backup intent and dptr_create failure because of become_root() (was Re: Samba4 panic action)

Jeremy Allison jra at samba.org
Wed Oct 24 15:59:37 MDT 2012


On Wed, Oct 24, 2012 at 11:43:54AM -0700, Jeremy Allison wrote:
> On Sat, Oct 20, 2012 at 09:39:46PM +1100, Andrew Bartlett wrote:
> > 
> > Because we are in a become_root(), the token is NULL, and so we
> > segfault.
> > 
> > Jeremy,
> > 
> > I think you can probably handle it from here.  We don't call
> > get_current_nttok() in many places, perhaps we might be able to replace
> > it with a call that doesn't need to inspect the unix security stack, but
> > instead directly de-references conn or something similar?
> 
> Now tracking as :
> 
> [Bug 9329] New: Directory listing with SeBackup can crash smbd.

Ok, here's the patch - fixes the problem here. Steve, can
you test and confirm you don't see the problem any more ?

I'll continue to develop this for master (as it has shown
we really shouldn't push/pop the NtToken in the security
context stack so can remove quite a bit of code here).

Once you've confirmed it fixes the issue I'll add a
scripted test that reproduces and prepare the final
patchset for 4.0.0 (and get the larger patchset
pushed to master).

Thanks !

Jeremy.
-------------- next part --------------
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index eac5d9d..1835507 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -533,9 +533,19 @@ const struct security_unix_token *get_current_utok(connection_struct *conn)
 	return &current_user.ut;
 }
 
+/****************************************************************************
+ Return the Windows token we are running effectively as on this connection.
+ Note that this ignores the NULL token imposed by become_root(), as that is
+ used for temporary UNIX security override, not to change the attached Windows
+ token for the user.
+
+ After this change we can change 'struct sec_ctx' to 'struct security_unix_token'
+ as there is no need to push/pop Windows tokens.
+****************************************************************************/
+
 const struct security_token *get_current_nttok(connection_struct *conn)
 {
-	return current_user.nt_user_token;
+	return conn->session_info->security_token;
 }
 
 uint64_t get_current_vuid(connection_struct *conn)


More information about the samba-technical mailing list