[PATCH] Fix the talloc tree for returned SD (was Re: [PATCH][WIP] Make vfs_acl_xattr use hash of the posix ACL)

Jeremy Allison jra at samba.org
Wed Oct 31 17:02:10 MDT 2012 

On Thu, Nov 01, 2012 at 09:56:00AM +1100, Andrew Bartlett wrote:
> On Wed, 2012-10-31 at 22:56 +0100, Christian Ambach wrote:
> > On 10/31/2012 02:39 PM, Christian Ambach wrote:
> > 
> > >> However, it's not in the posix_acls or vfs_acl_common code as far as I
> > >> can tell, because valgrind over that code (now quite well exercised by
> > >> samba.tests.posixacl) is clean.
> > 
> > In case it'll help, I added some talloc_report statements to
> > get_nt_acl_internal before it frees the stackframe. See the attachment
> > for details (did not want the list to arbitrarly break lines).
> > 
> > --- a/source3/modules/vfs_acl_common.c
> > +++ b/source3/modules/vfs_acl_common.c
> > @@ -670,6 +670,8 @@ static NTSTATUS 
> > get_nt_acl_internal(vfs_handle_struct *handle,
> >          /* The VFS API is that the ACL is expected to be on mem_ctx */
> >          *ppdesc = talloc_move(mem_ctx, &psd);
> > 
> > +       talloc_report_full(frame, stderr);
> > +       talloc_report_full(mem_ctx, stderr);
> >          TALLOC_FREE(frame);
> >          return NT_STATUS_OK;
> >   }
> > 
> 
> I think this is the fix.
> 
> It doesn't get covered by my tests, because so far they don't cover
> directories (something I need to fix anyway), so if you can verify it in
> your known failing case, it would be most appreciated.
> 
> (also attached is what I was using to try and eliminate the error to
> either in posix_acls.c or vfs_acl_common.c, in case you were curious,
> but in the end it was old-fashioned manual inspection that found it)
> 
> Thanks!
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> 

> >From 9e8341153681b3224a1218c2d3a3010fc2c06410 Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Thu, 1 Nov 2012 09:51:28 +1100
> Subject: [PATCH] vfs_acl_common: In add_directory_inheritable_components
>  allocate on psd as parent
> 
> When we add a new DACL to the security descriptor, we need to use the SD as the memory
> context, so we can talloc_move() it as a tree to a new parent.
> 
> Andrew Bartlett
> ---
>  source3/modules/vfs_acl_common.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
> index 959ec23..b005239 100644
> --- a/source3/modules/vfs_acl_common.c
> +++ b/source3/modules/vfs_acl_common.c
> @@ -330,7 +330,7 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
>  		psd->dacl->aces = new_ace_list;
>  		psd->dacl->num_aces += 3;
>  	} else {
> -		psd->dacl = make_sec_acl(talloc_tos(),
> +		psd->dacl = make_sec_acl(psd,
>  				NT4_ACL_REVISION,
>  				3,
>  				new_ace_list);
> -- 
> 1.7.11.7

Andrew,

	There's also the case with new_ace_list being allocated
on talloc_tos() also.

198         struct security_ace *new_ace_list = talloc_zero_array(talloc_tos(),
199                                                 struct security_ace,
200                                                 num_aces + 3);

This gets used in:

255         if (psd->dacl) {
256                 psd->dacl->aces = new_ace_list;
257                 psd->dacl->num_aces += 3;
258         } else {

so both places need to be fixed.

Jeremy.

More information about the samba-technical mailing list