diff options
| -rw-r--r-- | source3/param/loadparm.c | 47 | ||||
| -rw-r--r-- | source3/utils/net_usershare.c | 50 |
2 files changed, 83 insertions, 14 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index b2ce9b7f4f..fc34c067c8 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -309,6 +309,7 @@ typedef struct { BOOL bEnablePrivileges; BOOL bASUSupport; BOOL bUsershareOwnerOnly; + BOOL bUsershareAllowGuests; int restrict_anonymous; int name_cache_timeout; int client_signing; @@ -1239,6 +1240,7 @@ static struct parm_struct parm_table[] = { {"root preexec close", P_BOOL, P_LOCAL, &sDefault.bRootpreexecClose, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE}, {"root postexec", P_STRING, P_LOCAL, &sDefault.szRootPostExec, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT}, {"available", P_BOOL, P_LOCAL, &sDefault.bAvailable, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT}, + {"usershare allow guests", P_BOOL, P_GLOBAL, &Globals.bUsershareAllowGuests, NULL, NULL, FLAG_ADVANCED}, {"usershare max shares", P_INTEGER, P_GLOBAL, &Globals.iUsershareMaxShares, NULL, NULL, FLAG_ADVANCED}, {"usershare owner only", P_BOOL, P_GLOBAL, &Globals.bUsershareOwnerOnly, NULL, NULL, FLAG_ADVANCED}, {"usershare path", P_STRING, P_GLOBAL, &Globals.szUsersharePath, NULL, NULL, FLAG_ADVANCED}, @@ -1670,6 +1672,8 @@ static void init_globals(BOOL first_time_only) Globals.iUsershareMaxShares = 0; /* By default disallow sharing of directories not owned by the sharer. */ Globals.bUsershareOwnerOnly = True; + /* By default disallow guest access to usershares. */ + Globals.bUsershareAllowGuests = False; } static TALLOC_CTX *lp_talloc; @@ -1875,6 +1879,7 @@ FN_GLOBAL_LIST(lp_usershare_prefix_deny_list, &Globals.szUsersharePrefixDenyList FN_GLOBAL_LIST(lp_eventlog_list, &Globals.szEventLogs) +FN_GLOBAL_BOOL(lp_usershare_allow_guests, &Globals.bUsershareAllowGuests) FN_GLOBAL_BOOL(lp_usershare_owner_only, &Globals.bUsershareOwnerOnly) FN_GLOBAL_BOOL(lp_disable_netbios, &Globals.bDisableNetbios) FN_GLOBAL_BOOL(lp_reset_on_zero_vc, &Globals.bResetOnZeroVC) @@ -4318,29 +4323,40 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx, int numlines, pstring sharepath, pstring comment, - SEC_DESC **ppsd) + SEC_DESC **ppsd, + BOOL *pallow_guest) { const char **prefixallowlist = lp_usershare_prefix_allow_list(); const char **prefixdenylist = lp_usershare_prefix_deny_list(); + int us_vers; SMB_STRUCT_DIR *dp; SMB_STRUCT_STAT sbuf; + *pallow_guest = False; + if (numlines < 4) { return USERSHARE_MALFORMED_FILE; } - if (!strequal(lines[0], "#VERSION 1")) { + if (strcmp(lines[0], "#VERSION 1") == 0) { + us_vers = 1; + } else if (strcmp(lines[0], "#VERSION 2") == 0) { + us_vers = 2; + if (numlines < 5) { + return USERSHARE_MALFORMED_FILE; + } + } else { return USERSHARE_BAD_VERSION; } - if (!strnequal(lines[1], "path=", 5)) { + if (strncmp(lines[1], "path=", 5) != 0) { return USERSHARE_MALFORMED_PATH; } pstrcpy(sharepath, &lines[1][5]); trim_string(sharepath, " ", " "); - if (!strnequal(lines[2], "comment=", 8)) { + if (strncmp(lines[2], "comment=", 8) != 0) { return USERSHARE_MALFORMED_COMMENT_DEF; } @@ -4348,7 +4364,7 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx, trim_string(comment, " ", " "); trim_char(comment, '"', '"'); - if (!strnequal(lines[3], "usershare_acl=", 14)) { + if (strncmp(lines[3], "usershare_acl=", 14) != 0) { return USERSHARE_MALFORMED_ACL_DEF; } @@ -4356,7 +4372,16 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx, return USERSHARE_ACL_ERR; } - if (snum != -1 && strequal(sharepath, ServicePtrs[snum]->szPath)) { + if (us_vers == 2) { + if (strncmp(lines[4], "guest_ok=", 9) != 0) { + return USERSHARE_MALFORMED_ACL_DEF; + } + if (lines[4][9] == 'y') { + *pallow_guest = True; + } + } + + if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->szPath) == 0)) { /* Path didn't change, no checks needed. */ return USERSHARE_OK; } @@ -4468,6 +4493,7 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i int iService = -1; TALLOC_CTX *ctx = NULL; SEC_DESC *psd = NULL; + BOOL guest_ok = False; /* Ensure share name doesn't contain invalid characters. */ if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) { @@ -4561,7 +4587,9 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i return 1; } - if (parse_usershare_file(ctx, &sbuf, service_name, iService, lines, numlines, sharepath, comment, &psd) != USERSHARE_OK) { + if (parse_usershare_file(ctx, &sbuf, service_name, + iService, lines, numlines, sharepath, + comment, &psd, &guest_ok) != USERSHARE_OK) { talloc_destroy(ctx); SAFE_FREE(lines); return -1; @@ -4605,6 +4633,11 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i /* Set the service as a valid usershare. */ ServicePtrs[iService]->usershare = USERSHARE_VALID; + /* Set guest access. */ + if (lp_usershare_allow_guests()) { + ServicePtrs[iService]->bGuest_ok = guest_ok; + } + /* And note when it was loaded. */ ServicePtrs[iService]->usershare_last_mod = sbuf.st_mtime; string_set(&ServicePtrs[iService]->szPath, sharepath); diff --git a/source3/utils/net_usershare.c b/source3/utils/net_usershare.c index 1a5c077721..1ee156c4ee 100644 --- a/source3/utils/net_usershare.c +++ b/source3/utils/net_usershare.c @@ -62,12 +62,13 @@ static int net_usershare_add_usage(int argc, const char **argv) { char c = *lp_winbind_separator(); d_printf( - "net usershare add [-l|--long] <sharename> <path> [<comment>] [<acl>]\n" + "net usershare add [-l|--long] <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>]\n" "\tAdds the specified share name for this user.\n" "\t<sharename> is the new share name.\n" "\t<path> is the path on the filesystem to export.\n" "\t<comment> is the optional comment for the new share.\n" "\t<acl> is an optional share acl in the format \"DOMAIN%cname:X,DOMAIN%cname:X,....\"\n" + "\t<guest_ok=y> if present sets \"guest ok = yes\" on this usershare.\n" "\t\t\"X\" represents a permission and can be any one of the characters f, r or d\n" "\t\twhere \"f\" means full control, \"r\" means read-only, \"d\" means deny access.\n" "\t\tname may be a domain user or group. For local users use the local server name " @@ -110,7 +111,8 @@ static int net_usershare_list_usage(int argc, const char **argv) int net_usershare_usage(int argc, const char **argv) { - d_printf("net usershare add <sharename> <path> [<comment>] [<acl>] to add or change a user defined share.\n" + d_printf("net usershare add <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>] to " + "add or change a user defined share.\n" "net usershare delete <sharename> to delete a user defined share.\n" "net usershare info [-l|--long] [wildcard sharename] to print info about a user defined share.\n" "net usershare list [-l|--long] [wildcard sharename] to list user defined shares.\n" @@ -300,6 +302,7 @@ static int info_fn(struct file_list *fl, void *priv) int num_aces; char sep_str[2]; enum usershare_err us_err; + BOOL guest_ok = False; sep_str[0] = *lp_winbind_separator(); sep_str[1] = '\0'; @@ -346,7 +349,8 @@ static int info_fn(struct file_list *fl, void *priv) us_err = parse_usershare_file(ctx, &sbuf, fl->pathname, -1, lines, numlines, sharepath, comment, - &psd); + &psd, + &guest_ok); file_lines_free(lines); @@ -400,7 +404,8 @@ static int info_fn(struct file_list *fl, void *priv) d_printf("[%s]\n", fl->pathname ); d_printf("path=%s\n", sharepath ); d_printf("comment=%s\n", comment); - d_printf("%s\n\n", acl_str); + d_printf("%s\n", acl_str); + d_printf("guest_ok=%c\n\n", guest_ok ? 'y' : 'n'); } else if (pi->op == US_LIST_OP) { d_printf("%s\n", fl->pathname); } @@ -475,6 +480,7 @@ static int net_usershare_add(int argc, const char **argv) const char *pacl; size_t to_write; uid_t myeuid = geteuid(); + BOOL guest_ok = False; us_comment = ""; arg_acl = "S-1-1-0:R"; @@ -499,6 +505,27 @@ static int net_usershare_add(int argc, const char **argv) us_comment = argv[2]; arg_acl = argv[3]; break; + case 5: + sharename = strdup_lower(argv[0]); + us_path = argv[1]; + us_comment = argv[2]; + arg_acl = argv[3]; + if (!strnequal(argv[4], "guest_ok=", 9)) { + return net_usershare_add_usage(argc, argv); + } + switch (argv[4][9]) { + case 'y': + case 'Y': + guest_ok = True; + break; + case 'n': + case 'N': + guest_ok = False; + break; + default: + return net_usershare_add_usage(argc, argv); + } + break; } if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) { @@ -642,6 +669,15 @@ static int net_usershare_add(int argc, const char **argv) /* Remove the last ',' */ us_acl[strlen(us_acl)-1] = '\0'; + if (guest_ok && !lp_usershare_allow_guests()) { + d_fprintf(stderr, "net usershare add: guest_ok=y requested " + "but the \"usershare allow guests\" parameter is not enabled " + "by this server.\n"); + talloc_destroy(ctx); + SAFE_FREE(sharename); + return -1; + } + /* Create a temporary filename for this share. */ tmpfd = smb_mkstemp(full_path_tmp); @@ -688,9 +724,9 @@ static int net_usershare_add(int argc, const char **argv) } /* Create the in-memory image of the file. */ - file_img = talloc_strdup(ctx, "#VERSION 1\npath="); - file_img = talloc_asprintf_append(file_img, "%s\ncomment=%s\nusershare_acl=%s\n", - us_path, us_comment, us_acl ); + file_img = talloc_strdup(ctx, "#VERSION 2\npath="); + file_img = talloc_asprintf_append(file_img, "%s\ncomment=%s\nusershare_acl=%s\nguest_ok=%c\n", + us_path, us_comment, us_acl, guest_ok ? 'y' : 'n'); to_write = strlen(file_img); |