[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Sep 11 21:17:06 UTC 2019
The branch, master has been updated
via 35cd91ee4d8 smbd: remove unused current_user.{need,done}_chdir stacking
via e9256b306ec smbd: inline change_to_user_internal() into change_to_user_and_service()
via 5da24aa18e9 smbd: rename [un]become_user*() to [un]become_user_without_service*()
via 15699475d60 smbd: remove directory changing from become_user*()
via b6cf33015de smbd: inline change_to_user_and_service() into become_user()
via 5a736db046d smbd: inline change_to_user_by_session()
via 1d6fe10ec62 smbd: README.Coding fixes
via 1f4ec344477 smbd: rename change_to_user_by_fsp() to change_to_user_and_service_by_fsp()
via d836f4a7d6f smbd: rename change_to_user() to change_to_user_and_service()
via ae3cfa5da9e smbd: Enhance debugging if chdir fails
via 219a189c999 lib: Add "utok_string"
from c7167e7a829 s3: VFS: Complete the replacement of SMB_VFS_MKDIR() -> SMB_VFS_MKDIRAT().
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 35cd91ee4d8fcd1034787882fb2e2e2ab9f8bd34
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 16 14:20:33 2019 +0200
smbd: remove unused current_user.{need,done}_chdir stacking
All become_*()/unbecome_*() functions don't alter the working
directory. Only change_to_user_and_service*() does.
Pair-Programmed-With: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 11 21:16:57 UTC 2019 on sn-devel-184
commit e9256b306ecd4299aa96b27d81800382414572a9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 16 14:11:22 2019 +0200
smbd: inline change_to_user_internal() into change_to_user_and_service()
There was only one caller left.
Pair-Programmed-With: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5da24aa18e9c0ff6f2852b5421945111ef5c6b2b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 19 11:14:13 2019 +0200
smbd: rename [un]become_user*() to [un]become_user_without_service*()
We should make the behavior change (that gives up some protection)
more obvious, by changing the function names.
At least some OEMs have patches relying on the 4.9/4.10 behaviour
and we want them to detect that they have to do more work when they
need to change directories.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 15699475d6031dd0ed5cd24e9915c574b35a233b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 16 14:06:09 2019 +0200
smbd: remove directory changing from become_user*()
This was the behavior in versions before 4.9 and
it is hopefully not required by current callers of
become_user*().
Pair-Programmed-With: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b6cf33015de596cd4295d24da4cfcee6c437e3aa
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 16 14:03:57 2019 +0200
smbd: inline change_to_user_and_service() into become_user()
In the next commit we'll drop the _and_service() part.
Pair-Programmed-With: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5a736db046d1922e2b7ad13baf38c42b46f2115d
Author: Ralph Boehme <slow at samba.org>
Date: Sat Jul 13 16:38:02 2019 +0200
smbd: inline change_to_user_by_session()
Prepares for removing changing cwd from become_user*() in a subsequent commit.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1d6fe10ec62d447b004c0e691deb0f970268bad9
Author: Ralph Boehme <slow at samba.org>
Date: Sat Jul 13 16:10:53 2019 +0200
smbd: README.Coding fixes
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1f4ec34447704dc02f08fc4f53ca988571d4769c
Author: Ralph Boehme <slow at samba.org>
Date: Sat Jul 13 16:20:11 2019 +0200
smbd: rename change_to_user_by_fsp() to change_to_user_and_service_by_fsp()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d836f4a7d6ffbd3719a8be8141b7a186648556dd
Author: Ralph Boehme <slow at samba.org>
Date: Sat Jul 13 16:17:17 2019 +0200
smbd: rename change_to_user() to change_to_user_and_service()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ae3cfa5da9e86a4f379df7bba8e45ef31a28bc4d
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 9 17:24:57 2019 +0100
smbd: Enhance debugging if chdir fails
This helps admins to figure out which user has a problem
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 219a189c9993893149c9beef90a9d626ee0f3fa7
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 9 17:04:34 2019 +0100
lib: Add "utok_string"
A terse, one-line unix token representation for debugging purposes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 1 +
source3/include/smb.h | 2 -
source3/include/vfs.h | 3 +
source3/lib/util.c | 29 ++++++
source3/modules/vfs_aio_pthread.c | 2 +-
source3/modules/vfs_btrfs.c | 6 +-
source3/modules/vfs_default.c | 10 +--
source3/printing/nt_printing.c | 12 +--
source3/rpc_server/fss/srv_fss_agent.c | 16 ++--
source3/smbd/blocking.c | 2 +-
source3/smbd/close.c | 8 +-
source3/smbd/dosmode.c | 2 +-
source3/smbd/globals.h | 2 -
source3/smbd/process.c | 2 +-
source3/smbd/proto.h | 12 +--
source3/smbd/service.c | 44 +++++++--
source3/smbd/smb2_lock.c | 2 +-
source3/smbd/smb2_query_directory.c | 4 +-
source3/smbd/smb2_server.c | 2 +-
source3/smbd/smb2_setinfo.c | 4 +-
source3/smbd/uid.c | 157 ++++++++++++++++-----------------
source3/smbd/vfs.c | 4 +-
source3/utils/net_vfs.c | 6 +-
23 files changed, 193 insertions(+), 139 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 7bf921f3476..0d02f38fc8b 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -423,6 +423,7 @@ bool map_open_params_to_ntcreate(const char *smb_base_fname,
uint32_t *pprivate_flags);
struct security_unix_token *copy_unix_token(TALLOC_CTX *ctx, const struct security_unix_token *tok);
struct security_unix_token *root_unix_token(TALLOC_CTX *mem_ctx);
+char *utok_string(TALLOC_CTX *mem_ctx, const struct security_unix_token *tok);
bool dir_check_ftype(uint32_t mode, uint32_t dirtype);
/* The following definitions come from lib/util_builtin.c */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 41c27806489..012ed485494 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -152,8 +152,6 @@ struct sys_notify_context {
struct current_user {
struct connection_struct *conn;
uint64_t vuid; /* SMB2 compat */
- bool need_chdir;
- bool done_chdir;
struct security_unix_token ut;
struct security_token *nt_user_token;
};
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index d164e91e886..3b024355168 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -278,6 +278,9 @@
/* Version 42 - Move SMB_VFS_READLINK -> SMB_VFS_READLINKAT. */
/* Version 42 - Move SMB_VFS_SYMLINK -> SMB_VFS_SYMLINKAT. */
/* Version 42 - Move SMB_VFS_MKDIR -> SMB_VFS_MKDIRAT. */
+/* Version 42 - Move change_to_user() -> change_to_user_and_service() */
+/* Version 42 - Move change_to_user_by_fsp() -> change_to_user_and_service_by_fsp() */
+/* Version 42 - Move [un]become_user*() -> [un]become_user_without_service*() */
#define SMB_VFS_INTERFACE_VERSION 42
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 7530ea67973..8bafcbb83d7 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2173,6 +2173,35 @@ struct security_unix_token *root_unix_token(TALLOC_CTX *mem_ctx)
return t;
}
+char *utok_string(TALLOC_CTX *mem_ctx, const struct security_unix_token *tok)
+{
+ char *str;
+ uint32_t i;
+
+ str = talloc_asprintf(
+ mem_ctx,
+ "uid=%ju, gid=%ju, %"PRIu32" groups:",
+ (uintmax_t)(tok->uid),
+ (uintmax_t)(tok->gid),
+ tok->ngroups);
+ if (str == NULL) {
+ return NULL;
+ }
+
+ for (i=0; i<tok->ngroups; i++) {
+ char *tmp;
+ tmp = talloc_asprintf_append_buffer(
+ str, " %ju", (uintmax_t)tok->groups[i]);
+ if (tmp == NULL) {
+ TALLOC_FREE(str);
+ return NULL;
+ }
+ str = tmp;
+ }
+
+ return str;
+}
+
/****************************************************************************
Check that a file matches a particular file type.
****************************************************************************/
diff --git a/source3/modules/vfs_aio_pthread.c b/source3/modules/vfs_aio_pthread.c
index 577180b6b01..a7d97223dbd 100644
--- a/source3/modules/vfs_aio_pthread.c
+++ b/source3/modules/vfs_aio_pthread.c
@@ -105,7 +105,7 @@ static void aio_open_handle_completion(struct tevent_req *subreq)
/*
* Make sure we run as the user again
*/
- ok = change_to_user(opd->conn, opd->conn->vuid);
+ ok = change_to_user_and_service(opd->conn, opd->conn->vuid);
if (!ok) {
smb_panic("Can't change to user");
return;
diff --git a/source3/modules/vfs_btrfs.c b/source3/modules/vfs_btrfs.c
index a11cb66d8e7..f478d3fac68 100644
--- a/source3/modules/vfs_btrfs.c
+++ b/source3/modules/vfs_btrfs.c
@@ -214,7 +214,7 @@ static void btrfs_offload_write_cleanup(struct tevent_req *req,
return;
}
- ok = unbecome_user();
+ ok = unbecome_user_without_service();
SMB_ASSERT(ok);
state->need_unbecome_user = false;
}
@@ -311,7 +311,7 @@ static struct tevent_req *btrfs_offload_write_send(struct vfs_handle_struct *han
return tevent_req_post(req, ev);
}
- ok = become_user_by_fsp(src_fsp);
+ ok = become_user_without_service_by_fsp(src_fsp);
if (!ok) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return tevent_req_post(req, ev);
@@ -342,7 +342,7 @@ static struct tevent_req *btrfs_offload_write_send(struct vfs_handle_struct *han
}
}
- ok = unbecome_user();
+ ok = unbecome_user_without_service();
SMB_ASSERT(ok);
state->need_unbecome_user = false;
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 4cca80ea397..f48a590e5e7 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1790,7 +1790,7 @@ static void vfswrap_offload_write_cleanup(struct tevent_req *req,
return;
}
- ok = change_to_user_by_fsp(state->dst_fsp);
+ ok = change_to_user_and_service_by_fsp(state->dst_fsp);
SMB_ASSERT(ok);
state->dst_fsp = NULL;
}
@@ -1906,7 +1906,7 @@ static struct tevent_req *vfswrap_offload_write_send(
return tevent_req_post(req, ev);
}
- ok = change_to_user_by_fsp(src_fsp);
+ ok = change_to_user_and_service_by_fsp(src_fsp);
if (!ok) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return tevent_req_post(req, ev);
@@ -2021,7 +2021,7 @@ static void vfswrap_offload_write_read_done(struct tevent_req *subreq)
state->src_off += nread;
- ok = change_to_user_by_fsp(state->dst_fsp);
+ ok = change_to_user_and_service_by_fsp(state->dst_fsp);
if (!ok) {
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
return;
@@ -2092,7 +2092,7 @@ static void vfswrap_offload_write_write_done(struct tevent_req *subreq)
return;
}
- ok = change_to_user_by_fsp(state->src_fsp);
+ ok = change_to_user_and_service_by_fsp(state->src_fsp);
if (!ok) {
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
return;
@@ -3253,7 +3253,7 @@ static void vfswrap_getxattrat_done(struct tevent_req *subreq)
/*
* Make sure we run as the user again
*/
- ok = change_to_user_by_fsp(state->dir_fsp);
+ ok = change_to_user_and_service_by_fsp(state->dir_fsp);
SMB_ASSERT(ok);
ret = pthreadpool_tevent_job_recv(subreq);
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index fdd91454acd..89405f1c8ee 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -1071,7 +1071,7 @@ static uint32_t get_correct_cversion(const struct auth_session_info *session_inf
goto error_free_conn;
}
- if (!become_user_by_session(conn, session_info)) {
+ if (!become_user_without_service_by_session(conn, session_info)) {
DEBUG(0, ("failed to become user\n"));
*perr = WERR_ACCESS_DENIED;
goto error_free_conn;
@@ -1167,7 +1167,7 @@ static uint32_t get_correct_cversion(const struct auth_session_info *session_inf
*perr = WERR_OK;
error_exit:
- unbecome_user();
+ unbecome_user_without_service();
error_free_conn:
if (fsp != NULL) {
close_file(NULL, fsp, NORMAL_CLOSE);
@@ -1546,7 +1546,7 @@ WERROR move_driver_to_download_area(const struct auth_session_info *session_info
goto err_free_conn;
}
- if (!become_user_by_session(conn, session_info)) {
+ if (!become_user_without_service_by_session(conn, session_info)) {
DEBUG(0, ("failed to become user\n"));
err = WERR_ACCESS_DENIED;
goto err_free_conn;
@@ -1691,7 +1691,7 @@ WERROR move_driver_to_download_area(const struct auth_session_info *session_info
err = WERR_OK;
err_exit:
- unbecome_user();
+ unbecome_user_without_service();
err_free_conn:
TALLOC_FREE(frame);
return err;
@@ -2087,7 +2087,7 @@ bool delete_driver_files(const struct auth_session_info *session_info,
goto err_free_conn;
}
- if (!become_user_by_session(conn, session_info)) {
+ if (!become_user_without_service_by_session(conn, session_info)) {
DEBUG(0, ("failed to become user\n"));
ret = false;
goto err_free_conn;
@@ -2139,7 +2139,7 @@ bool delete_driver_files(const struct auth_session_info *session_info,
ret = true;
err_out:
- unbecome_user();
+ unbecome_user_without_service();
err_free_conn:
TALLOC_FREE(frame);
return ret;
diff --git a/source3/rpc_server/fss/srv_fss_agent.c b/source3/rpc_server/fss/srv_fss_agent.c
index 03c2668171b..13b4806e6a2 100644
--- a/source3/rpc_server/fss/srv_fss_agent.c
+++ b/source3/rpc_server/fss/srv_fss_agent.c
@@ -766,14 +766,14 @@ uint32_t _fss_AddToShadowCopySet(struct pipes_struct *p,
ret = HRES_ERROR_V(HRES_E_ACCESSDENIED);
goto err_tmp_free;
}
- if (!become_user_by_session(conn, p->session_info)) {
+ if (!become_user_without_service_by_session(conn, p->session_info)) {
DEBUG(0, ("failed to become user\n"));
ret = HRES_ERROR_V(HRES_E_ACCESSDENIED);
goto err_tmp_free;
}
status = SMB_VFS_SNAP_CHECK_PATH(conn, frame, path_name, &base_vol);
- unbecome_user();
+ unbecome_user_without_service();
if (!NT_STATUS_IS_OK(status)) {
ret = FSRVP_E_NOT_SUPPORTED;
goto err_tmp_free;
@@ -893,7 +893,7 @@ static NTSTATUS commit_sc_with_conn(TALLOC_CTX *mem_ctx,
return status;
}
- if (!become_user_by_session(conn, session_info)) {
+ if (!become_user_without_service_by_session(conn, session_info)) {
DEBUG(0, ("failed to become user\n"));
TALLOC_FREE(frame);
return NT_STATUS_ACCESS_DENIED;
@@ -903,7 +903,7 @@ static NTSTATUS commit_sc_with_conn(TALLOC_CTX *mem_ctx,
sc->volume_name,
&sc->create_ts, rw,
base_path, snap_path);
- unbecome_user();
+ unbecome_user_without_service();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("snap create failed: %s\n", nt_errstr(status)));
TALLOC_FREE(frame);
@@ -1349,7 +1349,7 @@ uint32_t _fss_IsPathSupported(struct pipes_struct *p,
TALLOC_FREE(frame);
return HRES_ERROR_V(HRES_E_ACCESSDENIED);
}
- if (!become_user_by_session(conn, p->session_info)) {
+ if (!become_user_without_service_by_session(conn, p->session_info)) {
DEBUG(0, ("failed to become user\n"));
TALLOC_FREE(frame);
return HRES_ERROR_V(HRES_E_ACCESSDENIED);
@@ -1357,7 +1357,7 @@ uint32_t _fss_IsPathSupported(struct pipes_struct *p,
status = SMB_VFS_SNAP_CHECK_PATH(conn, frame,
lp_path(frame, snum),
&base_vol);
- unbecome_user();
+ unbecome_user_without_service();
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return FSRVP_E_NOT_SUPPORTED;
@@ -1628,7 +1628,7 @@ uint32_t _fss_DeleteShareMapping(struct pipes_struct *p,
if (!NT_STATUS_IS_OK(status)) {
goto err_tmp_free;
}
- if (!become_user_by_session(conn, p->session_info)) {
+ if (!become_user_without_service_by_session(conn, p->session_info)) {
DEBUG(0, ("failed to become user\n"));
status = NT_STATUS_ACCESS_DENIED;
goto err_tmp_free;
@@ -1636,7 +1636,7 @@ uint32_t _fss_DeleteShareMapping(struct pipes_struct *p,
status = SMB_VFS_SNAP_DELETE(conn, frame, sc->volume_name,
sc->sc_path);
- unbecome_user();
+ unbecome_user_without_service();
if (!NT_STATUS_IS_OK(status)) {
goto err_tmp_free;
}
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index 94e75a9b405..131c74b69da 100644
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -620,7 +620,7 @@ static void smbd_smb1_do_locks_retry(struct tevent_req *subreq)
/*
* Make sure we run as the user again
*/
- ok = change_to_user_by_fsp(state->fsp);
+ ok = change_to_user_and_service_by_fsp(state->fsp);
if (!ok) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 9786c826439..baae5b736ff 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -338,7 +338,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
* wrote a real delete on close. */
if (get_current_vuid(conn) != fsp->vuid) {
- become_user(conn, fsp->vuid);
+ become_user_without_service(conn, fsp->vuid);
became_user = True;
}
fsp->delete_on_close = true;
@@ -346,7 +346,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
get_current_nttok(conn),
get_current_utok(conn));
if (became_user) {
- unbecome_user();
+ unbecome_user_without_service();
}
}
@@ -1141,7 +1141,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
* wrote a real delete on close. */
if (get_current_vuid(fsp->conn) != fsp->vuid) {
- become_user(fsp->conn, fsp->vuid);
+ become_user_without_service(fsp->conn, fsp->vuid);
became_user = True;
}
send_stat_cache_delete_message(fsp->conn->sconn->msg_ctx,
@@ -1151,7 +1151,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
get_current_utok(fsp->conn));
fsp->delete_on_close = true;
if (became_user) {
- unbecome_user();
+ unbecome_user_without_service();
}
}
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 173b90d2cd0..32a01c271c6 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -866,7 +866,7 @@ static void dos_mode_at_vfs_get_dosmode_done(struct tevent_req *subreq)
/*
* Make sure we run as the user again
*/
- ok = change_to_user_by_fsp(state->dir_fsp);
+ ok = change_to_user_and_service_by_fsp(state->dir_fsp);
SMB_ASSERT(ok);
status = SMB_VFS_GET_DOS_ATTRIBUTES_RECV(subreq,
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index a612a42f63b..8f6ce4b0266 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -89,8 +89,6 @@ extern uint16_t fnf_handle;
struct conn_ctx {
connection_struct *conn;
uint64_t vuid;
- bool need_chdir;
- bool done_chdir;
userdom_struct user_info;
};
/* A stack of current_user connection contexts. */
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index ab3c08b27ae..0e0d45d2af1 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1626,7 +1626,7 @@ static connection_struct *switch_message(uint8_t type, struct smb_request *req)
* change_to_user() implies set_current_user_info()
* and chdir_connect_service().
*/
- if (!change_to_user(conn,session_tag)) {
+ if (!change_to_user_and_service(conn,session_tag)) {
DEBUG(0, ("Error: Could not change to user. Removing "
"deferred open, mid=%llu.\n",
(unsigned long long)req->mid));
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 7efbb80d3e3..5ebee0486e7 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -1189,8 +1189,8 @@ NTSTATUS check_user_share_access(connection_struct *conn,
const struct auth_session_info *session_info,
uint32_t *p_share_access,
bool *p_readonly_share);
-bool change_to_user(connection_struct *conn, uint64_t vuid);
-bool change_to_user_by_fsp(struct files_struct *fsp);
+bool change_to_user_and_service(connection_struct *conn, uint64_t vuid);
+bool change_to_user_and_service_by_fsp(struct files_struct *fsp);
bool smbd_change_to_root_user(void);
bool smbd_become_authenticated_pipe_user(struct auth_session_info *session_info);
bool smbd_unbecome_authenticated_pipe_user(void);
@@ -1198,11 +1198,11 @@ void become_root(void);
void unbecome_root(void);
void smbd_become_root(void);
void smbd_unbecome_root(void);
-bool become_user(connection_struct *conn, uint64_t vuid);
-bool become_user_by_fsp(struct files_struct *fsp);
-bool become_user_by_session(connection_struct *conn,
+bool become_user_without_service(connection_struct *conn, uint64_t vuid);
+bool become_user_without_service_by_fsp(struct files_struct *fsp);
+bool become_user_without_service_by_session(connection_struct *conn,
const struct auth_session_info *session_info);
-bool unbecome_user(void);
+bool unbecome_user_without_service(void);
uid_t get_current_uid(connection_struct *conn);
gid_t get_current_gid(connection_struct *conn);
const struct security_unix_token *get_current_utok(connection_struct *conn);
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 64b638346ae..7e252a459b3 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -152,17 +152,45 @@ bool chdir_current_service(connection_struct *conn)
ret = vfs_ChDir(conn, &connectpath_fname);
if (ret != 0) {
- DEBUG(((errno!=EACCES)?0:3),
- ("chdir (%s) failed, reason: %s\n",
- conn->connectpath, strerror(errno)));
+ int saved_errno = errno;
+
+ if (saved_errno == EACCES) {
+ char *str = utok_string(
+ talloc_tos(),
+ conn->session_info->unix_token);
+ DBG_WARNING("vfs_ChDir(%s) got "
+ "permission denied, current "
+ "token: %s\n",
+ conn->connectpath, str);
+ TALLOC_FREE(str);
+ } else {
+ DBG_ERR("vfs_ChDir(%s) failed: "
+ "%s!\n",
+ conn->connectpath,
+ strerror(saved_errno));
+ }
return false;
}
ret = vfs_ChDir(conn, &origpath_fname);
if (ret != 0) {
- DEBUG(((errno!=EACCES)?0:3),
- ("chdir (%s) failed, reason: %s\n",
- conn->origpath, strerror(errno)));
+ int saved_errno = errno;
+
+ if (saved_errno == EACCES) {
+ char *str = utok_string(
+ talloc_tos(),
+ conn->session_info->unix_token);
+ DBG_WARNING("vfs_ChDir(%s) got "
+ "permission denied, current "
+ "token: %s\n",
+ conn->origpath, str);
+ TALLOC_FREE(str);
+ } else {
+ DBG_ERR("vfs_ChDir(%s) failed: "
+ "%s!\n",
+ conn->origpath,
+ strerror(saved_errno));
+ }
return false;
}
@@ -719,7 +747,7 @@ static NTSTATUS make_connection_snum(struct smbXsrv_connection *xconn,
}
/* USER Activites: */
- if (!change_to_user(conn, conn->vuid)) {
+ if (!change_to_user_and_service(conn, conn->vuid)) {
/* No point continuing if they fail the basic checks */
DEBUG(0,("Can't become connected user!\n"));
status = NT_STATUS_LOGON_FAILURE;
@@ -1134,7 +1162,7 @@ void close_cnum(connection_struct *conn, uint64_t vuid)
/* execute any "postexec = " line */
if (*lp_postexec(talloc_tos(), SNUM(conn)) &&
- change_to_user(conn, vuid)) {
+ change_to_user_and_service(conn, vuid)) {
char *cmd = talloc_sub_advanced(talloc_tos(),
--
Samba Shared Repository
More information about the samba-cvs
mailing list