Questions about smbd option "strict rename"

Jeremy Allison jra at samba.org
Tue Nov 24 16:22:15 UTC 2015


On Tue, Nov 24, 2015 at 03:54:55PM +0100, Ralph Boehme wrote:
> Hi Michael!
> 
> On Tue, Nov 24, 2015 at 12:55:43PM +0100, Michael Adam wrote:
> > LGTM.
> > 
> > Attached is a version of Jeremy's patch with a minor
> > change (use struct initializers).
> 
> looks like the main state was still missing an initializer, so struct
> have_file_open_below_state.found_one was never initialized to false.
> 
> Updated patch attached.

Thanks for catching that ! Reviewed-by: Jeremy Allison <jra at samba.org>

> -- 
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de,mailto:kontakt@sernet.de

> From 0f89dedbbf9260104111895c6e5cb95a28c27438 Mon Sep 17 00:00:00 2001
> From: Jeremy Allison <jra at samba.org>
> Date: Mon, 23 Nov 2015 14:00:56 -0800
> Subject: [PATCH] s3: smbd: have_file_open_below() fails to enumerate open
>  files below an open directory handle.
> 
> There are three issues:
> 
> 1). The memcmp checking that the open file path has the open
> directory path as its parent compares using the wrong length
> (it uses the full open file path which will never compare as
> the same).
> 
> 2). The files_below_forall() function doesn't fill in the
> callback function or callback data when calling share_mode_forall(),
> leading to a crash (which we never saw, as the previous issue (1)
> meant the callback function would never be invoked).
> 
> 3). When invoking the callback function from files_below_forall_fn()
> we were passing in the wrong private_data pointer (needs to be
> the one from the state, not the private_data passed into
> files_below_forall_fn()).
> 
> Found when running the torture test smb2.rename.rename_dir_openfile
> when fixing bug #11065.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11615
> 
> Signed-off-by: Jeremy Allison <jra at samba.org>
> Reviewed-by: Michael Adam <obnox at samba.org>
> Reviewed-by: Ralph Boehme <slow at samba.org>
> ---
>  source3/smbd/dir.c | 13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)
> 
> diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
> index 3f99f88..82721c1 100644
> --- a/source3/smbd/dir.c
> +++ b/source3/smbd/dir.c
> @@ -1912,14 +1912,14 @@ static int files_below_forall_fn(struct file_id fid,
>  		return 0;
>  	}
>  
> -	if (memcmp(state->dirpath, fullpath, len) != 0) {
> +	if (memcmp(state->dirpath, fullpath, state->dirpath_len) != 0) {
>  		/*
>  		 * Not a parent
>  		 */
>  		return 0;
>  	}
>  
> -	return state->fn(fid, data, private_data);
> +	return state->fn(fid, data, state->private_data);
>  }
>  
>  static int files_below_forall(connection_struct *conn,
> @@ -1929,7 +1929,10 @@ static int files_below_forall(connection_struct *conn,
>  					void *private_data),
>  			      void *private_data)
>  {
> -	struct files_below_forall_state state = {};
> +	struct files_below_forall_state state = {
> +			.fn = fn,
> +			.private_data = private_data,
> +	};
>  	int ret;
>  	char tmpbuf[PATH_MAX];
>  	char *to_free;
> @@ -1964,7 +1967,9 @@ static int have_file_open_below_fn(struct file_id fid,
>  static bool have_file_open_below(connection_struct *conn,
>  				 const struct smb_filename *name)
>  {
> -	struct have_file_open_below_state state = {};
> +	struct have_file_open_below_state state = {
> +		.found_one = false,
> +	};
>  	int ret;
>  
>  	if (!VALID_STAT(name->st)) {
> -- 
> 2.5.0
> 




More information about the samba-technical mailing list