[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Fri Jan 10 12:12:03 MST 2014 

The branch, master has been updated
       via  24a6876 dfs: always call create_conn_struct with root privileges
      from  0045f3b messaging: Fix a memleak (master only..)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 24a687642de21ce872d25f16b3525003844d05f9
Author: Garming Sam <garming at catalyst.net.nz>
Date:   Thu Dec 19 09:55:44 2013 +1300

    dfs: always call create_conn_struct with root privileges
    
    This fixes a bug in dfs_samba4 identified by Daniel Müller.
    
    create_conn_struct calls SMB_VFS_CONNECT which requires root privileges.
    SMB_VFS_CONNECT in turn calls dfs_samba4_connect which connects to samdb.
    
    Calls were made to this function without ever becoming root (notably via setup_dfs_referral)
    which resulted in an error and the VFS connect failing. This happens when you have an active
    directory domain controller with host msdfs = yes in smb.conf and dfs links in place.
    
    Signed-off-by: Garming Sam <garming at catalyst.net.nz>
    Reviewed-by: Bjoern Baumbach <bb at sernet.de>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Jan 10 20:11:03 CET 2014 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/msdfs.c |   31 ++++++++++++++++++++++++++++++-
 1 files changed, 30 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index aede3e6..53c06dd 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -221,9 +221,11 @@ static NTSTATUS parse_dfs_path(connection_struct *conn,
  Fake up a connection struct for the VFS layer, for use in
  applications (such as the python bindings), that do not want the
  global working directory changed under them.
+
+ SMB_VFS_CONNECT requires root privileges.
 *********************************************************/
 
-NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
+static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
 			    struct tevent_context *ev,
 			    struct messaging_context *msg,
 			    connection_struct **pconn,
@@ -347,6 +349,33 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
 }
 
 /********************************************************
+ Fake up a connection struct for the VFS layer, for use in
+ applications (such as the python bindings), that do not want the
+ global working directory changed under them.
+
+ SMB_VFS_CONNECT requires root privileges.
+*********************************************************/
+
+NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
+			    struct tevent_context *ev,
+			    struct messaging_context *msg,
+			    connection_struct **pconn,
+			    int snum,
+			    const char *path,
+			    const struct auth_session_info *session_info)
+{
+	NTSTATUS status;
+	become_root();
+	status = create_conn_struct_as_root(ctx, ev,
+					    msg, pconn,
+					    snum, path,
+					    session_info);
+	unbecome_root();
+
+	return status;
+}
+
+/********************************************************
  Fake up a connection struct for the VFS layer.
  Note: this performs a vfs connect and CHANGES CWD !!!! JRA.
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list