[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Mon Jan 14 21:31:03 UTC 2019 

The branch, master has been updated
       via  6619cec3dec s3:smbd: perform impersonation in smb2_query_directory_fetch_write_time_done()
       via  c6728403b07 s3:smbd: perform impersonation in smb2_query_directory_dos_mode_done()
       via  75e2e242de8 s3:smbd: perform impersonation in dos_mode_at_vfs_get_dosmode_done()
       via  d21be78ef92 vfs_default: use change_to_user_by_fsp() instead of change_to_user()
       via  0b7c6d50099 vfs: perform impersonation in smb_vfs_call_getxattrat_done()
       via  333a180b6a5 vfs: use struct initializer in smb_vfs_call_getxattrat_send()
       via  2720d95d1fd vfs: perform impersonation in smb_vfs_call_get_dos_attributes_done()
       via  3672f02e476 vfs: use struct initializer in smb_vfs_call_get_dos_attributes_send
      from  792b8d3f833 netcmd: Change domain backup commands to use s3 SMB Py bindings

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6619cec3dec8c8a2116d111aea7e5440875d0fa8
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Jan 14 13:51:23 2019 +0100

    s3:smbd: perform impersonation in smb2_query_directory_fetch_write_time_done()
    
    This is not strictly required, as we ne never trigger additional VFS
    requests via this codepath. But for safety reasons ensure we're running
    in the correct impersonation state.
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Mon Jan 14 22:30:24 CET 2019 on sn-devel-144

commit c6728403b07361a276078a264c576edeebd92abf
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Jan 14 13:51:23 2019 +0100

    s3:smbd: perform impersonation in smb2_query_directory_dos_mode_done()
    
    This is needed as the callback might be called in an arbitrary
    impersonation state.
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 75e2e242de83fc880b91dacdc7622e646b05b1a0
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Jan 14 13:51:23 2019 +0100

    s3:smbd: perform impersonation in dos_mode_at_vfs_get_dosmode_done()
    
    This is needed as the callback might be called in an arbitrary
    impersonation state.
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit d21be78ef9248de70f53eee46fc8e02b3a955436
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Jan 14 13:54:29 2019 +0100

    vfs_default: use change_to_user_by_fsp() instead of change_to_user()
    
    Cosmetic change.
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 0b7c6d500991afebf15c5c6d9bb256ff234076de
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Jan 14 13:51:23 2019 +0100

    vfs: perform impersonation in smb_vfs_call_getxattrat_done()
    
    This is needed as the callback might be called in an arbitrary
    impersonation state.
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 333a180b6a550ae7422c1199a515095c42ff1738
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Jan 14 13:52:51 2019 +0100

    vfs: use struct initializer in smb_vfs_call_getxattrat_send()
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 2720d95d1fd921ae43c881369d10ea6ada499690
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Jan 14 13:51:23 2019 +0100

    vfs: perform impersonation in smb_vfs_call_get_dos_attributes_done()
    
    This is needed as the callback might be called in an arbitrary
    impersonation state.
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 3672f02e4769da244d5c2ba82b46921a88fa9472
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Jan 14 13:50:31 2019 +0100

    vfs: use struct initializer in smb_vfs_call_get_dos_attributes_send
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_default.c       |  8 ++------
 source3/smbd/dosmode.c              |  7 +++++++
 source3/smbd/smb2_query_directory.c | 14 ++++++++++++++
 source3/smbd/vfs.c                  | 28 ++++++++++++++++++++++++++--
 4 files changed, 49 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 8d40cd64540..a27d33a6bea 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -3177,12 +3177,8 @@ static void vfswrap_getxattrat_done(struct tevent_req *subreq)
 	/*
 	 * Make sure we run as the user again
 	 */
-	ok = change_to_user(state->dir_fsp->conn,
-			    state->dir_fsp->vuid);
-	if (!ok) {
-		smb_panic("Can't change to user");
-		return;
-	}
+	ok = change_to_user_by_fsp(state->dir_fsp);
+	SMB_ASSERT(ok);
 
 	ret = pthreadpool_tevent_job_recv(subreq);
 	TALLOC_FREE(subreq);
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 177fe68c894..a4625718a56 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -811,6 +811,13 @@ static void dos_mode_at_vfs_get_dosmode_done(struct tevent_req *subreq)
 	struct smb_filename *smb_path = NULL;
 	struct vfs_aio_state aio_state;
 	NTSTATUS status;
+	bool ok;
+
+	/*
+	 * Make sure we run as the user again
+	 */
+	ok = change_to_user_by_fsp(state->dir_fsp);
+	SMB_ASSERT(ok);
 
 	status = SMB_VFS_GET_DOS_ATTRIBUTES_RECV(subreq,
 						 &aio_state,
diff --git a/source3/smbd/smb2_query_directory.c b/source3/smbd/smb2_query_directory.c
index fdb87188f93..13fb820ce6c 100644
--- a/source3/smbd/smb2_query_directory.c
+++ b/source3/smbd/smb2_query_directory.c
@@ -730,6 +730,13 @@ static void smb2_query_directory_fetch_write_time_done(struct tevent_req *subreq
 	struct smbd_smb2_query_directory_state *state = tevent_req_data(
 		req, struct smbd_smb2_query_directory_state);
 	NTSTATUS status;
+	bool ok;
+
+	/*
+	 * Make sure we run as the user again
+	 */
+	ok = change_to_user_by_fsp(state->fsp);
+	SMB_ASSERT(ok);
 
 	state->async_sharemode_count--;
 
@@ -752,6 +759,13 @@ static void smb2_query_directory_dos_mode_done(struct tevent_req *subreq)
 		tevent_req_data(req,
 		struct smbd_smb2_query_directory_state);
 	NTSTATUS status;
+	bool ok;
+
+	/*
+	 * Make sure we run as the user again
+	 */
+	ok = change_to_user_by_fsp(state->fsp);
+	SMB_ASSERT(ok);
 
 	status = fetch_dos_mode_recv(subreq);
 	TALLOC_FREE(subreq);
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 5e0ca091f7b..d3bb9c5d63f 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -2382,6 +2382,7 @@ NTSTATUS smb_vfs_call_offload_write_recv(struct vfs_handle_struct *handle,
 }
 
 struct smb_vfs_call_get_dos_attributes_state {
+	files_struct *dir_fsp;
 	NTSTATUS (*recv_fn)(struct tevent_req *req,
 			    struct vfs_aio_state *aio_state,
 			    uint32_t *dosmode);
@@ -2409,7 +2410,11 @@ struct tevent_req *smb_vfs_call_get_dos_attributes_send(
 	}
 
 	VFS_FIND(get_dos_attributes_send);
-	state->recv_fn = handle->fns->get_dos_attributes_recv_fn;
+
+	*state = (struct smb_vfs_call_get_dos_attributes_state) {
+		.dir_fsp = dir_fsp,
+		.recv_fn = handle->fns->get_dos_attributes_recv_fn,
+	};
 
 	subreq = handle->fns->get_dos_attributes_send_fn(mem_ctx,
 							 ev,
@@ -2437,6 +2442,13 @@ static void smb_vfs_call_get_dos_attributes_done(struct tevent_req *subreq)
 		tevent_req_data(req,
 		struct smb_vfs_call_get_dos_attributes_state);
 	NTSTATUS status;
+	bool ok;
+
+	/*
+	 * Make sure we run as the user again
+	 */
+	ok = change_to_user_by_fsp(state->dir_fsp);
+	SMB_ASSERT(ok);
 
 	status = state->recv_fn(subreq,
 				&state->aio_state,
@@ -2647,6 +2659,7 @@ ssize_t smb_vfs_call_getxattr(struct vfs_handle_struct *handle,
 
 
 struct smb_vfs_call_getxattrat_state {
+	files_struct *dir_fsp;
 	ssize_t (*recv_fn)(struct tevent_req *req,
 			   struct vfs_aio_state *aio_state,
 			   TALLOC_CTX *mem_ctx,
@@ -2678,7 +2691,11 @@ struct tevent_req *smb_vfs_call_getxattrat_send(
 	}
 
 	VFS_FIND(getxattrat_send);
-	state->recv_fn = handle->fns->getxattrat_recv_fn;
+
+	*state = (struct smb_vfs_call_getxattrat_state) {
+		.dir_fsp = dir_fsp,
+		.recv_fn = handle->fns->getxattrat_recv_fn,
+	};
 
 	subreq = handle->fns->getxattrat_send_fn(mem_ctx,
 						 ev,
@@ -2702,6 +2719,13 @@ static void smb_vfs_call_getxattrat_done(struct tevent_req *subreq)
 		subreq, struct tevent_req);
 	struct smb_vfs_call_getxattrat_state *state = tevent_req_data(
 		req, struct smb_vfs_call_getxattrat_state);
+	bool ok;
+
+	/*
+	 * Make sure we run as the user again
+	 */
+	ok = change_to_user_by_fsp(state->dir_fsp);
+	SMB_ASSERT(ok);
 
 	state->retval = state->recv_fn(subreq,
 				       &state->aio_state,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list