backup intent and dptr_create failure because of become_root() (was Re: Samba4 panic action)
Jeremy Allison
jra at samba.org
Wed Oct 24 15:59:37 MDT 2012
On Wed, Oct 24, 2012 at 11:43:54AM -0700, Jeremy Allison wrote:
> On Sat, Oct 20, 2012 at 09:39:46PM +1100, Andrew Bartlett wrote:
> >
> > Because we are in a become_root(), the token is NULL, and so we
> > segfault.
> >
> > Jeremy,
> >
> > I think you can probably handle it from here. We don't call
> > get_current_nttok() in many places, perhaps we might be able to replace
> > it with a call that doesn't need to inspect the unix security stack, but
> > instead directly de-references conn or something similar?
>
> Now tracking as :
>
> [Bug 9329] New: Directory listing with SeBackup can crash smbd.
Ok, here's the patch - fixes the problem here. Steve, can
you test and confirm you don't see the problem any more ?
I'll continue to develop this for master (as it has shown
we really shouldn't push/pop the NtToken in the security
context stack so can remove quite a bit of code here).
Once you've confirmed it fixes the issue I'll add a
scripted test that reproduces and prepare the final
patchset for 4.0.0 (and get the larger patchset
pushed to master).
Thanks !
Jeremy.
-------------- next part --------------
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index eac5d9d..1835507 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -533,9 +533,19 @@ const struct security_unix_token *get_current_utok(connection_struct *conn)
return ¤t_user.ut;
}
+/****************************************************************************
+ Return the Windows token we are running effectively as on this connection.
+ Note that this ignores the NULL token imposed by become_root(), as that is
+ used for temporary UNIX security override, not to change the attached Windows
+ token for the user.
+
+ After this change we can change 'struct sec_ctx' to 'struct security_unix_token'
+ as there is no need to push/pop Windows tokens.
+****************************************************************************/
+
const struct security_token *get_current_nttok(connection_struct *conn)
{
- return current_user.nt_user_token;
+ return conn->session_info->security_token;
}
uint64_t get_current_vuid(connection_struct *conn)
More information about the samba-technical
mailing list