[SCM] Samba Shared Repository - branch v3-4-test updated
Karolin Seeger
kseeger at samba.org
Thu Feb 18 02:22:36 MST 2010
The branch, v3-4-test has been updated
via 2eb3385... Fix bug #6557 - Do not work VFS full_audit
from 05e26ad... WHATSNEW: Update changes since 3.4.5.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit 2eb33851a753cbd5594d44243802388cff5ae152
Author: Jeremy Allison <jra at samba.org>
Date: Wed Feb 17 10:46:42 2010 -0800
Fix bug #6557 - Do not work VFS full_audit
Re-arrange the operations order so SMB_VFS_CONNECT is done
first as root (to allow modules to correctly initialize themselves).
Reviewed modules to check if they needed CONNECT invoked as
a user (which we previously did) and it turns out any of them
that cared needed root permissions anyway.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/service.c | 34 ++++++++++++++++------------------
1 files changed, 16 insertions(+), 18 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 6248f5d..8490f17 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -649,7 +649,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
fstring dev;
int ret;
char addr[INET6_ADDRSTRLEN];
- bool on_err_call_dis_hook = false;
NTSTATUS status;
fstrcpy(dev, pdev);
@@ -887,6 +886,18 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
return NULL;
}
+ /* Invoke VFS make connection hook - must be the first
+ VFS operation we do. */
+
+ if (SMB_VFS_CONNECT(conn, lp_servicename(snum),
+ conn->server_info->unix_name) < 0) {
+ DEBUG(0,("make_connection: VFS make connection failed!\n"));
+ yield_connection(conn, lp_servicename(snum));
+ conn_free(conn);
+ *pstatus = NT_STATUS_UNSUCCESSFUL;
+ return NULL;
+ }
+
/*
* Fix compatibility issue pointed out by Volker.
* We pass the conn->connectpath to the preexec
@@ -917,6 +928,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
if (ret != 0 && lp_rootpreexec_close(snum)) {
DEBUG(1,("root preexec gave %d - failing "
"connection\n", ret));
+ SMB_VFS_DISCONNECT(conn);
yield_connection(conn, lp_servicename(snum));
conn_free(conn);
*pstatus = NT_STATUS_ACCESS_DENIED;
@@ -928,6 +940,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
if (!change_to_user(conn, conn->vuid)) {
/* No point continuing if they fail the basic checks */
DEBUG(0,("Can't become connected user!\n"));
+ SMB_VFS_DISCONNECT(conn);
yield_connection(conn, lp_servicename(snum));
conn_free(conn);
*pstatus = NT_STATUS_LOGON_FAILURE;
@@ -993,19 +1006,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
lp_aio_write_behind(snum));
}
- /* Invoke VFS make connection hook - do this before the VFS_STAT call
- to allow any filesystems needing user credentials to initialize
- themselves. */
-
- if (SMB_VFS_CONNECT(conn, lp_servicename(snum),
- conn->server_info->unix_name) < 0) {
- DEBUG(0,("make_connection: VFS make connection failed!\n"));
- *pstatus = NT_STATUS_UNSUCCESSFUL;
- goto err_root_exit;
- }
-
- /* Any error exit after here needs to call the disconnect hook. */
- on_err_call_dis_hook = true;
/* win2000 does not check the permissions on the directory
during the tree connect, instead relying on permission
@@ -1078,10 +1078,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
err_root_exit:
change_to_root_user();
- if (on_err_call_dis_hook) {
- /* Call VFS disconnect hook */
- SMB_VFS_DISCONNECT(conn);
- }
+ /* Call VFS disconnect hook */
+ SMB_VFS_DISCONNECT(conn);
yield_connection(conn, lp_servicename(snum));
conn_free(conn);
return NULL;
--
Samba Shared Repository
More information about the samba-cvs
mailing list