<guest_ok=y> if present sets \"guest ok = yes\" on this usershare.\n"
 		"\t\t\"X\" represents a permission and can be any one of the characters f, r or d\n"
 		"\t\twhere \"f\" means full control, \"r\" means read-only, \"d\" means deny access.\n"
 		"\t\tname may be a domain user or group. For local users use the local server name "
@@ -110,7 +111,8 @@
 
 int net_usershare_usage(int argc, const char **argv)
 {
-	d_printf("net usershare add <sharename> <path> [<comment>] [<acl>] to add or change a user defined share.\n"
+	d_printf("net usershare add <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>] to "
+				"add or change a user defined share.\n"
 		"net usershare delete <sharename> to delete a user defined share.\n"
 		"net usershare info [-l|--long] [wildcard sharename] to print info about a user defined share.\n"
 		"net usershare list [-l|--long] [wildcard sharename] to list user defined shares.\n"
@@ -300,6 +302,7 @@
 	int num_aces;
 	char sep_str[2];
 	enum usershare_err us_err;
+	BOOL guest_ok = False;
 
 	sep_str[0] = *lp_winbind_separator();
 	sep_str[1] = '\0';
@@ -346,7 +349,8 @@
 	us_err = parse_usershare_file(ctx, &sbuf, fl->pathname, -1, lines, numlines,
 				sharepath,
 				comment,
-				&psd);
+				&psd,
+				&guest_ok);
 
 	file_lines_free(lines);
 
@@ -400,7 +404,8 @@
 		d_printf("[%s]\n", fl->pathname );
 		d_printf("path=%s\n", sharepath );
 		d_printf("comment=%s\n", comment);
-		d_printf("%s\n\n", acl_str);
+		d_printf("%s\n", acl_str);
+		d_printf("guest_ok=%c\n\n", guest_ok ? 'y' : 'n');
 	} else if (pi->op == US_LIST_OP) {
 		d_printf("%s\n", fl->pathname);
 	}
@@ -475,6 +480,7 @@
 	const char *pacl;
 	size_t to_write;
 	uid_t myeuid = geteuid();
+	BOOL guest_ok = False;
 
 	us_comment = "";
 	arg_acl = "S-1-1-0:R";
@@ -499,6 +505,27 @@
 			us_comment = argv[2];
 			arg_acl = argv[3];
 			break;
+		case 5:
+			sharename = strdup_lower(argv[0]);
+			us_path = argv[1];
+			us_comment = argv[2];
+			arg_acl = argv[3];
+			if (!strnequal(argv[4], "guest_ok=", 9)) {
+				return net_usershare_add_usage(argc, argv);
+			}
+			switch (argv[4][9]) {
+				case 'y':
+				case 'Y':
+					guest_ok = True;
+					break;
+				case 'n':
+				case 'N':
+					guest_ok = False;
+					break;
+				default: 
+					return net_usershare_add_usage(argc, argv);
+			}
+			break;
 	}
 
 	if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
@@ -642,6 +669,15 @@
 	/* Remove the last ',' */
 	us_acl[strlen(us_acl)-1] = '\0';
 
+	if (guest_ok && !lp_usershare_allow_guests()) {
+		d_fprintf(stderr, "net usershare add: guest_ok=y requested "
+			"but the \"usershare allow guests\" parameter is not enabled "
+			"by this server.\n");
+		talloc_destroy(ctx);
+		SAFE_FREE(sharename);
+		return -1;
+	}
+
 	/* Create a temporary filename for this share. */
 	tmpfd = smb_mkstemp(full_path_tmp);
 
@@ -688,9 +724,9 @@
 	}
 
 	/* Create the in-memory image of the file. */
-	file_img = talloc_strdup(ctx, "#VERSION 1\npath=");
-	file_img = talloc_asprintf_append(file_img, "%s\ncomment=%s\nusershare_acl=%s\n",
-			us_path, us_comment, us_acl );
+	file_img = talloc_strdup(ctx, "#VERSION 2\npath=");
+	file_img = talloc_asprintf_append(file_img, "%s\ncomment=%s\nusershare_acl=%s\nguest_ok=%c\n",
+			us_path, us_comment, us_acl, guest_ok ? 'y' : 'n');
 
 	to_write = strlen(file_img);

More information about the samba-cvs mailing list