[SCM] Samba Shared Repository - branch v4-13-test updated
Karolin Seeger
kseeger at samba.org
Mon Jul 12 11:04:01 UTC 2021
The branch, v4-13-test has been updated
via b01c4526fef s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2().
via a708c9b48a2 mdssvc: avoid direct filesystem access, use the VFS
via 9f4e3da5eec mdssvc: chdir() to the conn of the RPC request
via 7c924449b87 mdssvc: maintain a connection struct in the mds_ctx
via 48b2dc3c5cc smbd: add create_conn_struct_cwd()
via 60e091a153e smbd: pass tevent context to create_conn_struct_as_root()
via 63ff1e37d55 mdssvc: pass messaging context to mds_init_ctx()
via dce4c5ed911 mdssvc: don't fail mds_add_result() if result is not found in CNID set
via 0484804d9f6 mdssvc: use a helper variable in mds_add_result()
via b0746202c20 s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path.
via 0b75c272368 s3: lib: Fix talloc heirarcy error in parent_smb_fname().
from 5d4bbaff8b6 smbd: correctly initialize close timestamp fields
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test
- Log -----------------------------------------------------------------
commit b01c4526fef64ac7458459111d0715434ca3f2a2
Author: Jeremy Allison <jra at samba.org>
Date: Wed May 26 22:41:53 2021 -0700
s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2().
Valgrind trace follows.
==3627798== Invalid read of size 1
==3627798== at 0x483FF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==3627798== by 0x55DE412: strdup (strdup.c:41)
==3627798== by 0x4F4657E: smb_xstrdup (util.c:660)
==3627798== by 0x4C62C2E: vfs_ChDir (vfs.c:988)
==3627798== by 0x4C4A51C: process_symlink_open (open.c:656)
==3627798== by 0x4C4ADE7: non_widelink_open (open.c:862)
==3627798== by 0x4C4AFB7: fd_openat (open.c:918)
==3627798== by 0x4BBE895: openat_pathref_fsp (files.c:506)
==3627798== by 0x4C48A00: filename_convert_internal (filename.c:2027)
==3627798== by 0x4C48B77: filename_convert (filename.c:2067)
==3627798== by 0x4C32408: call_trans2qfilepathinfo (trans2.c:6173)
==3627798== by 0x4C3C5DA: handle_trans2 (trans2.c:10143)
==3627798== Address 0xda8bc90 is 96 bytes inside a block of size 217 free'd
==3627798== at 0x483DA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==3627798== by 0x4FCA3C9: _tc_free_internal (talloc.c:1222)
==3627798== by 0x4FCA481: _talloc_free_internal (talloc.c:1248)
==3627798== by 0x4FCB825: _talloc_free (talloc.c:1792)
==3627798== by 0xDB248DD: store_cwd_data (vfs_shadow_copy2.c:1473)
==3627798== by 0xDB24BEF: shadow_copy2_chdir (vfs_shadow_copy2.c:1542)
==3627798== by 0x4C662A4: smb_vfs_call_chdir (vfs.c:2257)
==3627798== by 0x4C62B48: vfs_ChDir (vfs.c:940)
==3627798== by 0x4C4A51C: process_symlink_open (open.c:656)
==3627798== by 0x4C4ADE7: non_widelink_open (open.c:862)
==3627798== by 0x4C4AFB7: fd_openat (open.c:918)
==3627798== by 0x4BBE895: openat_pathref_fsp (files.c:506)
==3627798== Block was alloc'd at
==3627798== at 0x483C7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==3627798== by 0x4FC9365: __talloc_with_prefix (talloc.c:783)
==3627798== by 0x4FC94FF: __talloc (talloc.c:825)
==3627798== by 0x4FCCFDC: __talloc_strlendup (talloc.c:2454)
==3627798== by 0x4FCD096: talloc_strdup (talloc.c:2470)
==3627798== by 0xDB24977: store_cwd_data (vfs_shadow_copy2.c:1476)
==3627798== by 0xDB24BEF: shadow_copy2_chdir (vfs_shadow_copy2.c:1542)
==3627798== by 0x4C662A4: smb_vfs_call_chdir (vfs.c:2257)
==3627798== by 0x4C62B48: vfs_ChDir (vfs.c:940)
==3627798== by 0x4C4A92D: non_widelink_open (open.c:755)
==3627798== by 0x4C4AFB7: fd_openat (open.c:918)
==3627798== by 0x4BBE895: openat_pathref_fsp (files.c:506)
==3627798==
Even though SMB_VFS_CONNECTPATH() returns a const char,
vfs_shadow_copy2() can free and reallocate this whilst
in use inside process_symlink_open().
Take a copy to make sure we don't reference free'd memory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14721
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 27 17:25:43 UTC 2021 on sn-devel-184
(cherry picked from commit 2f0cfe82907516ecf23cc385d41b8d29ed6b8c96)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-13-test): Mon Jul 12 11:03:04 UTC 2021 on sn-devel-184
commit a708c9b48a212e5ccedf0f34e899bb0d565d77f6
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 10 12:34:32 2021 +0200
mdssvc: avoid direct filesystem access, use the VFS
This ensures mdssvc uses the same FileIDs as the fileserver as well as Spotlight
can be used working on a virtual filesystem like GlusterFS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
RN: Spotlight RPC service doesn't work with vfs_glusterfs
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jun 16 05:59:13 UTC 2021 on sn-devel-184
(backported from commit 620b99144359f45aa69c13731db8d793cfbba197)
[slow at samba.org: use path based VFS functions, not the handle based ones]
commit 9f4e3da5eecfd12ca35d88597b53549109cfbe6c
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jun 15 14:14:52 2021 +0200
mdssvc: chdir() to the conn of the RPC request
In preperation of calling VFS functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 6de3a88494b5932d0fd10f5c8c8ec57916aeefc5)
commit 7c924449b87a980e16a7bf958dc119b7664ff37f
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 10 12:10:08 2021 +0200
mdssvc: maintain a connection struct in the mds_ctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 8b681cfb5d9b1ece03f7e7b9d3a08ae6c461d679)
commit 48b2dc3c5cc31192ff4a63036c9c5624cf199c34
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 28 09:25:22 2021 +0200
smbd: add create_conn_struct_cwd()
Compared to create_conn_struct_tos_cwd() this takes a TALLOC_CTX and
tevent_context as additional arguments and the resulting connection_struct is
stable across the lifetime of mem_ctx and ev.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9a2d6bcfd5797dd4db764921548c8dca6dd0eb21)
commit 60e091a153ee46f7512c30cfc46aa19d564073e0
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jun 15 11:17:57 2021 +0200
smbd: pass tevent context to create_conn_struct_as_root()
The next commit will add another caller of create_conn_struct_as_root() that is
going to pass a long-lived tevent context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 16c39b81d6f2c7d75cfe72bbbe2f6a5bde42c7b0)
commit 63ff1e37d558397c5bb022a6afeb350d7dbbbeea
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 10 12:08:17 2021 +0200
mdssvc: pass messaging context to mds_init_ctx()
This is needed in a subsequent commit. Note that I prefer to do the event
context unwrapping in the caller and pass both the event and messaging context
explicitly to mds_init_ctx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 1ef2828e1025e4c89292df1dfa6161c4453b3afe)
commit dce4c5ed9111f2882e87a369dd6f8b1fb9d5f14c
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 10 11:07:27 2021 +0200
mdssvc: don't fail mds_add_result() if result is not found in CNID set
Just skip adding the result to the pending results set, don't return an
error. Returning an error triggers an error at the MDSSVC RPC error which is NOT
what we want here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 8847f46f75ac5c1a753a0e7da88c522be25ef681)
commit 0484804d9f6a557d1a9e8daf4cdd4f1838de4854
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 10 11:04:38 2021 +0200
mdssvc: use a helper variable in mds_add_result()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e2486d76b611f07b85b26c54fe14da7b76bd01c2)
commit b0746202c206c6fa7c3dfc84691254910f641ab4
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jun 9 12:22:26 2021 -0700
s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path.
Caller is still using this !
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14736
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power<npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Jun 11 10:17:46 UTC 2021 on sn-devel-184
(cherry picked from commit 4f20d310af2bb1f96dea4810a7130492cc4cfc55)
commit 0b75c2723687c3536831175541ae34525c8bb1ab
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 1 13:27:47 2021 -0700
s3: lib: Fix talloc heirarcy error in parent_smb_fname().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14722
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c500d99e2f5aaec102bf952b7941a2596b3e35a1)
-----------------------------------------------------------------------
Summary of changes:
source3/lib/filename_util.c | 2 +-
source3/rpc_server/mdssvc/mdssvc.c | 127 ++++++++++++++++++++++++++----
source3/rpc_server/mdssvc/mdssvc.h | 2 +
source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 1 +
source3/smbd/msdfs.c | 54 +++++++++++--
source3/smbd/open.c | 18 +++--
source3/smbd/proto.h | 8 ++
7 files changed, 185 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/filename_util.c b/source3/lib/filename_util.c
index 418dd20327b..2e90dda32b4 100644
--- a/source3/lib/filename_util.c
+++ b/source3/lib/filename_util.c
@@ -337,7 +337,7 @@ bool parent_smb_fname(TALLOC_CTX *mem_ctx,
}
TALLOC_FREE(name->base_name);
- name->base_name = talloc_strdup(mem_ctx, p);
+ name->base_name = talloc_strdup(name, p);
if (name == NULL) {
TALLOC_FREE(frame);
return false;
diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
index 8e98276d642..2b243d64e99 100644
--- a/source3/rpc_server/mdssvc/mdssvc.c
+++ b/source3/rpc_server/mdssvc/mdssvc.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "smbd/proto.h"
#include "librpc/gen_ndr/auth.h"
#include "dbwrap/dbwrap.h"
#include "lib/util/dlinklist.h"
@@ -26,6 +27,7 @@
#include "lib/util/time_basic.h"
#include "lib/dbwrap/dbwrap_rbt.h"
#include "libcli/security/dom_sid.h"
+#include "libcli/security/security.h"
#include "mdssvc.h"
#include "mdssvc_noindex.h"
#ifdef HAVE_SPOTLIGHT_BACKEND_TRACKER
@@ -512,11 +514,25 @@ static bool inode_map_add(struct sl_query *slq, uint64_t ino, const char *path)
bool mds_add_result(struct sl_query *slq, const char *path)
{
+ struct smb_filename *smb_fname = NULL;
struct stat_ex sb;
+ uint32_t attr;
uint64_t ino64;
int result;
+ NTSTATUS status;
bool ok;
+ smb_fname = synthetic_smb_fname(talloc_tos(),
+ path,
+ NULL,
+ NULL,
+ 0,
+ 0);
+ if (smb_fname == NULL) {
+ DBG_ERR("synthetic_smb_fname() failed\n");
+ return false;
+ }
+
/*
* We're in a tevent callback which means in the case of
* running as external RPC service we're running as root and
@@ -538,33 +554,59 @@ bool mds_add_result(struct sl_query *slq, const char *path)
* any function exit below must ensure we switch back
*/
- result = sys_stat(path, &sb, false);
+ result = SMB_VFS_STAT(slq->mds_ctx->conn, smb_fname);
if (result != 0) {
+ DBG_DEBUG("SMB_VFS_STAT [%s] failed: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ strerror(errno));
unbecome_authenticated_pipe_user();
+ TALLOC_FREE(smb_fname);
return true;
}
- result = access(path, R_OK);
- if (result != 0) {
+
+ status = smbd_check_access_rights(slq->mds_ctx->conn,
+ slq->mds_ctx->conn->cwd_fsp,
+ smb_fname,
+ false,
+ FILE_READ_DATA);
+ if (!NT_STATUS_IS_OK(status)) {
unbecome_authenticated_pipe_user();
+ TALLOC_FREE(smb_fname);
return true;
}
+ /* This is needed to fetch the itime from the DOS attribute blob */
+ status = SMB_VFS_GET_DOS_ATTRIBUTES(slq->mds_ctx->conn,
+ smb_fname,
+ &attr);
+ if (!NT_STATUS_IS_OK(status)) {
+ /* Ignore the error, likely no DOS attr xattr */
+ DBG_DEBUG("SMB_VFS_FGET_DOS_ATTRIBUTES [%s]: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status));
+ }
+
unbecome_authenticated_pipe_user();
- ino64 = sb.st_ex_ino;
+ sb = smb_fname->st;
+ TALLOC_FREE(smb_fname);
+ ino64 = SMB_VFS_FS_FILE_ID(slq->mds_ctx->conn, &sb);
+
if (slq->cnids) {
+ bool found;
+
/*
* Check whether the found element is in the requested
* set of IDs. Note that we're faking CNIDs by using
* filesystem inode numbers here
*/
- ok = bsearch(&ino64,
- slq->cnids,
- slq->cnids_num,
- sizeof(uint64_t),
- cnid_comp_fn);
- if (!ok) {
- return false;
+ found = bsearch(&ino64,
+ slq->cnids,
+ slq->cnids_num,
+ sizeof(uint64_t),
+ cnid_comp_fn);
+ if (!found) {
+ return true;
}
}
@@ -1230,7 +1272,7 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
sl_array_t *fm_array;
sl_nil_t nil;
char *path = NULL;
- struct stat_ex sb = {0};
+ struct smb_filename *smb_fname = NULL;
struct stat_ex *sp = NULL;
struct sl_inode_path_map *elem = NULL;
void *p;
@@ -1299,11 +1341,23 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
elem = talloc_get_type_abort(p, struct sl_inode_path_map);
path = elem->path;
- result = sys_stat(path, &sb, false);
+ smb_fname = synthetic_smb_fname(talloc_tos(),
+ path,
+ NULL,
+ NULL,
+ 0,
+ 0);
+ if (smb_fname == NULL) {
+ DBG_ERR("synthetic_smb_fname() failed\n");
+ goto error;
+ }
+
+ result = SMB_VFS_STAT(mds_ctx->conn, smb_fname);
if (result != 0) {
goto error;
}
- sp = &sb;
+
+ sp = &smb_fname->st;
}
ok = add_filemeta(mds_ctx, reqinfo, fm_array, path, sp);
@@ -1333,9 +1387,12 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
goto error;
}
+ TALLOC_FREE(smb_fname);
return true;
error:
+
+ TALLOC_FREE(smb_fname);
sl_result = UINT64_MAX;
result = dalloc_add_copy(array, &sl_result, uint64_t);
if (result != 0) {
@@ -1522,15 +1579,21 @@ static int mds_ctx_destructor_cb(struct mds_ctx *mds_ctx)
**/
struct mds_ctx *mds_init_ctx(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
+ struct messaging_context *msg_ctx,
struct auth_session_info *session_info,
int snum,
const char *sharename,
const char *path)
{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ struct smb_filename conn_basedir;
struct mds_ctx *mds_ctx;
int backend;
+ int ret;
bool ok;
smb_iconv_t iconv_hnd = (smb_iconv_t)-1;
+ NTSTATUS status;
mds_ctx = talloc_zero(mem_ctx, struct mds_ctx);
if (mds_ctx == NULL) {
@@ -1612,6 +1675,30 @@ struct mds_ctx *mds_init_ctx(TALLOC_CTX *mem_ctx,
goto error;
}
+ status = create_conn_struct_cwd(mds_ctx,
+ ev,
+ msg_ctx,
+ session_info,
+ snum,
+ lp_path(talloc_tos(), lp_sub, snum),
+ &mds_ctx->conn);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("failed to create conn for vfs: %s\n",
+ nt_errstr(status));
+ goto error;
+ }
+
+ conn_basedir = (struct smb_filename) {
+ .base_name = mds_ctx->conn->connectpath,
+ };
+
+ ret = vfs_ChDir(mds_ctx->conn, &conn_basedir);
+ if (ret != 0) {
+ DBG_ERR("vfs_ChDir [%s] failed: %s\n",
+ conn_basedir.base_name, strerror(errno));
+ goto error;
+ }
+
ok = mds_ctx->backend->connect(mds_ctx);
if (!ok) {
DBG_ERR("backend connect failed\n");
@@ -1640,11 +1727,15 @@ bool mds_dispatch(struct mds_ctx *mds_ctx,
struct mdssvc_blob *response_blob)
{
bool ok;
+ int ret;
ssize_t len;
DALLOC_CTX *query = NULL;
DALLOC_CTX *reply = NULL;
char *rpccmd;
const struct slrpc_cmd *slcmd;
+ const struct smb_filename conn_basedir = {
+ .base_name = mds_ctx->conn->connectpath,
+ };
if (CHECK_DEBUGLVL(10)) {
const struct sl_query *slq;
@@ -1696,6 +1787,14 @@ bool mds_dispatch(struct mds_ctx *mds_ctx,
goto cleanup;
}
+ ret = vfs_ChDir(mds_ctx->conn, &conn_basedir);
+ if (ret != 0) {
+ DBG_ERR("vfs_ChDir [%s] failed: %s\n",
+ conn_basedir.base_name, strerror(errno));
+ ok = false;
+ goto cleanup;
+ }
+
ok = slcmd->function(mds_ctx, query, reply);
if (ok) {
DBG_DEBUG("%s", dalloc_dump(reply, 0));
diff --git a/source3/rpc_server/mdssvc/mdssvc.h b/source3/rpc_server/mdssvc/mdssvc.h
index 7d9a902a80b..392482767dd 100644
--- a/source3/rpc_server/mdssvc/mdssvc.h
+++ b/source3/rpc_server/mdssvc/mdssvc.h
@@ -126,6 +126,7 @@ struct mds_ctx {
int snum;
const char *sharename;
const char *spath;
+ struct connection_struct *conn;
struct sl_query *query_list; /* list of active queries */
struct db_context *ino_path_map; /* dbwrap rbt for storing inode->path mappings */
};
@@ -150,6 +151,7 @@ extern bool mds_init(struct messaging_context *msg_ctx);
extern bool mds_shutdown(void);
struct mds_ctx *mds_init_ctx(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
+ struct messaging_context *msg_ctx,
struct auth_session_info *session_info,
int snum,
const char *sharename,
diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
index b9607262216..40e37cb3b85 100644
--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
@@ -95,6 +95,7 @@ static NTSTATUS create_mdssvc_policy_handle(TALLOC_CTX *mem_ctx,
mds_ctx = mds_init_ctx(mem_ctx,
messaging_tevent_context(p->msg_ctx),
+ p->msg_ctx,
p->session_info,
snum,
sharename,
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 9e1127c339c..54a421640a6 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -243,6 +243,7 @@ static NTSTATUS parse_dfs_path(connection_struct *conn,
*********************************************************/
static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
+ struct tevent_context *ev,
struct messaging_context *msg,
connection_struct **pconn,
int snum,
@@ -261,12 +262,7 @@ static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
return NT_STATUS_NO_MEMORY;
}
- sconn->ev_ctx = samba_tevent_context_init(sconn);
- if (sconn->ev_ctx == NULL) {
- TALLOC_FREE(sconn);
- return NT_STATUS_NO_MEMORY;
- }
-
+ sconn->ev_ctx = ev;
sconn->msg_ctx = msg;
conn = conn_new(sconn);
@@ -402,6 +398,7 @@ NTSTATUS create_conn_struct_tos(struct messaging_context *msg,
struct conn_struct_tos **_c)
{
struct conn_struct_tos *c = NULL;
+ struct tevent_context *ev = NULL;
NTSTATUS status;
*_c = NULL;
@@ -411,8 +408,15 @@ NTSTATUS create_conn_struct_tos(struct messaging_context *msg,
return NT_STATUS_NO_MEMORY;
}
+ ev = samba_tevent_context_init(c);
+ if (ev == NULL) {
+ TALLOC_FREE(c);
+ return NT_STATUS_NO_MEMORY;
+ }
+
become_root();
status = create_conn_struct_as_root(c,
+ ev,
msg,
&c->conn,
snum,
@@ -492,6 +496,44 @@ NTSTATUS create_conn_struct_tos_cwd(struct messaging_context *msg,
return NT_STATUS_OK;
}
+/********************************************************
+ Fake up a connection struct for the VFS layer.
+ This takes an TALLOC_CTX and tevent_context from the
+ caller and the resulting connection_struct is stable
+ across the lifetime of mem_ctx and ev.
+
+ Note: this performs a vfs connect and changes cwd.
+
+ See also the comment for create_conn_struct_tos() above!
+*********************************************************/
+
+NTSTATUS create_conn_struct_cwd(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg,
+ const struct auth_session_info *session_info,
+ int snum,
+ const char *path,
+ struct connection_struct **c)
+{
+ NTSTATUS status;
+
+ become_root();
+ status = create_conn_struct_as_root(mem_ctx,
+ ev,
+ msg,
+ c,
+ snum,
+ path,
+ session_info);
+ unbecome_root();
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(c);
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
static void shuffle_strlist(char **list, int count)
{
int i;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 0c2c381bde5..ef158657684 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -477,7 +477,7 @@ static int process_symlink_open(struct connection_struct *conn,
unsigned int link_depth)
{
const char *conn_rootdir = NULL;
- struct smb_filename conn_rootdir_fname;
+ struct smb_filename conn_rootdir_fname = { 0 };
int fd = -1;
char *link_target = NULL;
int link_len = -1;
@@ -493,9 +493,16 @@ static int process_symlink_open(struct connection_struct *conn,
errno = ENOMEM;
return -1;
}
- conn_rootdir_fname = (struct smb_filename) {
- .base_name = discard_const_p(char, conn_rootdir),
- };
+ /*
+ * With shadow_copy2 conn_rootdir can be talloc_freed
+ * whilst we use it in this function. We must take a copy.
+ */
+ conn_rootdir_fname.base_name = talloc_strdup(talloc_tos(),
+ conn_rootdir);
+ if (conn_rootdir_fname.base_name == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
/*
* Ensure we don't get stuck in a symlink loop.
@@ -602,6 +609,7 @@ static int process_symlink_open(struct connection_struct *conn,
TALLOC_FREE(resolved_fname);
TALLOC_FREE(link_target);
+ TALLOC_FREE(conn_rootdir_fname.base_name);
if (oldwd_fname != NULL) {
int ret = vfs_ChDir(conn, oldwd_fname);
if (ret == -1) {
@@ -947,7 +955,6 @@ void change_file_owner_to_parent(connection_struct *conn,
"directory %s. Error was %s\n",
smb_fname_str_dbg(smb_fname_parent),
strerror(errno)));
- TALLOC_FREE(smb_fname_parent);
return;
}
@@ -957,7 +964,6 @@ void change_file_owner_to_parent(connection_struct *conn,
"is already owned by uid %d\n",
fsp_str_dbg(fsp),
(int)fsp->fsp_name->st.st_ex_uid ));
- TALLOC_FREE(smb_fname_parent);
return;
}
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index ae5f82c2de5..f22cbe0d55f 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -561,6 +561,14 @@ NTSTATUS resolve_dfspath_wcard(TALLOC_CTX *ctx,
bool *ppath_contains_wcard);
struct connection_struct;
struct smb_filename;
+
+NTSTATUS create_conn_struct_cwd(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg,
+ const struct auth_session_info *session_info,
+ int snum,
+ const char *path,
+ struct connection_struct **c);
struct conn_struct_tos {
struct connection_struct *conn;
struct smb_filename *oldcwd_fname;
--
Samba Shared Repository
More information about the samba-cvs
mailing list