Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-19 17:20:00 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-19 17:20:00 +0000
commit: 8daa83a594a2e98f39d764422bfbdbc62c9efd44 (patch)
tree: 4099e8021376c7d8c05bdf8503093d80e9c7bad0 /source3/utils/net_usershare.c
parent: Initial commit. (diff)
download: samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.tar.xz
samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.zip
1 files changed, 1172 insertions, 0 deletions
diff --git a/source3/utils/net_usershare.c b/source3/utils/net_usershare.c
new file mode 100644
index 0000000..e5826ee
--- /dev/null
+++ b/source3/utils/net_usershare.c
@@ -0,0 +1,1172 @@
+/*
+   Samba Unix/Linux SMB client library
+   Distributed SMB/CIFS Server Management Utility
+
+   Copyright (C) Jeremy Allison (jra@samba.org) 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/passwd.h"
+#include "system/filesys.h"
+#include "utils/net.h"
+#include "../libcli/security/security.h"
+#include "lib/util/string_wrappers.h"
+
+struct {
+	const char *us_errstr;
+	enum usershare_err us_err;
+} us_errs [] = {
+	{"",USERSHARE_OK},
+	{N_("Malformed usershare file"), USERSHARE_MALFORMED_FILE},
+	{N_("Bad version number"), USERSHARE_BAD_VERSION},
+	{N_("Malformed path entry"), USERSHARE_MALFORMED_PATH},
+	{N_("Malformed comment entryfile"), USERSHARE_MALFORMED_COMMENT_DEF},
+	{N_("Malformed acl definition"), USERSHARE_MALFORMED_ACL_DEF},
+	{N_("Acl parse error"), USERSHARE_ACL_ERR},
+	{N_("Path not absolute"), USERSHARE_PATH_NOT_ABSOLUTE},
+	{N_("Path is denied"), USERSHARE_PATH_IS_DENIED},
+	{N_("Path not allowed"), USERSHARE_PATH_NOT_ALLOWED},
+	{N_("Path is not a directory"), USERSHARE_PATH_NOT_DIRECTORY},
+	{N_("System error"), USERSHARE_POSIX_ERR},
+	{N_("Malformed sharename definition"), USERSHARE_MALFORMED_SHARENAME_DEF},
+	{N_("Bad sharename (doesn't match filename)"), USERSHARE_BAD_SHARENAME},
+	{NULL,(enum usershare_err)-1}
+};
+
+static const char *get_us_error_code(enum usershare_err us_err)
+{
+	char *result;
+	int idx = 0;
+
+	while (us_errs[idx].us_errstr != NULL) {
+		if (us_errs[idx].us_err == us_err) {
+			return us_errs[idx].us_errstr;
+		}
+		idx++;
+	}
+
+	result = talloc_asprintf(talloc_tos(), _("Usershare error code (0x%x)"),
+				 (unsigned int)us_err);
+	SMB_ASSERT(result != NULL);
+	return result;
+}
+
+/* The help subsystem for the USERSHARE subcommand */
+
+static int net_usershare_add_usage(struct net_context *c, int argc, const char **argv)
+{
+	char chr = *lp_winbind_separator();
+	d_printf(_(
+		"net usershare add [--long] <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>]\n"
+		"\tAdds the specified share name for this user.\n"
+		"\t<sharename> is the new share name.\n"
+		"\t<path> is the path on the filesystem to export.\n"
+		"\t<comment> is the optional comment for the new share.\n"
+		"\t<acl> is an optional share acl in the format \"DOMAIN%cname:X,DOMAIN%cname:X,....\"\n"
+		"\t<guest_ok=y> if present sets \"guest ok = yes\" on this usershare.\n"
+		"\t\t\"X\" represents a permission and can be any one of the characters f, r or d\n"
+		"\t\twhere \"f\" means full control, \"r\" means read-only, \"d\" means deny access.\n"
+		"\t\tname may be a domain user or group. For local users use the local server name "
+		"instead of \"DOMAIN\"\n"
+		"\t\tThe default acl is \"Everyone:r\" which allows everyone read-only access.\n"
+		"\tAdd --long to print the info on the newly added share.\n"),
+		chr, chr );
+	return -1;
+}
+
+static int net_usershare_delete_usage(struct net_context *c, int argc, const char **argv)
+{
+	d_printf(_(
+		"net usershare delete <sharename>\n"
+		"\tdeletes the specified share name for this user.\n"));
+	return -1;
+}
+
+static int net_usershare_info_usage(struct net_context *c, int argc, const char **argv)
+{
+	d_printf(_(
+		"net usershare info [--long] [wildcard sharename]\n"
+		"\tPrints out the path, comment and acl elements of shares that match the wildcard.\n"
+		"\tBy default only gives info on shares owned by the current user\n"
+		"\tAdd --long to apply this to all shares\n"
+		"\tOmit the sharename or use a wildcard of '*' to see all shares\n"));
+	return -1;
+}
+
+static int net_usershare_list_usage(struct net_context *c, int argc, const char **argv)
+{
+	d_printf(_(
+		"net usershare list [--long] [wildcard sharename]\n"
+		"\tLists the names of all shares that match the wildcard.\n"
+		"\tBy default only lists shares owned by the current user\n"
+		"\tAdd --long to apply this to all shares\n"
+		"\tOmit the sharename or use a wildcard of '*' to see all shares\n"));
+	return -1;
+}
+
+int net_usershare_usage(struct net_context *c, int argc, const char **argv)
+{
+	d_printf(_("net usershare add <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>] to "
+				"add or change a user defined share.\n"
+		"net usershare delete <sharename> to delete a user defined share.\n"
+		"net usershare info [--long] [wildcard sharename] to print info about a user defined share.\n"
+		"net usershare list [--long] [wildcard sharename] to list user defined shares.\n"
+		"net usershare help\n"
+		"\nType \"net usershare help <option>\" to get more information on that option\n\n"));
+
+	net_common_flags_usage(c, argc, argv);
+	return -1;
+}
+
+/***************************************************************************
+***************************************************************************/
+
+static char *get_basepath(TALLOC_CTX *ctx)
+{
+	const struct loadparm_substitution *lp_sub =
+		loadparm_s3_global_substitution();
+	char *basepath = lp_usershare_path(ctx, lp_sub);
+
+	if (!basepath) {
+		return NULL;
+	}
+	if ((basepath[0] != '\0') && (basepath[strlen(basepath)-1] == '/')) {
+		basepath[strlen(basepath)-1] = '\0';
+	}
+	return basepath;
+}
+
+/***************************************************************************
+ Delete a single userlevel share.
+***************************************************************************/
+
+static int net_usershare_delete(struct net_context *c, int argc, const char **argv)
+{
+	const struct loadparm_substitution *lp_sub =
+		loadparm_s3_global_substitution();
+	char *us_path;
+	char *sharename;
+
+	if (argc != 1 || c->display_usage) {
+		return net_usershare_delete_usage(c, argc, argv);
+	}
+
+	if ((sharename = strlower_talloc(talloc_tos(), argv[0])) == NULL) {
+		d_fprintf(stderr, _("strlower_talloc failed\n"));
+		return -1;
+	}
+
+	if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
+		d_fprintf(stderr, _("net usershare delete: share name %s contains "
+                        "invalid characters (any of %s)\n"),
+                        sharename, INVALID_SHARENAME_CHARS);
+		TALLOC_FREE(sharename);
+		return -1;
+	}
+
+	us_path = talloc_asprintf(talloc_tos(),
+				"%s/%s",
+				lp_usershare_path(talloc_tos(), lp_sub),
+				sharename);
+	if (!us_path) {
+		TALLOC_FREE(sharename);
+		return -1;
+	}
+
+	if (unlink(us_path) != 0) {
+		d_fprintf(stderr, _("net usershare delete: unable to remove usershare %s. "
+			"Error was %s\n"),
+                        us_path, strerror(errno));
+		TALLOC_FREE(sharename);
+		return -1;
+	}
+	TALLOC_FREE(sharename);
+	return 0;
+}
+
+/***************************************************************************
+ Data structures to handle a list of usershare files.
+***************************************************************************/
+
+struct file_list {
+	struct file_list *next, *prev;
+	const char *pathname;
+};
+
+static struct file_list *flist;
+
+/***************************************************************************
+***************************************************************************/
+
+static int get_share_list(TALLOC_CTX *ctx, const char *wcard, bool only_ours)
+{
+	DIR *dp;
+	struct dirent *de;
+	uid_t myuid = geteuid();
+	struct file_list *fl = NULL;
+	char *basepath = get_basepath(ctx);
+
+	if (!basepath) {
+		return -1;
+	}
+	dp = opendir(basepath);
+	if (!dp) {
+		d_fprintf(stderr,
+			_("get_share_list: cannot open usershare directory %s. "
+			  "Error %s\n"),
+			basepath, strerror(errno) );
+		return -1;
+	}
+
+	while((de = readdir(dp)) != 0) {
+		SMB_STRUCT_STAT sbuf;
+		char *path;
+		const char *n = de->d_name;
+
+		/* Ignore . and .. */
+		if (*n == '.') {
+			if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
+				continue;
+			}
+		}
+
+		if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
+			d_fprintf(stderr,
+				  _("get_share_list: ignoring bad share "
+				    "name %s\n"), n);
+			continue;
+		}
+		path = talloc_asprintf(ctx,
+					"%s/%s",
+					basepath,
+					n);
+		if (!path) {
+			closedir(dp);
+			return -1;
+		}
+
+		if (sys_lstat(path, &sbuf, false) != 0) {
+			d_fprintf(stderr,
+				_("get_share_list: can't lstat file %s. Error "
+				  "was %s\n"),
+				path, strerror(errno) );
+			continue;
+		}
+
+		if (!S_ISREG(sbuf.st_ex_mode)) {
+			d_fprintf(stderr,
+				  _("get_share_list: file %s is not a regular "
+				    "file. Ignoring.\n"),
+				path );
+			continue;
+		}
+
+		if (only_ours && sbuf.st_ex_uid != myuid) {
+			continue;
+		}
+
+		if (!unix_wild_match(wcard, n)) {
+			continue;
+		}
+
+		/* (Finally) - add to list. */
+		fl = talloc(ctx, struct file_list);
+		if (!fl) {
+			closedir(dp);
+			return -1;
+		}
+		fl->pathname = talloc_strdup(ctx, n);
+		if (!fl->pathname) {
+			closedir(dp);
+			return -1;
+		}
+
+		DLIST_ADD(flist, fl);
+	}
+
+	closedir(dp);
+	return 0;
+}
+
+enum us_priv_op { US_LIST_OP, US_INFO_OP};
+
+struct us_priv_info {
+	TALLOC_CTX *ctx;
+	enum us_priv_op op;
+	struct net_context *c;
+};
+
+/***************************************************************************
+ Call a function for every share on the list.
+***************************************************************************/
+
+static int process_share_list(int (*fn)(struct file_list *, void *), void *priv)
+{
+	struct file_list *fl;
+	int ret = 0;
+
+	for (fl = flist; fl; fl = fl->next) {
+		ret = (*fn)(fl, priv);
+	}
+
+	return ret;
+}
+
+/***************************************************************************
+ Info function.
+***************************************************************************/
+
+static int info_fn(struct file_list *fl, void *priv)
+{
+	SMB_STRUCT_STAT sbuf;
+	char **lines = NULL;
+	struct us_priv_info *pi = (struct us_priv_info *)priv;
+	TALLOC_CTX *ctx = pi->ctx;
+	struct net_context *c = pi->c;
+	int fd = -1;
+	int numlines = 0;
+	struct security_descriptor *psd = NULL;
+	char *basepath;
+	char *sharepath = NULL;
+	char *comment = NULL;
+	char *cp_sharename = NULL;
+	char *acl_str;
+	int num_aces;
+	char sep_str[2];
+	enum usershare_err us_err;
+	bool guest_ok = false;
+
+	sep_str[0] = *lp_winbind_separator();
+	sep_str[1] = '\0';
+
+	basepath = get_basepath(ctx);
+	if (!basepath) {
+		return -1;
+	}
+	basepath = talloc_asprintf_append(basepath,
+			"/%s",
+			fl->pathname);
+	if (!basepath) {
+		return -1;
+	}
+
+#ifdef O_NOFOLLOW
+	fd = open(basepath, O_RDONLY|O_NOFOLLOW, 0);
+#else
+	fd = open(basepath, O_RDONLY, 0);
+#endif
+
+	if (fd == -1) {
+		d_fprintf(stderr, _("info_fn: unable to open %s. %s\n"),
+                        basepath, strerror(errno) );
+                return -1;
+        }
+
+	/* Paranoia... */
+	if (sys_fstat(fd, &sbuf, false) != 0) {
+		d_fprintf(stderr,
+			_("info_fn: can't fstat file %s. Error was %s\n"),
+			basepath, strerror(errno) );
+		close(fd);
+		return -1;
+	}
+
+	if (!S_ISREG(sbuf.st_ex_mode)) {
+		d_fprintf(stderr,
+			_("info_fn: file %s is not a regular file. Ignoring.\n"),
+			basepath );
+		close(fd);
+		return -1;
+	}
+
+	lines = fd_lines_load(fd, &numlines, 10240, NULL);
+	close(fd);
+
+	if (lines == NULL) {
+		return -1;
+	}
+
+	/* Ensure it's well formed. */
+	us_err = parse_usershare_file(ctx, &sbuf, fl->pathname, -1, lines, numlines,
+				&sharepath,
+				&comment,
+				&cp_sharename,
+				&psd,
+				&guest_ok);
+
+	TALLOC_FREE(lines);
+
+	if (us_err != USERSHARE_OK) {
+		d_fprintf(stderr,
+			_("info_fn: file %s is not a well formed usershare "
+			  "file.\n"),
+			basepath );
+		d_fprintf(stderr, _("info_fn: Error was %s.\n"),
+			get_us_error_code(us_err) );
+		return -1;
+	}
+
+	acl_str = talloc_strdup(ctx, "usershare_acl=");
+	if (!acl_str) {
+		return -1;
+	}
+
+	for (num_aces = 0; num_aces < psd->dacl->num_aces; num_aces++) {
+		const char *domain;
+		const char *name;
+		NTSTATUS ntstatus;
+
+		ntstatus = net_lookup_name_from_sid(c, ctx,
+				                    &psd->dacl->aces[num_aces].trustee,
+						    &domain, &name);
+
+		if (NT_STATUS_IS_OK(ntstatus)) {
+			if (domain && *domain) {
+				acl_str = talloc_asprintf_append(acl_str,
+						"%s%s",
+						domain,
+						sep_str);
+				if (!acl_str) {
+					return -1;
+				}
+			}
+			acl_str = talloc_asprintf_append(acl_str,
+						"%s",
+						name);
+			if (!acl_str) {
+				return -1;
+			}
+
+		} else {
+			struct dom_sid_buf sidstr;
+
+			acl_str = talloc_asprintf_append(
+				acl_str,
+				"%s",
+				dom_sid_str_buf(
+					&psd->dacl->aces[num_aces].trustee,
+					&sidstr));
+			if (!acl_str) {
+				return -1;
+			}
+		}
+		acl_str = talloc_asprintf_append(acl_str, ":");
+		if (!acl_str) {
+			return -1;
+		}
+
+		if (psd->dacl->aces[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) {
+			acl_str = talloc_asprintf_append(acl_str, "D,");
+			if (!acl_str) {
+				return -1;
+			}
+		} else {
+			if (psd->dacl->aces[num_aces].access_mask & GENERIC_ALL_ACCESS) {
+				acl_str = talloc_asprintf_append(acl_str, "F,");
+			} else {
+				acl_str = talloc_asprintf_append(acl_str, "R,");
+			}
+			if (!acl_str) {
+				return -1;
+			}
+		}
+	}
+
+	/* NOTE: This is smb.conf-like output. Do not translate. */
+	if (pi->op == US_INFO_OP) {
+		d_printf("[%s]\n", cp_sharename );
+		d_printf("path=%s\n", sharepath );
+		d_printf("comment=%s\n", comment);
+		d_printf("%s\n", acl_str);
+		d_printf("guest_ok=%c\n\n", guest_ok ? 'y' : 'n');
+	} else if (pi->op == US_LIST_OP) {
+		d_printf("%s\n", cp_sharename);
+	}
+
+	return 0;
+}
+
+/***************************************************************************
+ Print out info (internal detail) on userlevel shares.
+***************************************************************************/
+
+static int net_usershare_info(struct net_context *c, int argc, const char **argv)
+{
+	fstring wcard;
+	bool only_ours = true;
+	int ret = -1;
+	struct us_priv_info pi;
+	TALLOC_CTX *ctx;
+
+	fstrcpy(wcard, "*");
+
+	if (c->display_usage)
+		return net_usershare_info_usage(c, argc, argv);
+
+	if (c->opt_long_list_entries) {
+		only_ours = false;
+	}
+
+	switch (argc) {
+		case 0:
+			break;
+		case 1:
+			fstrcpy(wcard, argv[0]);
+			break;
+		default:
+			return net_usershare_info_usage(c, argc, argv);
+	}
+
+	if (!strlower_m(wcard)) {
+		return -1;
+	}
+
+	ctx = talloc_init("share_info");
+	ret = get_share_list(ctx, wcard, only_ours);
+	if (ret) {
+		return ret;
+	}
+
+	pi.ctx = ctx;
+	pi.op = US_INFO_OP;
+	pi.c = c;
+
+	ret = process_share_list(info_fn, &pi);
+	talloc_destroy(ctx);
+	return ret;
+}
+
+/***************************************************************************
+ Count the current total number of usershares.
+***************************************************************************/
+
+static int count_num_usershares(void)
+{
+	DIR *dp;
+	struct dirent *de;
+	int num_usershares = 0;
+	TALLOC_CTX *ctx = talloc_tos();
+	char *basepath = get_basepath(ctx);
+
+	if (!basepath) {
+		return -1;
+	}
+
+	dp = opendir(basepath);
+	if (!dp) {
+		d_fprintf(stderr,
+			_("count_num_usershares: cannot open usershare "
+			  "directory %s. Error %s\n"),
+			basepath, strerror(errno) );
+		return -1;
+	}
+
+	while((de = readdir(dp)) != 0) {
+		SMB_STRUCT_STAT sbuf;
+		char *path;
+		const char *n = de->d_name;
+
+		/* Ignore . and .. */
+		if (*n == '.') {
+			if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
+				continue;
+			}
+		}
+
+		if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
+			d_fprintf(stderr,
+				  _("count_num_usershares: ignoring bad share "
+				    "name %s\n"), n);
+			continue;
+		}
+		path = talloc_asprintf(ctx,
+				"%s/%s",
+				basepath,
+				n);
+		if (!path) {
+			closedir(dp);
+			return -1;
+		}
+
+		if (sys_lstat(path, &sbuf, false) != 0) {
+			d_fprintf(stderr,
+				_("count_num_usershares: can't lstat file %s. "
+				  "Error was %s\n"),
+				path, strerror(errno) );
+			continue;
+		}
+
+		if (!S_ISREG(sbuf.st_ex_mode)) {
+			d_fprintf(stderr,
+				_("count_num_usershares: file %s is not a "
+				  "regular file. Ignoring.\n"),
+				path );
+			continue;
+		}
+		num_usershares++;
+	}
+
+	closedir(dp);
+	return num_usershares;
+}
+
+/***************************************************************************
+ Add a single userlevel share.
+***************************************************************************/
+
+static int net_usershare_add(struct net_context *c, int argc, const char **argv)
+{
+	TALLOC_CTX *ctx = talloc_stackframe();
+	SMB_STRUCT_STAT sbuf;
+	SMB_STRUCT_STAT lsbuf;
+	char *sharename;
+	const char *cp_sharename;
+	char *full_path;
+	char *full_path_tmp;
+	const char *us_path;
+	const char *us_comment;
+	const char *arg_acl;
+	char *us_acl;
+	char *file_img;
+	int num_aces = 0;
+	int i;
+	int tmpfd;
+	const char *pacl;
+	size_t to_write;
+	uid_t myeuid = geteuid();
+	bool guest_ok = false;
+	int num_usershares;
+	mode_t mask;
+
+	us_comment = "";
+	arg_acl = "S-1-1-0:R";
+
+	if (c->display_usage) {
+		TALLOC_FREE(ctx);
+		return net_usershare_add_usage(c, argc, argv);
+	}
+
+	switch (argc) {
+		case 0:
+		case 1:
+		default:
+			TALLOC_FREE(ctx);
+			return net_usershare_add_usage(c, argc, argv);
+		case 2:
+			cp_sharename = argv[0];
+			sharename = strlower_talloc(ctx, argv[0]);
+			us_path = argv[1];
+			break;
+		case 3:
+			cp_sharename = argv[0];
+			sharename = strlower_talloc(ctx, argv[0]);
+			us_path = argv[1];
+			us_comment = argv[2];
+			break;
+		case 4:
+			cp_sharename = argv[0];
+			sharename = strlower_talloc(ctx, argv[0]);
+			us_path = argv[1];
+			us_comment = argv[2];
+			arg_acl = argv[3];
+			break;
+		case 5:
+			cp_sharename = argv[0];
+			sharename = strlower_talloc(ctx, argv[0]);
+			us_path = argv[1];
+			us_comment = argv[2];
+			arg_acl = argv[3];
+			if (strlen(arg_acl) == 0) {
+				arg_acl = "S-1-1-0:R";
+			}
+			if (!strnequal(argv[4], "guest_ok=", 9)) {
+				TALLOC_FREE(ctx);
+				return net_usershare_add_usage(c, argc, argv);
+			}
+			switch (argv[4][9]) {
+				case 'y':
+				case 'Y':
+					guest_ok = true;
+					break;
+				case 'n':
+				case 'N':
+					guest_ok = false;
+					break;
+				default:
+					TALLOC_FREE(ctx);
+					return net_usershare_add_usage(c, argc, argv);
+			}
+			break;
+	}
+
+	/* Ensure we're under the "usershare max shares" number. Advisory only. */
+	num_usershares = count_num_usershares();
+	if (num_usershares >= lp_usershare_max_shares()) {
+		d_fprintf(stderr,
+			_("net usershare add: maximum number of allowed "
+			  "usershares (%d) reached\n"),
+			lp_usershare_max_shares() );
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
+		d_fprintf(stderr, _("net usershare add: share name %s contains "
+                        "invalid characters (any of %s)\n"),
+                        sharename, INVALID_SHARENAME_CHARS);
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	/* Disallow shares the same as users. */
+	if (getpwnam(sharename)) {
+		d_fprintf(stderr,
+			_("net usershare add: share name %s is already a valid "
+			  "system user name\n"),
+			sharename );
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	/* Construct the full path for the usershare file. */
+	full_path = get_basepath(ctx);
+	if (!full_path) {
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+	full_path_tmp = talloc_asprintf(ctx,
+			"%s/:tmpXXXXXX",
+			full_path);
+	if (!full_path_tmp) {
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	full_path = talloc_asprintf_append(full_path,
+					"/%s",
+					sharename);
+	if (!full_path) {
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	/* The path *must* be absolute. */
+	if (us_path[0] != '/') {
+		d_fprintf(stderr,
+			_("net usershare add: path %s is not an absolute "
+			  "path.\n"),
+			us_path);
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	/* Check the directory to be shared exists. */
+	if (sys_stat(us_path, &sbuf, false) != 0) {
+		d_fprintf(stderr,
+			_("net usershare add: cannot stat path %s to ensure "
+			  "this is a directory. Error was %s\n"),
+			us_path, strerror(errno) );
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	if (!S_ISDIR(sbuf.st_ex_mode)) {
+		d_fprintf(stderr,
+			_("net usershare add: path %s is not a directory.\n"),
+			us_path );
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	/* If we're not root, check if we're restricted to sharing out directories
+	   that we own only. */
+
+	if ((myeuid != 0) && lp_usershare_owner_only() && (myeuid != sbuf.st_ex_uid)) {
+		d_fprintf(stderr, _("net usershare add: cannot share path %s as "
+			"we are restricted to only sharing directories we own.\n"
+			"\tAsk the administrator to add the line \"usershare owner only = false\" \n"
+			"\tto the [global] section of the smb.conf to allow this.\n"),
+			us_path );
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	/* No validation needed on comment. Now go through and validate the
+	   acl string. Convert names to SID's as needed. Then run it through
+	   parse_usershare_acl to ensure it's valid. */
+
+	/* Start off the string we'll append to. */
+	us_acl = talloc_strdup(ctx, "");
+	if (!us_acl) {
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	pacl = arg_acl;
+	num_aces = 1;
+
+	/* Add the number of ',' characters to get the number of aces. */
+	num_aces += count_chars(pacl,',');
+
+	for (i = 0; i < num_aces; i++) {
+		struct dom_sid sid;
+		struct dom_sid_buf buf;
+		const char *pcolon = strchr_m(pacl, ':');
+		const char *name;
+
+		if (pcolon == NULL) {
+			d_fprintf(stderr,
+				_("net usershare add: malformed acl %s "
+				  "(missing ':').\n"),
+				pacl );
+			TALLOC_FREE(ctx);
+			return -1;
+		}
+
+		switch(pcolon[1]) {
+			case 'f':
+			case 'F':
+			case 'd':
+			case 'r':
+			case 'R':
+				break;
+			default:
+				d_fprintf(stderr,
+					_("net usershare add: malformed acl %s "
+					  "(access control must be 'r', 'f', "
+					  "or 'd')\n"),
+					pacl );
+				TALLOC_FREE(ctx);
+				return -1;
+		}
+
+		if (pcolon[2] != ',' && pcolon[2] != '\0') {
+			d_fprintf(stderr,
+				_("net usershare add: malformed terminating "
+				  "character for acl %s\n"),
+				pacl );
+			TALLOC_FREE(ctx);
+			return -1;
+		}
+
+		/* Get the name */
+		if ((name = talloc_strndup(ctx, pacl, pcolon - pacl)) == NULL) {
+			d_fprintf(stderr, _("talloc_strndup failed\n"));
+			TALLOC_FREE(ctx);
+			return -1;
+		}
+		if (!string_to_sid(&sid, name)) {
+			/* Convert to a SID */
+			NTSTATUS ntstatus = net_lookup_sid_from_name(c, ctx, name, &sid);
+			if (!NT_STATUS_IS_OK(ntstatus)) {
+				d_fprintf(stderr,
+					_("net usershare add: cannot convert "
+					  "name \"%s\" to a SID. %s."),
+					name, get_friendly_nt_error_msg(ntstatus) );
+				if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_CONNECTION_REFUSED)) {
+					d_fprintf(stderr,
+					    _(" Maybe smbd is not running.\n"));
+				} else {
+					d_fprintf(stderr, "\n");
+				}
+				TALLOC_FREE(ctx);
+				return -1;
+			}
+		}
+		us_acl = talloc_asprintf_append(
+			us_acl,
+			"%s:%c,",
+			dom_sid_str_buf(&sid, &buf),
+			pcolon[1]);
+		if (us_acl == NULL) {
+			d_fprintf(stderr,
+				  _("net usershare add: talloc_asprintf_append() failed\n"));
+			TALLOC_FREE(ctx);
+			return -1;
+		}
+
+		/* Move to the next ACL entry. */
+		if (pcolon[2] == ',') {
+			pacl = &pcolon[3];
+		}
+	}
+
+	/* Remove the last ',' */
+	us_acl[strlen(us_acl)-1] = '\0';
+
+	if (guest_ok && !lp_usershare_allow_guests()) {
+		d_fprintf(stderr, _("net usershare add: guest_ok=y requested "
+			"but the \"usershare allow guests\" parameter is not "
+			"enabled by this server.\n"));
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	/* Create a temporary filename for this share. */
+	mask = umask(S_IRWXO | S_IRWXG);
+	tmpfd = mkstemp(full_path_tmp);
+	umask(mask);
+
+	if (tmpfd == -1) {
+		d_fprintf(stderr,
+			  _("net usershare add: cannot create tmp file %s\n"),
+			  full_path_tmp );
+		TALLOC_FREE(ctx);
+		return -1;
+	}
+
+	/* Ensure we opened the file we thought we did. */
+	if (sys_lstat(full_path_tmp, &lsbuf, false) != 0) {
+		d_fprintf(stderr,
+			  _("net usershare add: cannot lstat tmp file %s\n"),
+			  full_path_tmp );
+		TALLOC_FREE(ctx);
+		close(tmpfd);
+		return -1;
+	}
+
+	/* Check this is the same as the file we opened. */
+	if (sys_fstat(tmpfd, &sbuf, false) != 0) {
+		d_fprintf(stderr,
+			  _("net usershare add: cannot fstat tmp file %s\n"),
+			  full_path_tmp );
+		TALLOC_FREE(ctx);
+		close(tmpfd);
+		return -1;
+	}
+
+	if (!S_ISREG(sbuf.st_ex_mode) || sbuf.st_ex_dev != lsbuf.st_ex_dev || sbuf.st_ex_ino != lsbuf.st_ex_ino) {
+		d_fprintf(stderr,
+			  _("net usershare add: tmp file %s is not a regular "
+			    "file ?\n"),
+			  full_path_tmp );
+		TALLOC_FREE(ctx);
+		close(tmpfd);
+		return -1;
+	}
+
+	if (fchmod(tmpfd, 0644) == -1) {
+		d_fprintf(stderr,
+			  _("net usershare add: failed to fchmod tmp file %s "
+			    "to 0644\n"),
+			  full_path_tmp );
+		TALLOC_FREE(ctx);
+		close(tmpfd);
+		return -1;
+	}
+
+	/* Create the in-memory image of the file. */
+	file_img = talloc_strdup(ctx, "#VERSION 2\npath=");
+	if (file_img == NULL) {
+		d_fprintf(stderr,
+			  _("net usershare add: talloc_strdup() failed\n"));
+		TALLOC_FREE(ctx);
+		close(tmpfd);
+		return -1;
+	}
+	file_img = talloc_asprintf_append(file_img,
+			"%s\ncomment=%s\nusershare_acl=%s\n"
+			"guest_ok=%c\nsharename=%s\n",
+			us_path,
+			us_comment,
+			us_acl,
+			guest_ok ? 'y' : 'n',
+			cp_sharename);
+	if (file_img == NULL) {
+		d_fprintf(stderr,
+			  _("net usershare add: talloc_asprintf_append() failed\n"));
+		TALLOC_FREE(ctx);
+		close(tmpfd);
+		return -1;
+	}
+
+	to_write = strlen(file_img);
+
+	if (write(tmpfd, file_img, to_write) != to_write) {
+		d_fprintf(stderr,
+			_("net usershare add: failed to write %u bytes to "
+			  "file %s. Error was %s\n"),
+			(unsigned int)to_write, full_path_tmp, strerror(errno));
+		unlink(full_path_tmp);
+		TALLOC_FREE(ctx);
+		close(tmpfd);
+		return -1;
+	}
+
+	/* Attempt to replace any existing share by this name. */
+	if (rename(full_path_tmp, full_path) != 0) {
+		unlink(full_path_tmp);
+		d_fprintf(stderr,
+			_("net usershare add: failed to add share %s. Error "
+			  "was %s\n"),
+			sharename, strerror(errno));
+		TALLOC_FREE(ctx);
+		close(tmpfd);
+		return -1;
+	}
+
+	close(tmpfd);
+
+	if (c->opt_long_list_entries) {
+		const char *my_argv[2];
+		my_argv[0] = sharename;
+		my_argv[1] = NULL;
+		net_usershare_info(c, 1, my_argv);
+	}
+
+	TALLOC_FREE(ctx);
+	return 0;
+}
+
+#if 0
+/***************************************************************************
+ List function.
+***************************************************************************/
+
+static int list_fn(struct file_list *fl, void *priv)
+{
+	d_printf("%s\n", fl->pathname);
+	return 0;
+}
+#endif
+
+/***************************************************************************
+ List userlevel shares.
+***************************************************************************/
+
+static int net_usershare_list(struct net_context *c, int argc,
+			      const char **argv)
+{
+	fstring wcard;
+	bool only_ours = true;
+	int ret = -1;
+	struct us_priv_info pi;
+	TALLOC_CTX *ctx;
+
+	fstrcpy(wcard, "*");
+
+	if (c->display_usage)
+		return net_usershare_list_usage(c, argc, argv);
+
+	if (c->opt_long_list_entries) {
+		only_ours = false;
+	}
+
+	switch (argc) {
+		case 0:
+			break;
+		case 1:
+			fstrcpy(wcard, argv[0]);
+			break;
+		default:
+			return net_usershare_list_usage(c, argc, argv);
+	}
+
+	if (!strlower_m(wcard)) {
+		return -1;
+	}
+
+	ctx = talloc_init("share_list");
+	ret = get_share_list(ctx, wcard, only_ours);
+	if (ret) {
+		return ret;
+	}
+
+	pi.ctx = ctx;
+	pi.op = US_LIST_OP;
+	pi.c = c;
+
+	ret = process_share_list(info_fn, &pi);
+	talloc_destroy(ctx);
+	return ret;
+}
+
+/***************************************************************************
+ Entry-point for all the USERSHARE functions.
+***************************************************************************/
+
+int net_usershare(struct net_context *c, int argc, const char **argv)
+{
+	const struct loadparm_substitution *lp_sub =
+		loadparm_s3_global_substitution();
+	DIR *dp;
+
+	struct functable func[] = {
+		{
+			"add",
+			net_usershare_add,
+			NET_TRANSPORT_LOCAL,
+			N_("Add/modify user defined share"),
+			N_("net usershare add\n"
+			   "    Add/modify user defined share")
+		},
+		{
+			"delete",
+			net_usershare_delete,
+			NET_TRANSPORT_LOCAL,
+			N_("Delete user defined share"),
+			N_("net usershare delete\n"
+			   "    Delete user defined share")
+		},
+		{
+			"info",
+			net_usershare_info,
+			NET_TRANSPORT_LOCAL,
+			N_("Display information about a user defined share"),
+			N_("net usershare info\n"
+			   "    Display information about a user defined share")
+		},
+		{
+			"list",
+			net_usershare_list,
+			NET_TRANSPORT_LOCAL,
+			N_("List user defined shares"),
+			N_("net usershare list\n"
+			   "    List user defined shares")
+		},
+		{NULL, NULL, 0, NULL, NULL}
+	};
+
+	if (lp_usershare_max_shares() == 0) {
+		d_fprintf(stderr,
+			  _("net usershare: usershares are currently "
+			    "disabled\n"));
+		return -1;
+	}
+
+	dp = opendir(lp_usershare_path(talloc_tos(), lp_sub));
+	if (!dp) {
+		int err = errno;
+		d_fprintf(stderr,
+			_("net usershare: cannot open usershare directory %s. "
+			  "Error %s\n"),
+			lp_usershare_path(talloc_tos(), lp_sub), strerror(err) );
+		if (err == EACCES) {
+			d_fprintf(stderr,
+				_("You do not have permission to create a "
+				"usershare. Ask your administrator to grant "
+				"you permissions to create a share.\n"));
+		} else if (err == ENOENT) {
+			d_fprintf(stderr,
+				_("Please ask your system administrator to "
+				  "enable user sharing.\n"));
+		}
+		return -1;
+	}
+	closedir(dp);
+
+	return net_run_function(c, argc, argv, "net usershare", func);
+}
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-19 17:20:00 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-19 17:20:00 +0000
commit	8daa83a594a2e98f39d764422bfbdbc62c9efd44 (patch)
tree	4099e8021376c7d8c05bdf8503093d80e9c7bad0 /source3/utils/net_usershare.c
parent	Initial commit. (diff)
download	samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.tar.xz samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.zip