2
Samba Unix/Linux SMB client library
3
Distributed SMB/CIFS Server Management Utility
5
Copyright (C) Jeremy Allison (jra@samba.org) 2005
7
This program is free software; you can redistribute it and/or modify
8
it under the terms of the GNU General Public License as published by
9
the Free Software Foundation; either version 3 of the License, or
10
(at your option) any later version.
12
This program is distributed in the hope that it will be useful,
13
but WITHOUT ANY WARRANTY; without even the implied warranty of
14
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
GNU General Public License for more details.
17
You should have received a copy of the GNU General Public License
18
along with this program. If not, see <http://www.gnu.org/licenses/>.
22
#include "utils/net.h"
25
const char *us_errstr;
26
enum usershare_err us_err;
29
{"Malformed usershare file", USERSHARE_MALFORMED_FILE},
30
{"Bad version number", USERSHARE_BAD_VERSION},
31
{"Malformed path entry", USERSHARE_MALFORMED_PATH},
32
{"Malformed comment entryfile", USERSHARE_MALFORMED_COMMENT_DEF},
33
{"Malformed acl definition", USERSHARE_MALFORMED_ACL_DEF},
34
{"Acl parse error", USERSHARE_ACL_ERR},
35
{"Path not absolute", USERSHARE_PATH_NOT_ABSOLUTE},
36
{"Path is denied", USERSHARE_PATH_IS_DENIED},
37
{"Path not allowed", USERSHARE_PATH_NOT_ALLOWED},
38
{"Path is not a directory", USERSHARE_PATH_NOT_DIRECTORY},
39
{"System error", USERSHARE_POSIX_ERR},
40
{NULL,(enum usershare_err)-1}
43
static const char *get_us_error_code(enum usershare_err us_err)
48
while (us_errs[idx].us_errstr != NULL) {
49
if (us_errs[idx].us_err == us_err) {
50
return us_errs[idx].us_errstr;
55
result = talloc_asprintf(talloc_tos(), "Usershare error code (0x%x)",
56
(unsigned int)us_err);
57
SMB_ASSERT(result != NULL);
61
/* The help subsystem for the USERSHARE subcommand */
63
static int net_usershare_add_usage(struct net_context *c, int argc, const char **argv)
65
char chr = *lp_winbind_separator();
67
"net usershare add [-l|--long] <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>]\n"
68
"\tAdds the specified share name for this user.\n"
69
"\t<sharename> is the new share name.\n"
70
"\t<path> is the path on the filesystem to export.\n"
71
"\t<comment> is the optional comment for the new share.\n"
72
"\t<acl> is an optional share acl in the format \"DOMAIN%cname:X,DOMAIN%cname:X,....\"\n"
73
"\t<guest_ok=y> if present sets \"guest ok = yes\" on this usershare.\n"
74
"\t\t\"X\" represents a permission and can be any one of the characters f, r or d\n"
75
"\t\twhere \"f\" means full control, \"r\" means read-only, \"d\" means deny access.\n"
76
"\t\tname may be a domain user or group. For local users use the local server name "
77
"instead of \"DOMAIN\"\n"
78
"\t\tThe default acl is \"Everyone:r\" which allows everyone read-only access.\n"
79
"\tAdd -l or --long to print the info on the newly added share.\n",
84
static int net_usershare_delete_usage(struct net_context *c, int argc, const char **argv)
87
"net usershare delete <sharename>\n"
88
"\tdeletes the specified share name for this user.\n");
92
static int net_usershare_info_usage(struct net_context *c, int argc, const char **argv)
95
"net usershare info [-l|--long] [wildcard sharename]\n"
96
"\tPrints out the path, comment and acl elements of shares that match the wildcard.\n"
97
"\tBy default only gives info on shares owned by the current user\n"
98
"\tAdd -l or --long to apply this to all shares\n"
99
"\tOmit the sharename or use a wildcard of '*' to see all shares\n");
103
static int net_usershare_list_usage(struct net_context *c, int argc, const char **argv)
106
"net usershare list [-l|--long] [wildcard sharename]\n"
107
"\tLists the names of all shares that match the wildcard.\n"
108
"\tBy default only lists shares owned by the current user\n"
109
"\tAdd -l or --long to apply this to all shares\n"
110
"\tOmit the sharename or use a wildcard of '*' to see all shares\n");
114
int net_usershare_usage(struct net_context *c, int argc, const char **argv)
116
d_printf("net usershare add <sharename> <path> [<comment>] [<acl>] [<guest_ok=[y|n]>] to "
117
"add or change a user defined share.\n"
118
"net usershare delete <sharename> to delete a user defined share.\n"
119
"net usershare info [-l|--long] [wildcard sharename] to print info about a user defined share.\n"
120
"net usershare list [-l|--long] [wildcard sharename] to list user defined shares.\n"
121
"net usershare help\n"
122
"\nType \"net usershare help <option>\" to get more information on that option\n\n");
124
net_common_flags_usage(c, argc, argv);
128
/***************************************************************************
129
***************************************************************************/
131
static char *get_basepath(TALLOC_CTX *ctx)
133
char *basepath = talloc_strdup(ctx, lp_usershare_path());
138
if ((basepath[0] != '\0') && (basepath[strlen(basepath)-1] == '/')) {
139
basepath[strlen(basepath)-1] = '\0';
144
/***************************************************************************
145
Delete a single userlevel share.
146
***************************************************************************/
148
static int net_usershare_delete(struct net_context *c, int argc, const char **argv)
153
if (argc != 1 || c->display_usage) {
154
return net_usershare_delete_usage(c, argc, argv);
157
if ((sharename = strdup_lower(argv[0])) == NULL) {
158
d_fprintf(stderr, "strdup failed\n");
162
if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
163
d_fprintf(stderr, "net usershare delete: share name %s contains "
164
"invalid characters (any of %s)\n",
165
sharename, INVALID_SHARENAME_CHARS);
166
SAFE_FREE(sharename);
170
us_path = talloc_asprintf(talloc_tos(),
175
SAFE_FREE(sharename);
179
if (unlink(us_path) != 0) {
180
d_fprintf(stderr, "net usershare delete: unable to remove usershare %s. "
182
us_path, strerror(errno));
183
SAFE_FREE(sharename);
186
SAFE_FREE(sharename);
190
/***************************************************************************
191
Data structures to handle a list of usershare files.
192
***************************************************************************/
195
struct file_list *next, *prev;
196
const char *pathname;
199
static struct file_list *flist;
201
/***************************************************************************
202
***************************************************************************/
204
static int get_share_list(TALLOC_CTX *ctx, const char *wcard, bool only_ours)
207
SMB_STRUCT_DIRENT *de;
208
uid_t myuid = geteuid();
209
struct file_list *fl = NULL;
210
char *basepath = get_basepath(ctx);
215
dp = sys_opendir(basepath);
217
d_fprintf(stderr, "get_share_list: cannot open usershare directory %s. Error %s\n",
218
basepath, strerror(errno) );
222
while((de = sys_readdir(dp)) != 0) {
223
SMB_STRUCT_STAT sbuf;
225
const char *n = de->d_name;
227
/* Ignore . and .. */
229
if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
234
if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
235
d_fprintf(stderr, "get_share_list: ignoring bad share name %s\n",n);
238
path = talloc_asprintf(ctx,
247
if (sys_lstat(path, &sbuf) != 0) {
248
d_fprintf(stderr, "get_share_list: can't lstat file %s. Error was %s\n",
249
path, strerror(errno) );
253
if (!S_ISREG(sbuf.st_mode)) {
254
d_fprintf(stderr, "get_share_list: file %s is not a regular file. Ignoring.\n",
259
if (only_ours && sbuf.st_uid != myuid) {
263
if (!unix_wild_match(wcard, n)) {
267
/* (Finally) - add to list. */
268
fl = TALLOC_P(ctx, struct file_list);
273
fl->pathname = talloc_strdup(ctx, n);
279
DLIST_ADD(flist, fl);
286
enum us_priv_op { US_LIST_OP, US_INFO_OP};
288
struct us_priv_info {
291
struct net_context *c;
294
/***************************************************************************
295
Call a function for every share on the list.
296
***************************************************************************/
298
static int process_share_list(int (*fn)(struct file_list *, void *), void *priv)
300
struct file_list *fl;
303
for (fl = flist; fl; fl = fl->next) {
304
ret = (*fn)(fl, priv);
310
/***************************************************************************
312
***************************************************************************/
314
static int info_fn(struct file_list *fl, void *priv)
316
SMB_STRUCT_STAT sbuf;
318
struct us_priv_info *pi = (struct us_priv_info *)priv;
319
TALLOC_CTX *ctx = pi->ctx;
320
struct net_context *c = pi->c;
323
SEC_DESC *psd = NULL;
325
char *sharepath = NULL;
326
char *comment = NULL;
330
enum usershare_err us_err;
331
bool guest_ok = false;
333
sep_str[0] = *lp_winbind_separator();
336
basepath = get_basepath(ctx);
340
basepath = talloc_asprintf_append(basepath,
348
fd = sys_open(basepath, O_RDONLY|O_NOFOLLOW, 0);
350
fd = sys_open(basepath, O_RDONLY, 0);
354
d_fprintf(stderr, "info_fn: unable to open %s. %s\n",
355
basepath, strerror(errno) );
360
if (sys_fstat(fd, &sbuf) != 0) {
361
d_fprintf(stderr, "info_fn: can't fstat file %s. Error was %s\n",
362
basepath, strerror(errno) );
367
if (!S_ISREG(sbuf.st_mode)) {
368
d_fprintf(stderr, "info_fn: file %s is not a regular file. Ignoring.\n",
374
lines = fd_lines_load(fd, &numlines, 10240, NULL);
381
/* Ensure it's well formed. */
382
us_err = parse_usershare_file(ctx, &sbuf, fl->pathname, -1, lines, numlines,
390
if (us_err != USERSHARE_OK) {
391
d_fprintf(stderr, "info_fn: file %s is not a well formed usershare file.\n",
393
d_fprintf(stderr, "info_fn: Error was %s.\n",
394
get_us_error_code(us_err) );
398
acl_str = talloc_strdup(ctx, "usershare_acl=");
403
for (num_aces = 0; num_aces < psd->dacl->num_aces; num_aces++) {
408
ntstatus = net_lookup_name_from_sid(c, ctx,
409
&psd->dacl->aces[num_aces].trustee,
412
if (NT_STATUS_IS_OK(ntstatus)) {
413
if (domain && *domain) {
414
acl_str = talloc_asprintf_append(acl_str,
422
acl_str = talloc_asprintf_append(acl_str,
431
sid_to_fstring(sidstr,
432
&psd->dacl->aces[num_aces].trustee);
433
acl_str = talloc_asprintf_append(acl_str,
440
acl_str = talloc_asprintf_append(acl_str, ":");
445
if (psd->dacl->aces[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) {
446
acl_str = talloc_asprintf_append(acl_str, "D,");
451
if (psd->dacl->aces[num_aces].access_mask & GENERIC_ALL_ACCESS) {
452
acl_str = talloc_asprintf_append(acl_str, "F,");
454
acl_str = talloc_asprintf_append(acl_str, "R,");
462
if (pi->op == US_INFO_OP) {
463
d_printf("[%s]\n", fl->pathname );
464
d_printf("path=%s\n", sharepath );
465
d_printf("comment=%s\n", comment);
466
d_printf("%s\n", acl_str);
467
d_printf("guest_ok=%c\n\n", guest_ok ? 'y' : 'n');
468
} else if (pi->op == US_LIST_OP) {
469
d_printf("%s\n", fl->pathname);
475
/***************************************************************************
476
Print out info (internal detail) on userlevel shares.
477
***************************************************************************/
479
static int net_usershare_info(struct net_context *c, int argc, const char **argv)
482
bool only_ours = true;
484
struct us_priv_info pi;
489
if (c->display_usage)
490
return net_usershare_info_usage(c, argc, argv);
492
if (c->opt_long_list_entries) {
500
fstrcpy(wcard, argv[0]);
503
return net_usershare_info_usage(c, argc, argv);
508
ctx = talloc_init("share_info");
509
ret = get_share_list(ctx, wcard, only_ours);
518
ret = process_share_list(info_fn, &pi);
523
/***************************************************************************
524
Count the current total number of usershares.
525
***************************************************************************/
527
static int count_num_usershares(void)
530
SMB_STRUCT_DIRENT *de;
531
int num_usershares = 0;
532
TALLOC_CTX *ctx = talloc_tos();
533
char *basepath = get_basepath(ctx);
539
dp = sys_opendir(basepath);
541
d_fprintf(stderr, "count_num_usershares: cannot open usershare directory %s. Error %s\n",
542
basepath, strerror(errno) );
546
while((de = sys_readdir(dp)) != 0) {
547
SMB_STRUCT_STAT sbuf;
549
const char *n = de->d_name;
551
/* Ignore . and .. */
553
if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
558
if (!validate_net_name(n, INVALID_SHARENAME_CHARS, strlen(n))) {
559
d_fprintf(stderr, "count_num_usershares: ignoring bad share name %s\n",n);
562
path = talloc_asprintf(ctx,
571
if (sys_lstat(path, &sbuf) != 0) {
572
d_fprintf(stderr, "count_num_usershares: can't lstat file %s. Error was %s\n",
573
path, strerror(errno) );
577
if (!S_ISREG(sbuf.st_mode)) {
578
d_fprintf(stderr, "count_num_usershares: file %s is not a regular file. Ignoring.\n",
586
return num_usershares;
589
/***************************************************************************
590
Add a single userlevel share.
591
***************************************************************************/
593
static int net_usershare_add(struct net_context *c, int argc, const char **argv)
595
TALLOC_CTX *ctx = talloc_stackframe();
596
SMB_STRUCT_STAT sbuf;
597
SMB_STRUCT_STAT lsbuf;
602
const char *us_comment;
611
uid_t myeuid = geteuid();
612
bool guest_ok = false;
616
arg_acl = "S-1-1-0:R";
618
if (c->display_usage)
619
return net_usershare_add_usage(c, argc, argv);
625
return net_usershare_add_usage(c, argc, argv);
627
sharename = strdup_lower(argv[0]);
631
sharename = strdup_lower(argv[0]);
633
us_comment = argv[2];
636
sharename = strdup_lower(argv[0]);
638
us_comment = argv[2];
642
sharename = strdup_lower(argv[0]);
644
us_comment = argv[2];
646
if (strlen(arg_acl) == 0) {
647
arg_acl = "S-1-1-0:R";
649
if (!strnequal(argv[4], "guest_ok=", 9)) {
651
return net_usershare_add_usage(c, argc, argv);
653
switch (argv[4][9]) {
664
return net_usershare_add_usage(c, argc, argv);
669
/* Ensure we're under the "usershare max shares" number. Advisory only. */
670
num_usershares = count_num_usershares();
671
if (num_usershares >= lp_usershare_max_shares()) {
672
d_fprintf(stderr, "net usershare add: maximum number of allowed usershares (%d) reached\n",
673
lp_usershare_max_shares() );
675
SAFE_FREE(sharename);
679
if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
680
d_fprintf(stderr, "net usershare add: share name %s contains "
681
"invalid characters (any of %s)\n",
682
sharename, INVALID_SHARENAME_CHARS);
684
SAFE_FREE(sharename);
688
/* Disallow shares the same as users. */
689
if (getpwnam(sharename)) {
690
d_fprintf(stderr, "net usershare add: share name %s is already a valid system user name\n",
693
SAFE_FREE(sharename);
697
/* Construct the full path for the usershare file. */
698
full_path = get_basepath(ctx);
701
SAFE_FREE(sharename);
704
full_path_tmp = talloc_asprintf(ctx,
707
if (!full_path_tmp) {
709
SAFE_FREE(sharename);
713
full_path = talloc_asprintf_append(full_path,
718
SAFE_FREE(sharename);
722
/* The path *must* be absolute. */
723
if (us_path[0] != '/') {
724
d_fprintf(stderr,"net usershare add: path %s is not an absolute path.\n",
727
SAFE_FREE(sharename);
731
/* Check the directory to be shared exists. */
732
if (sys_stat(us_path, &sbuf) != 0) {
733
d_fprintf(stderr, "net usershare add: cannot stat path %s to ensure "
734
"this is a directory. Error was %s\n",
735
us_path, strerror(errno) );
737
SAFE_FREE(sharename);
741
if (!S_ISDIR(sbuf.st_mode)) {
742
d_fprintf(stderr, "net usershare add: path %s is not a directory.\n",
745
SAFE_FREE(sharename);
749
/* If we're not root, check if we're restricted to sharing out directories
752
if ((myeuid != 0) && lp_usershare_owner_only() && (myeuid != sbuf.st_uid)) {
753
d_fprintf(stderr, "net usershare add: cannot share path %s as "
754
"we are restricted to only sharing directories we own.\n"
755
"\tAsk the administrator to add the line \"usershare owner only = false\" \n"
756
"\tto the [global] section of the smb.conf to allow this.\n",
759
SAFE_FREE(sharename);
763
/* No validation needed on comment. Now go through and validate the
764
acl string. Convert names to SID's as needed. Then run it through
765
parse_usershare_acl to ensure it's valid. */
767
/* Start off the string we'll append to. */
768
us_acl = talloc_strdup(ctx, "");
777
/* Add the number of ',' characters to get the number of aces. */
778
num_aces += count_chars(pacl,',');
780
for (i = 0; i < num_aces; i++) {
782
const char *pcolon = strchr_m(pacl, ':');
785
if (pcolon == NULL) {
786
d_fprintf(stderr, "net usershare add: malformed acl %s (missing ':').\n",
789
SAFE_FREE(sharename);
801
d_fprintf(stderr, "net usershare add: malformed acl %s "
802
"(access control must be 'r', 'f', or 'd')\n",
805
SAFE_FREE(sharename);
809
if (pcolon[2] != ',' && pcolon[2] != '\0') {
810
d_fprintf(stderr, "net usershare add: malformed terminating character for acl %s\n",
813
SAFE_FREE(sharename);
818
if ((name = talloc_strndup(ctx, pacl, pcolon - pacl)) == NULL) {
819
d_fprintf(stderr, "talloc_strndup failed\n");
821
SAFE_FREE(sharename);
824
if (!string_to_sid(&sid, name)) {
825
/* Convert to a SID */
826
NTSTATUS ntstatus = net_lookup_sid_from_name(c, ctx, name, &sid);
827
if (!NT_STATUS_IS_OK(ntstatus)) {
828
d_fprintf(stderr, "net usershare add: cannot convert name \"%s\" to a SID. %s.",
829
name, get_friendly_nt_error_msg(ntstatus) );
830
if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_CONNECTION_REFUSED)) {
831
d_fprintf(stderr, " Maybe smbd is not running.\n");
833
d_fprintf(stderr, "\n");
836
SAFE_FREE(sharename);
840
us_acl = talloc_asprintf_append(
841
us_acl, "%s:%c,", sid_string_tos(&sid), pcolon[1]);
843
/* Move to the next ACL entry. */
844
if (pcolon[2] == ',') {
849
/* Remove the last ',' */
850
us_acl[strlen(us_acl)-1] = '\0';
852
if (guest_ok && !lp_usershare_allow_guests()) {
853
d_fprintf(stderr, "net usershare add: guest_ok=y requested "
854
"but the \"usershare allow guests\" parameter is not enabled "
855
"by this server.\n");
857
SAFE_FREE(sharename);
861
/* Create a temporary filename for this share. */
862
tmpfd = smb_mkstemp(full_path_tmp);
865
d_fprintf(stderr, "net usershare add: cannot create tmp file %s\n",
868
SAFE_FREE(sharename);
872
/* Ensure we opened the file we thought we did. */
873
if (sys_lstat(full_path_tmp, &lsbuf) != 0) {
874
d_fprintf(stderr, "net usershare add: cannot lstat tmp file %s\n",
877
SAFE_FREE(sharename);
881
/* Check this is the same as the file we opened. */
882
if (sys_fstat(tmpfd, &sbuf) != 0) {
883
d_fprintf(stderr, "net usershare add: cannot fstat tmp file %s\n",
886
SAFE_FREE(sharename);
890
if (!S_ISREG(sbuf.st_mode) || sbuf.st_dev != lsbuf.st_dev || sbuf.st_ino != lsbuf.st_ino) {
891
d_fprintf(stderr, "net usershare add: tmp file %s is not a regular file ?\n",
894
SAFE_FREE(sharename);
898
if (fchmod(tmpfd, 0644) == -1) {
899
d_fprintf(stderr, "net usershare add: failed to fchmod tmp file %s to 0644n",
902
SAFE_FREE(sharename);
906
/* Create the in-memory image of the file. */
907
file_img = talloc_strdup(ctx, "#VERSION 2\npath=");
908
file_img = talloc_asprintf_append(file_img, "%s\ncomment=%s\nusershare_acl=%s\nguest_ok=%c\n",
909
us_path, us_comment, us_acl, guest_ok ? 'y' : 'n');
911
to_write = strlen(file_img);
913
if (write(tmpfd, file_img, to_write) != to_write) {
914
d_fprintf(stderr, "net usershare add: failed to write %u bytes to file %s. Error was %s\n",
915
(unsigned int)to_write, full_path_tmp, strerror(errno));
916
unlink(full_path_tmp);
918
SAFE_FREE(sharename);
922
/* Attempt to replace any existing share by this name. */
923
if (rename(full_path_tmp, full_path) != 0) {
924
unlink(full_path_tmp);
925
d_fprintf(stderr, "net usershare add: failed to add share %s. Error was %s\n",
926
sharename, strerror(errno));
929
SAFE_FREE(sharename);
935
if (c->opt_long_list_entries) {
936
const char *my_argv[2];
937
my_argv[0] = sharename;
939
net_usershare_info(c, 1, my_argv);
942
SAFE_FREE(sharename);
948
/***************************************************************************
950
***************************************************************************/
952
static int list_fn(struct file_list *fl, void *priv)
954
d_printf("%s\n", fl->pathname);
959
/***************************************************************************
960
List userlevel shares.
961
***************************************************************************/
963
static int net_usershare_list(struct net_context *c, int argc,
967
bool only_ours = true;
969
struct us_priv_info pi;
974
if (c->display_usage)
975
return net_usershare_list_usage(c, argc, argv);
977
if (c->opt_long_list_entries) {
985
fstrcpy(wcard, argv[0]);
988
return net_usershare_list_usage(c, argc, argv);
993
ctx = talloc_init("share_list");
994
ret = get_share_list(ctx, wcard, only_ours);
1003
ret = process_share_list(info_fn, &pi);
1004
talloc_destroy(ctx);
1008
/***************************************************************************
1009
Entry-point for all the USERSHARE functions.
1010
***************************************************************************/
1012
int net_usershare(struct net_context *c, int argc, const char **argv)
1016
struct functable func[] = {
1020
NET_TRANSPORT_LOCAL,
1021
"Add/modify user defined share",
1022
"net usershare add\n"
1023
" Add/modify user defined share"
1027
net_usershare_delete,
1028
NET_TRANSPORT_LOCAL,
1029
"Delete user defined share",
1030
"net usershare delete\n"
1031
" Delete user defined share"
1036
NET_TRANSPORT_LOCAL,
1037
"Display information about a user defined share",
1038
"net usershare info\n"
1039
" Display information about a user defined share"
1044
NET_TRANSPORT_LOCAL,
1045
"List user defined shares",
1046
"net usershare list\n"
1047
" List user defined shares"
1049
{NULL, NULL, 0, NULL, NULL}
1052
if (lp_usershare_max_shares() == 0) {
1053
d_fprintf(stderr, "net usershare: usershares are currently disabled\n");
1057
dp = sys_opendir(lp_usershare_path());
1060
d_fprintf(stderr, "net usershare: cannot open usershare directory %s. Error %s\n",
1061
lp_usershare_path(), strerror(err) );
1062
if (err == EACCES) {
1063
d_fprintf(stderr, "You do not have permission to create a usershare. Ask your "
1064
"administrator to grant you permissions to create a share.\n");
1065
} else if (err == ENOENT) {
1066
d_fprintf(stderr, "Please ask your system administrator to "
1067
"enable user sharing.\n");
1073
return net_run_function(c, argc, argv, "net usershare", func);