[PATCH] Final changes to VFS functions to convert from const char * to const struct smb_filename *
Jeremy Allison
jra at samba.org
Fri Mar 4 01:15:32 UTC 2016
Last two, chown() and lchown(). Patch is in 4 pieces.
1). Fix bad call in vfs_netatalk(). lchown function was calling chown().
2). Modify chmod to take a const struct smb_filename * instead of const char *
3). Modify chmod to take a const struct smb_filename * instead of const char *
4). Simplify logic inside vfs_chown_fsp(). When creating the previous two
patches I realized this was way too complex and if modified carelessly
might cause a security issue (it doesn't have any issues btw). Much simpler now.
That's the last of the VFS changes needed. Now I can
concentrate on plumbing smb_filename through to all
the places that currently use lp_posix_pathnames()
and eliminating them !
I carefully checked for errors I made in previous
VFS patches (missing uncompiled modules, etc.) and
couldn't spot any :-).
Passes local make test !
Please review and push if happy.
Cheers,
Jeremy.
-------------- next part --------------
From 0cfef94a4eb2e5b55901fb16fde7f9795aa2c70c Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 3 Mar 2016 11:53:39 -0800
Subject: [PATCH 1/4] VFS: vfs_netatalk. Fix wrong VFS call used inside
atalk_lchown()
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/modules/vfs_netatalk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/modules/vfs_netatalk.c b/source3/modules/vfs_netatalk.c
index aaaf626..4bb26d0 100644
--- a/source3/modules/vfs_netatalk.c
+++ b/source3/modules/vfs_netatalk.c
@@ -441,7 +441,7 @@ static int atalk_lchown(struct vfs_handle_struct *handle, const char *path, uid_
SMB_STRUCT_STAT orig_info;
TALLOC_CTX *ctx;
- ret = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
+ ret = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
if (!path) return ret;
--
2.7.0.rc3.207.g0ac5344
From 070a5d041c35be8cabdce8907bfd3c9d99d9c50a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 3 Mar 2016 11:54:23 -0800
Subject: [PATCH 2/4] VFS: Modify chown to take a const struct smb_filename *
instead of const char *
Preparing to reduce use of lp_posix_pathnames().
Signed-off-by: Jeremy Allison <jra at samba.org>
---
examples/VFS/skel_opaque.c | 6 ++++--
examples/VFS/skel_transparent.c | 8 +++++---
source3/include/vfs.h | 13 ++++++++++---
source3/include/vfs_macros.h | 8 ++++----
source3/modules/vfs_cap.c | 28 +++++++++++++++++++++++++---
source3/modules/vfs_catia.c | 25 ++++++++++++++++++++-----
source3/modules/vfs_ceph.c | 13 ++++++++++---
source3/modules/vfs_default.c | 7 +++++--
source3/modules/vfs_fake_acls.c | 19 ++++++++++++++++---
source3/modules/vfs_fruit.c | 24 ++++++++++++++++++------
source3/modules/vfs_full_audit.c | 8 +++++---
source3/modules/vfs_glusterfs.c | 6 ++++--
source3/modules/vfs_media_harmony.c | 25 +++++++++++--------------
source3/modules/vfs_netatalk.c | 11 ++++++-----
source3/modules/vfs_shadow_copy2.c | 30 +++++++++++++++++++++++-------
source3/modules/vfs_snapper.c | 33 +++++++++++++++++++++++++--------
source3/modules/vfs_time_audit.c | 10 +++++++---
source3/modules/vfs_unityed_media.c | 22 ++++++++++++----------
source3/smbd/pysmbd.c | 14 +++++++++++++-
source3/smbd/vfs.c | 10 ++++++----
source3/torture/cmd_vfs.c | 12 +++++++++++-
21 files changed, 240 insertions(+), 92 deletions(-)
diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c
index e7bb645..57f5b09 100644
--- a/examples/VFS/skel_opaque.c
+++ b/examples/VFS/skel_opaque.c
@@ -382,8 +382,10 @@ static int skel_fchmod(vfs_handle_struct *handle, files_struct *fsp,
return -1;
}
-static int skel_chown(vfs_handle_struct *handle, const char *path,
- uid_t uid, gid_t gid)
+static int skel_chown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
errno = ENOSYS;
return -1;
diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c
index fe2356a..d320da9 100644
--- a/examples/VFS/skel_transparent.c
+++ b/examples/VFS/skel_transparent.c
@@ -488,10 +488,12 @@ static int skel_fchmod(vfs_handle_struct *handle, files_struct *fsp,
return SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
}
-static int skel_chown(vfs_handle_struct *handle, const char *path, uid_t uid,
- gid_t gid)
+static int skel_chown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
- return SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
+ return SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
}
static int skel_fchown(vfs_handle_struct *handle, files_struct *fsp,
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index c8e0494..4b3ac03 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -184,6 +184,8 @@
const struct smb_filename * */
/* Version 35 - Change chmod_acl from const char *, to
const struct smb_filename * */
+/* Version 35 - Change chown from const char *, to
+ const struct smb_filename * */
#define SMB_VFS_INTERFACE_VERSION 35
@@ -646,7 +648,10 @@ struct vfs_fn_pointers {
const struct smb_filename *smb_fname,
mode_t mode);
int (*fchmod_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, mode_t mode);
- int (*chown_fn)(struct vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid);
+ int (*chown_fn)(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid);
int (*fchown_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, uid_t uid, gid_t gid);
int (*lchown_fn)(struct vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid);
int (*chdir_fn)(struct vfs_handle_struct *handle, const char *path);
@@ -1095,8 +1100,10 @@ int smb_vfs_call_chmod(struct vfs_handle_struct *handle,
mode_t mode);
int smb_vfs_call_fchmod(struct vfs_handle_struct *handle,
struct files_struct *fsp, mode_t mode);
-int smb_vfs_call_chown(struct vfs_handle_struct *handle, const char *path,
- uid_t uid, gid_t gid);
+int smb_vfs_call_chown(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid);
int smb_vfs_call_fchown(struct vfs_handle_struct *handle,
struct files_struct *fsp, uid_t uid, gid_t gid);
int smb_vfs_call_lchown(struct vfs_handle_struct *handle, const char *path,
diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h
index e5e3c99..5fbd779 100644
--- a/source3/include/vfs_macros.h
+++ b/source3/include/vfs_macros.h
@@ -251,10 +251,10 @@
#define SMB_VFS_NEXT_FCHMOD(handle, fsp, mode) \
smb_vfs_call_fchmod((handle)->next, (fsp), (mode))
-#define SMB_VFS_CHOWN(conn, path, uid, gid) \
- smb_vfs_call_chown((conn)->vfs_handles, (path), (uid), (gid))
-#define SMB_VFS_NEXT_CHOWN(handle, path, uid, gid) \
- smb_vfs_call_chown((handle)->next, (path), (uid), (gid))
+#define SMB_VFS_CHOWN(conn, smb_fname, uid, gid) \
+ smb_vfs_call_chown((conn)->vfs_handles, (smb_fname), (uid), (gid))
+#define SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid) \
+ smb_vfs_call_chown((handle)->next, (smb_fname), (uid), (gid))
#define SMB_VFS_FCHOWN(fsp, uid, gid) \
smb_vfs_call_fchown((fsp)->conn->vfs_handles, (fsp), (uid), (gid))
diff --git a/source3/modules/vfs_cap.c b/source3/modules/vfs_cap.c
index 0bb943d..f58977b 100644
--- a/source3/modules/vfs_cap.c
+++ b/source3/modules/vfs_cap.c
@@ -336,15 +336,37 @@ static int cap_chmod(vfs_handle_struct *handle,
return ret;
}
-static int cap_chown(vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid)
+static int cap_chown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
- char *cappath = capencode(talloc_tos(), path);
+ struct smb_filename *cap_smb_fname = NULL;
+ char *cappath = capencode(talloc_tos(), smb_fname->base_name);
+ int ret;
+ int saved_errno;
if (!cappath) {
errno = ENOMEM;
return -1;
}
- return SMB_VFS_NEXT_CHOWN(handle, cappath, uid, gid);
+
+ cap_smb_fname = synthetic_smb_fname(talloc_tos(),
+ cappath,
+ NULL,
+ NULL);
+ if (cap_smb_fname == NULL) {
+ TALLOC_FREE(cappath);
+ errno = ENOMEM;
+ return -1;
+ }
+
+ ret = SMB_VFS_NEXT_CHOWN(handle, cap_smb_fname, uid, gid);
+ saved_errno = errno;
+ TALLOC_FREE(cappath);
+ TALLOC_FREE(cap_smb_fname);
+ errno = saved_errno;
+ return ret;
}
static int cap_lchown(vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid)
diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c
index e142cce..814f474 100644
--- a/source3/modules/vfs_catia.c
+++ b/source3/modules/vfs_catia.c
@@ -522,24 +522,39 @@ static int catia_unlink(vfs_handle_struct *handle,
}
static int catia_chown(vfs_handle_struct *handle,
- const char *path,
+ const struct smb_filename *smb_fname,
uid_t uid,
gid_t gid)
{
char *name = NULL;
NTSTATUS status;
int ret;
+ int saved_errno;
+ struct smb_filename *catia_smb_fname = NULL;
- status = catia_string_replace_allocate(handle->conn, path,
- &name, vfs_translate_to_unix);
+ status = catia_string_replace_allocate(handle->conn,
+ smb_fname->base_name,
+ &name,
+ vfs_translate_to_unix);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
+ catia_smb_fname = synthetic_smb_fname(talloc_tos(),
+ name,
+ NULL,
+ NULL);
+ if (catia_smb_fname == NULL) {
+ TALLOC_FREE(name);
+ errno = ENOMEM;
+ return -1;
+ }
- ret = SMB_VFS_NEXT_CHOWN(handle, name, uid, gid);
+ ret = SMB_VFS_NEXT_CHOWN(handle, catia_smb_fname, uid, gid);
+ saved_errno = errno;
TALLOC_FREE(name);
-
+ TALLOC_FREE(catia_smb_fname);
+ errno = saved_errno;
return ret;
}
diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index 82e15c8..d185bd0 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -697,11 +697,18 @@ static int cephwrap_fchmod(struct vfs_handle_struct *handle, files_struct *fsp,
return -1;
}
-static int cephwrap_chown(struct vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid)
+static int cephwrap_chown(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int result;
- DEBUG(10, ("[CEPH] chown(%p, %s, %d, %d)\n", handle, path, uid, gid));
- result = ceph_chown(handle->data, path, uid, gid);
+ DEBUG(10, ("[CEPH] chown(%p, %s, %d, %d)\n",
+ handle,
+ smb_fname->base_name,
+ uid,
+ gid));
+ result = ceph_chown(handle->data, smb_fname->base_name, uid, gid);
DEBUG(10, ("[CEPH] chown(...) = %d\n", result));
WRAP_RETURN(result);
}
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index bb55fac..604ee45 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1744,12 +1744,15 @@ static int vfswrap_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t m
return result;
}
-static int vfswrap_chown(vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid)
+static int vfswrap_chown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int result;
START_PROFILE(syscall_chown);
- result = chown(path, uid, gid);
+ result = chown(smb_fname->base_name, uid, gid);
END_PROFILE(syscall_chown);
return result;
}
diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c
index 3887e86..cb907d0 100644
--- a/source3/modules/vfs_fake_acls.c
+++ b/source3/modules/vfs_fake_acls.c
@@ -393,20 +393,33 @@ static int fake_acls_sys_acl_delete_def_file(vfs_handle_struct *handle, const ch
return ret;
}
-static int fake_acls_chown(vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid)
+static int fake_acls_chown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int ret;
uint8_t id_buf[4];
if (uid != -1) {
SIVAL(id_buf, 0, uid);
- ret = SMB_VFS_NEXT_SETXATTR(handle, path, FAKE_UID, id_buf, sizeof(id_buf), 0);
+ ret = SMB_VFS_NEXT_SETXATTR(handle,
+ smb_fname->base_name,
+ FAKE_UID,
+ id_buf,
+ sizeof(id_buf),
+ 0);
if (ret != 0) {
return ret;
}
}
if (gid != -1) {
SIVAL(id_buf, 0, gid);
- ret = SMB_VFS_NEXT_SETXATTR(handle, path, FAKE_GID, id_buf, sizeof(id_buf), 0);
+ ret = SMB_VFS_NEXT_SETXATTR(handle,
+ smb_fname->base_name,
+ FAKE_GID,
+ id_buf,
+ sizeof(id_buf),
+ 0);
if (ret != 0) {
return ret;
}
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 49cfa0c..73b5f3a 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -2545,16 +2545,17 @@ static int fruit_chmod(vfs_handle_struct *handle,
}
static int fruit_chown(vfs_handle_struct *handle,
- const char *path,
+ const struct smb_filename *smb_fname,
uid_t uid,
gid_t gid)
{
int rc = -1;
char *adp = NULL;
struct fruit_config_data *config = NULL;
+ struct smb_filename *adp_smb_fname = NULL;
SMB_STRUCT_STAT sb;
- rc = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
+ rc = SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
if (rc != 0) {
return rc;
}
@@ -2566,26 +2567,37 @@ static int fruit_chown(vfs_handle_struct *handle,
return rc;
}
- /* FIXME: direct sys_lstat(), missing smb_fname */
- rc = sys_lstat(path, &sb, false);
+ /* FIXME: direct sys_lstat(), need non-const smb_fname */
+ rc = sys_lstat(smb_fname->base_name, &sb, false);
if (rc != 0 || !S_ISREG(sb.st_ex_mode)) {
return rc;
}
- rc = adouble_path(talloc_tos(), path, &adp);
+ rc = adouble_path(talloc_tos(), smb_fname->base_name, &adp);
if (rc != 0) {
goto done;
}
DEBUG(10, ("fruit_chown: %s\n", adp));
- rc = SMB_VFS_NEXT_CHOWN(handle, adp, uid, gid);
+ adp_smb_fname = synthetic_smb_fname(talloc_tos(),
+ adp,
+ NULL,
+ NULL);
+ if (adp_smb_fname == NULL) {
+ errno = ENOMEM;
+ rc = -1;
+ goto done;
+ }
+
+ rc = SMB_VFS_NEXT_CHOWN(handle, adp_smb_fname, uid, gid);
if (errno == ENOENT) {
rc = 0;
}
done:
TALLOC_FREE(adp);
+ TALLOC_FREE(adp_smb_fname);
return rc;
}
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 4a7b358..309158a 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -1422,14 +1422,16 @@ static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
}
static int smb_full_audit_chown(vfs_handle_struct *handle,
- const char *path, uid_t uid, gid_t gid)
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int result;
- result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
+ result = SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
- path, (long int)uid, (long int)gid);
+ smb_fname->base_name, (long int)uid, (long int)gid);
return result;
}
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index c98e480..ad0190d 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -943,9 +943,11 @@ static int vfs_gluster_fchmod(struct vfs_handle_struct *handle,
}
static int vfs_gluster_chown(struct vfs_handle_struct *handle,
- const char *path, uid_t uid, gid_t gid)
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
- return glfs_chown(handle->data, path, uid, gid);
+ return glfs_chown(handle->data, smb_fname->base_name, uid, gid);
}
static int vfs_gluster_fchown(struct vfs_handle_struct *handle,
diff --git a/source3/modules/vfs_media_harmony.c b/source3/modules/vfs_media_harmony.c
index e1f05cc..73b418e 100644
--- a/source3/modules/vfs_media_harmony.c
+++ b/source3/modules/vfs_media_harmony.c
@@ -1580,34 +1580,31 @@ out:
* Failure: set errno, return -1
*/
static int mh_chown(vfs_handle_struct *handle,
- const char *path,
+ const struct smb_filename *smb_fname,
uid_t uid,
gid_t gid)
{
int status;
- char *clientPath;
- TALLOC_CTX *ctx;
+ struct smb_filename *clientFname = NULL;
DEBUG(MH_INFO_DEBUG, ("Entering mh_chown\n"));
- if (!is_in_media_files(path))
+ if (!is_in_media_files(smb_fname->base_name))
{
- status = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
+ status = SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
goto out;
}
- clientPath = NULL;
- ctx = talloc_tos();
-
- if ((status = alloc_get_client_path(handle, ctx,
- path,
- &clientPath)))
- {
+ status = alloc_get_client_smb_fname(handle,
+ talloc_tos(),
+ smb_fname,
+ &clientFname);
+ if (status != 0) {
goto err;
}
- status = SMB_VFS_NEXT_CHOWN(handle, clientPath, uid, gid);
+ status = SMB_VFS_NEXT_CHOWN(handle, clientFname, uid, gid);
err:
- TALLOC_FREE(clientPath);
+ TALLOC_FREE(clientFname);
out:
return status;
}
diff --git a/source3/modules/vfs_netatalk.c b/source3/modules/vfs_netatalk.c
index 4bb26d0..13ad402 100644
--- a/source3/modules/vfs_netatalk.c
+++ b/source3/modules/vfs_netatalk.c
@@ -397,7 +397,10 @@ exit_chmod:
return ret;
}
-static int atalk_chown(struct vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid)
+static int atalk_chown(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int ret = 0;
char *adbl_path = 0;
@@ -406,14 +409,12 @@ static int atalk_chown(struct vfs_handle_struct *handle, const char *path, uid_t
SMB_STRUCT_STAT orig_info;
TALLOC_CTX *ctx;
- ret = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
-
- if (!path) return ret;
+ ret = SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
if (!(ctx = talloc_init("chown_file")))
return ret;
- if (atalk_build_paths(ctx, handle->conn->cwd, path,
+ if (atalk_build_paths(ctx, handle->conn->cwd, smb_fname->base_name,
&adbl_path, &orig_path,
&adbl_info, &orig_info) != 0)
goto exit_chown;
diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
index c83ce1e..c63d676 100644
--- a/source3/modules/vfs_shadow_copy2.c
+++ b/source3/modules/vfs_shadow_copy2.c
@@ -1013,29 +1013,45 @@ static int shadow_copy2_chmod(vfs_handle_struct *handle,
return ret;
}
-static int shadow_copy2_chown(vfs_handle_struct *handle, const char *fname,
- uid_t uid, gid_t gid)
+static int shadow_copy2_chown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
time_t timestamp;
char *stripped;
int ret, saved_errno;
- char *conv;
+ char *conv = NULL;
+ struct smb_filename *conv_smb_fname = NULL;
- if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
- ×tamp, &stripped)) {
+ if (!shadow_copy2_strip_snapshot(talloc_tos(),
+ handle,
+ smb_fname->base_name,
+ ×tamp,
+ &stripped)) {
return -1;
}
if (timestamp == 0) {
- return SMB_VFS_NEXT_CHOWN(handle, fname, uid, gid);
+ return SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
}
conv = shadow_copy2_convert(talloc_tos(), handle, stripped, timestamp);
TALLOC_FREE(stripped);
if (conv == NULL) {
return -1;
}
- ret = SMB_VFS_NEXT_CHOWN(handle, conv, uid, gid);
+ conv_smb_fname = synthetic_smb_fname(talloc_tos(),
+ conv,
+ NULL,
+ NULL);
+ if (conv_smb_fname == NULL) {
+ TALLOC_FREE(conv);
+ errno = ENOMEM;
+ return -1;
+ }
+ ret = SMB_VFS_NEXT_CHOWN(handle, conv_smb_fname, uid, gid);
saved_errno = errno;
TALLOC_FREE(conv);
+ TALLOC_FREE(conv_smb_fname);
errno = saved_errno;
return ret;
}
diff --git a/source3/modules/vfs_snapper.c b/source3/modules/vfs_snapper.c
index fb99369..11a99d9 100644
--- a/source3/modules/vfs_snapper.c
+++ b/source3/modules/vfs_snapper.c
@@ -2259,29 +2259,46 @@ static int snapper_gmt_chmod(vfs_handle_struct *handle,
return ret;
}
-static int snapper_gmt_chown(vfs_handle_struct *handle, const char *fname,
- uid_t uid, gid_t gid)
+static int snapper_gmt_chown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
time_t timestamp;
- char *stripped;
+ char *stripped = NULL;
int ret, saved_errno;
- char *conv;
+ char *conv = NULL;
+ struct smb_filename *conv_smb_fname = NULL;
- if (!snapper_gmt_strip_snapshot(talloc_tos(), handle, fname,
- ×tamp, &stripped)) {
+ if (!snapper_gmt_strip_snapshot(talloc_tos(),
+ handle,
+ smb_fname->base_name,
+ ×tamp,
+ &stripped)) {
return -1;
}
if (timestamp == 0) {
- return SMB_VFS_NEXT_CHOWN(handle, fname, uid, gid);
+ TALLOC_FREE(stripped);
+ return SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
}
conv = snapper_gmt_convert(talloc_tos(), handle, stripped, timestamp);
TALLOC_FREE(stripped);
if (conv == NULL) {
return -1;
}
- ret = SMB_VFS_NEXT_CHOWN(handle, conv, uid, gid);
+ conv_smb_fname = synthetic_smb_fname(talloc_tos(),
+ conv,
+ NULL,
+ NULL);
+ if (conv_smb_fname == NULL) {
+ TALLOC_FREE(conv);
+ errno = ENOMEM;
+ return -1;
+ }
+ ret = SMB_VFS_NEXT_CHOWN(handle, conv_smb_fname, uid, gid);
saved_errno = errno;
TALLOC_FREE(conv);
+ TALLOC_FREE(conv_smb_fname);
errno = saved_errno;
return ret;
}
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index 944251d..68bc84b 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -1143,19 +1143,23 @@ static int smb_time_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
}
static int smb_time_audit_chown(vfs_handle_struct *handle,
- const char *path, uid_t uid, gid_t gid)
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
- result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
+ result = SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
- smb_time_audit_log_fname("chown", timediff, path);
+ smb_time_audit_log_fname("chown",
+ timediff,
+ smb_fname->base_name);
}
return result;
diff --git a/source3/modules/vfs_unityed_media.c b/source3/modules/vfs_unityed_media.c
index dd6dc33..84191cc 100644
--- a/source3/modules/vfs_unityed_media.c
+++ b/source3/modules/vfs_unityed_media.c
@@ -1207,29 +1207,31 @@ err:
}
static int um_chown(vfs_handle_struct *handle,
- const char *path,
- uid_t uid,
- gid_t gid)
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int status;
- char *client_path = NULL;
+ struct smb_filename *client_fname = NULL;
DEBUG(10, ("Entering um_chown\n"));
- if (!is_in_media_files(path)) {
- return SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
+ if (!is_in_media_files(smb_fname->base_name)) {
+ return SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
}
- status = alloc_get_client_path(handle, talloc_tos(),
- path, &client_path);
+ status = alloc_get_client_smb_fname(handle,
+ talloc_tos(),
+ smb_fname,
+ &client_fname);
if (status != 0) {
goto err;
}
- status = SMB_VFS_NEXT_CHOWN(handle, client_path, uid, gid);
+ status = SMB_VFS_NEXT_CHOWN(handle, client_fname, uid, gid);
err:
- TALLOC_FREE(client_path);
+ TALLOC_FREE(client_fname);
return status;
}
diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
index cd6a1e2..68bc3e7 100644
--- a/source3/smbd/pysmbd.c
+++ b/source3/smbd/pysmbd.c
@@ -375,6 +375,7 @@ static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs)
int uid, gid;
TALLOC_CTX *frame;
mode_t saved_umask;
+ struct smb_filename *smb_fname = NULL;
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sii|z",
discard_const_p(char *, kwnames),
@@ -392,7 +393,18 @@ static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs)
so set our umask to 0 */
saved_umask = umask(0);
- ret = SMB_VFS_CHOWN( conn, fname, uid, gid);
+ smb_fname = synthetic_smb_fname(talloc_tos(),
+ fname,
+ NULL,
+ NULL);
+ if (smb_fname == NULL) {
+ umask(saved_umask);
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return PyErr_SetFromErrno(PyExc_OSError);
+ }
+
+ ret = SMB_VFS_CHOWN(conn, smb_fname, uid, gid);
if (ret != 0) {
umask(saved_umask);
TALLOC_FREE(frame);
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 02a94e8..8b87b32 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -1882,11 +1882,13 @@ int smb_vfs_call_fchmod(struct vfs_handle_struct *handle,
return handle->fns->fchmod_fn(handle, fsp, mode);
}
-int smb_vfs_call_chown(struct vfs_handle_struct *handle, const char *path,
- uid_t uid, gid_t gid)
+int smb_vfs_call_chown(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
VFS_FIND(chown);
- return handle->fns->chown_fn(handle, path, uid, gid);
+ return handle->fns->chown_fn(handle, smb_fname, uid, gid);
}
int smb_vfs_call_fchown(struct vfs_handle_struct *handle,
@@ -1983,7 +1985,7 @@ NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
uid, gid);
} else {
ret = SMB_VFS_CHOWN(fsp->conn,
- path,
+ fsp->fsp_name,
uid, gid);
}
diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c
index a7e70b3..4bd5417 100644
--- a/source3/torture/cmd_vfs.c
+++ b/source3/torture/cmd_vfs.c
@@ -955,6 +955,7 @@ static NTSTATUS cmd_fchmod_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int a
static NTSTATUS cmd_chown(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
{
+ struct smb_filename *smb_fname = NULL;
uid_t uid;
gid_t gid;
if (argc != 4) {
@@ -964,7 +965,16 @@ static NTSTATUS cmd_chown(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc,
uid = atoi(argv[2]);
gid = atoi(argv[3]);
- if (SMB_VFS_CHOWN(vfs->conn, argv[1], uid, gid) == -1) {
+
+ smb_fname = synthetic_smb_fname(talloc_tos(),
+ argv[1],
+ NULL,
+ NULL);
+ if (smb_fname == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (SMB_VFS_CHOWN(vfs->conn, smb_fname, uid, gid) == -1) {
printf("chown: error=%d (%s)\n", errno, strerror(errno));
return NT_STATUS_UNSUCCESSFUL;
}
--
2.7.0.rc3.207.g0ac5344
From 615d94167e51adb53cd224bcbee51817e26c7ec7 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 3 Mar 2016 14:34:57 -0800
Subject: [PATCH 3/4] VFS: Modify lchown to take a const struct smb_filename *
instead of const char *
Preparing to reduce use of lp_posix_pathnames().
Signed-off-by: Jeremy Allison <jra at samba.org>
---
examples/VFS/skel_opaque.c | 6 ++++--
examples/VFS/skel_transparent.c | 8 +++++---
source3/include/vfs.h | 13 +++++++++---
source3/include/vfs_macros.h | 8 ++++----
source3/modules/vfs_cap.c | 28 ++++++++++++++++++++++---
source3/modules/vfs_catia.c | 25 +++++++++++++++++-----
source3/modules/vfs_ceph.c | 14 +++++++++----
source3/modules/vfs_default.c | 7 +++++--
source3/modules/vfs_fake_acls.c | 19 ++++++++++++++---
source3/modules/vfs_full_audit.c | 8 +++++---
source3/modules/vfs_glusterfs.c | 6 ++++--
source3/modules/vfs_media_harmony.c | 25 ++++++++++------------
source3/modules/vfs_netatalk.c | 11 +++++-----
source3/modules/vfs_time_audit.c | 10 ++++++---
source3/modules/vfs_unityed_media.c | 22 +++++++++++---------
source3/smbd/open.c | 6 ++++--
source3/smbd/trans2.c | 4 ++--
source3/smbd/vfs.c | 41 +++++++++++++++++++++++++------------
18 files changed, 178 insertions(+), 83 deletions(-)
diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c
index 57f5b09..457881d 100644
--- a/examples/VFS/skel_opaque.c
+++ b/examples/VFS/skel_opaque.c
@@ -398,8 +398,10 @@ static int skel_fchown(vfs_handle_struct *handle, files_struct *fsp,
return -1;
}
-static int skel_lchown(vfs_handle_struct *handle, const char *path,
- uid_t uid, gid_t gid)
+static int skel_lchown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
errno = ENOSYS;
return -1;
diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c
index d320da9..55b1ed6 100644
--- a/examples/VFS/skel_transparent.c
+++ b/examples/VFS/skel_transparent.c
@@ -502,10 +502,12 @@ static int skel_fchown(vfs_handle_struct *handle, files_struct *fsp,
return SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
}
-static int skel_lchown(vfs_handle_struct *handle, const char *path, uid_t uid,
- gid_t gid)
+static int skel_lchown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
- return SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
+ return SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
}
static int skel_chdir(vfs_handle_struct *handle, const char *path)
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 4b3ac03..e77d702 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -186,6 +186,8 @@
const struct smb_filename * */
/* Version 35 - Change chown from const char *, to
const struct smb_filename * */
+/* Version 35 - Change lchown from const char *, to
+ const struct smb_filename * */
#define SMB_VFS_INTERFACE_VERSION 35
@@ -653,7 +655,10 @@ struct vfs_fn_pointers {
uid_t uid,
gid_t gid);
int (*fchown_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, uid_t uid, gid_t gid);
- int (*lchown_fn)(struct vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid);
+ int (*lchown_fn)(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid);
int (*chdir_fn)(struct vfs_handle_struct *handle, const char *path);
char *(*getwd_fn)(struct vfs_handle_struct *handle);
int (*ntimes_fn)(struct vfs_handle_struct *handle,
@@ -1106,8 +1111,10 @@ int smb_vfs_call_chown(struct vfs_handle_struct *handle,
gid_t gid);
int smb_vfs_call_fchown(struct vfs_handle_struct *handle,
struct files_struct *fsp, uid_t uid, gid_t gid);
-int smb_vfs_call_lchown(struct vfs_handle_struct *handle, const char *path,
- uid_t uid, gid_t gid);
+int smb_vfs_call_lchown(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid);
int smb_vfs_call_chdir(struct vfs_handle_struct *handle, const char *path);
char *smb_vfs_call_getwd(struct vfs_handle_struct *handle);
int smb_vfs_call_ntimes(struct vfs_handle_struct *handle,
diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h
index 5fbd779..ae2ba1b 100644
--- a/source3/include/vfs_macros.h
+++ b/source3/include/vfs_macros.h
@@ -261,10 +261,10 @@
#define SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid) \
smb_vfs_call_fchown((handle)->next, (fsp), (uid), (gid))
-#define SMB_VFS_LCHOWN(conn, path, uid, gid) \
- smb_vfs_call_lchown((conn)->vfs_handles, (path), (uid), (gid))
-#define SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid) \
- smb_vfs_call_lchown((handle)->next, (path), (uid), (gid))
+#define SMB_VFS_LCHOWN(conn, smb_fname, uid, gid) \
+ smb_vfs_call_lchown((conn)->vfs_handles, (smb_fname), (uid), (gid))
+#define SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid) \
+ smb_vfs_call_lchown((handle)->next, (smb_fname), (uid), (gid))
#define SMB_VFS_CHDIR(conn, path) \
smb_vfs_call_chdir((conn)->vfs_handles, (path))
diff --git a/source3/modules/vfs_cap.c b/source3/modules/vfs_cap.c
index f58977b..42b4b8d 100644
--- a/source3/modules/vfs_cap.c
+++ b/source3/modules/vfs_cap.c
@@ -369,15 +369,37 @@ static int cap_chown(vfs_handle_struct *handle,
return ret;
}
-static int cap_lchown(vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid)
+static int cap_lchown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
- char *cappath = capencode(talloc_tos(), path);
+ struct smb_filename *cap_smb_fname = NULL;
+ char *cappath = capencode(talloc_tos(), smb_fname->base_name);
+ int ret;
+ int saved_errno;
if (!cappath) {
errno = ENOMEM;
return -1;
}
- return SMB_VFS_NEXT_LCHOWN(handle, cappath, uid, gid);
+
+ cap_smb_fname = synthetic_smb_fname(talloc_tos(),
+ cappath,
+ NULL,
+ NULL);
+ if (cap_smb_fname == NULL) {
+ TALLOC_FREE(cappath);
+ errno = ENOMEM;
+ return -1;
+ }
+
+ ret = SMB_VFS_NEXT_LCHOWN(handle, cap_smb_fname, uid, gid);
+ saved_errno = errno;
+ TALLOC_FREE(cappath);
+ TALLOC_FREE(cap_smb_fname);
+ errno = saved_errno;
+ return ret;
}
static int cap_chdir(vfs_handle_struct *handle, const char *path)
diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c
index 814f474..4a988b9 100644
--- a/source3/modules/vfs_catia.c
+++ b/source3/modules/vfs_catia.c
@@ -559,24 +559,39 @@ static int catia_chown(vfs_handle_struct *handle,
}
static int catia_lchown(vfs_handle_struct *handle,
- const char *path,
+ const struct smb_filename *smb_fname,
uid_t uid,
gid_t gid)
{
char *name = NULL;
NTSTATUS status;
int ret;
+ int saved_errno;
+ struct smb_filename *catia_smb_fname = NULL;
- status = catia_string_replace_allocate(handle->conn, path,
- &name, vfs_translate_to_unix);
+ status = catia_string_replace_allocate(handle->conn,
+ smb_fname->base_name,
+ &name,
+ vfs_translate_to_unix);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
+ catia_smb_fname = synthetic_smb_fname(talloc_tos(),
+ name,
+ NULL,
+ NULL);
+ if (catia_smb_fname == NULL) {
+ TALLOC_FREE(name);
+ errno = ENOMEM;
+ return -1;
+ }
- ret = SMB_VFS_NEXT_LCHOWN(handle, name, uid, gid);
+ ret = SMB_VFS_NEXT_LCHOWN(handle, catia_smb_fname, uid, gid);
+ saved_errno = errno;
TALLOC_FREE(name);
-
+ TALLOC_FREE(catia_smb_fname);
+ errno = saved_errno;
return ret;
}
diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index d185bd0..b609d72 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -729,12 +729,18 @@ static int cephwrap_fchown(struct vfs_handle_struct *handle, files_struct *fsp,
return result;
}
-static int cephwrap_lchown(struct vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid)
+static int cephwrap_lchown(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int result;
-
- DEBUG(10, ("[CEPH] lchown(%p, %s, %d, %d)\n", handle, path, uid, gid));
- result = ceph_lchown(handle->data, path, uid, gid);
+ DEBUG(10, ("[CEPH] lchown(%p, %s, %d, %d)\n",
+ handle,
+ smb_fname->base_name,
+ uid,
+ gid));
+ result = ceph_lchown(handle->data, smb_fname->base_name, uid, gid);
DEBUG(10, ("[CEPH] lchown(...) = %d\n", result));
WRAP_RETURN(result);
}
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 604ee45..4de965e 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1772,12 +1772,15 @@ static int vfswrap_fchown(vfs_handle_struct *handle, files_struct *fsp, uid_t ui
#endif
}
-static int vfswrap_lchown(vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid)
+static int vfswrap_lchown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int result;
START_PROFILE(syscall_lchown);
- result = lchown(path, uid, gid);
+ result = lchown(smb_fname->base_name, uid, gid);
END_PROFILE(syscall_lchown);
return result;
}
diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c
index cb907d0..491e1ac 100644
--- a/source3/modules/vfs_fake_acls.c
+++ b/source3/modules/vfs_fake_acls.c
@@ -427,7 +427,10 @@ static int fake_acls_chown(vfs_handle_struct *handle,
return 0;
}
-static int fake_acls_lchown(vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid)
+static int fake_acls_lchown(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int ret;
uint8_t id_buf[4];
@@ -441,14 +444,24 @@ static int fake_acls_lchown(vfs_handle_struct *handle, const char *path, uid_t u
* to.
*/
SIVAL(id_buf, 0, uid);
- ret = SMB_VFS_NEXT_SETXATTR(handle, path, FAKE_UID, id_buf, sizeof(id_buf), 0);
+ ret = SMB_VFS_NEXT_SETXATTR(handle,
+ smb_fname->base_name,
+ FAKE_UID,
+ id_buf,
+ sizeof(id_buf),
+ 0);
if (ret != 0) {
return ret;
}
}
if (gid != -1) {
SIVAL(id_buf, 0, gid);
- ret = SMB_VFS_NEXT_SETXATTR(handle, path, FAKE_GID, id_buf, sizeof(id_buf), 0);
+ ret = SMB_VFS_NEXT_SETXATTR(handle,
+ smb_fname->base_name,
+ FAKE_GID,
+ id_buf,
+ sizeof(id_buf),
+ 0);
if (ret != 0) {
return ret;
}
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 309158a..d29064b 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -1450,14 +1450,16 @@ static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
}
static int smb_full_audit_lchown(vfs_handle_struct *handle,
- const char *path, uid_t uid, gid_t gid)
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int result;
- result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
+ result = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
- path, (long int)uid, (long int)gid);
+ smb_fname->base_name, (long int)uid, (long int)gid);
return result;
}
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index ad0190d..deff1c1 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -957,9 +957,11 @@ static int vfs_gluster_fchown(struct vfs_handle_struct *handle,
}
static int vfs_gluster_lchown(struct vfs_handle_struct *handle,
- const char *path, uid_t uid, gid_t gid)
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
- return glfs_lchown(handle->data, path, uid, gid);
+ return glfs_lchown(handle->data, smb_fname->base_name, uid, gid);
}
static int vfs_gluster_chdir(struct vfs_handle_struct *handle, const char *path)
diff --git a/source3/modules/vfs_media_harmony.c b/source3/modules/vfs_media_harmony.c
index 73b418e..67e2541 100644
--- a/source3/modules/vfs_media_harmony.c
+++ b/source3/modules/vfs_media_harmony.c
@@ -1614,34 +1614,31 @@ out:
* Failure: set errno, return -1
*/
static int mh_lchown(vfs_handle_struct *handle,
- const char *path,
+ const struct smb_filename *smb_fname,
uid_t uid,
gid_t gid)
{
int status;
- char *clientPath;
- TALLOC_CTX *ctx;
+ struct smb_filename *clientFname = NULL;
DEBUG(MH_INFO_DEBUG, ("Entering mh_lchown\n"));
- if (!is_in_media_files(path))
+ if (!is_in_media_files(smb_fname->base_name))
{
- status = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
+ status = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
goto out;
}
- clientPath = NULL;
- ctx = talloc_tos();
-
- if ((status = alloc_get_client_path(handle, ctx,
- path,
- &clientPath)))
- {
+ status = alloc_get_client_smb_fname(handle,
+ talloc_tos(),
+ smb_fname,
+ &clientFname);
+ if (status != 0) {
goto err;
}
- status = SMB_VFS_NEXT_LCHOWN(handle, clientPath, uid, gid);
+ status = SMB_VFS_NEXT_LCHOWN(handle, clientFname, uid, gid);
err:
- TALLOC_FREE(clientPath);
+ TALLOC_FREE(clientFname);
out:
return status;
}
diff --git a/source3/modules/vfs_netatalk.c b/source3/modules/vfs_netatalk.c
index 13ad402..2b67b91 100644
--- a/source3/modules/vfs_netatalk.c
+++ b/source3/modules/vfs_netatalk.c
@@ -433,7 +433,10 @@ exit_chown:
return ret;
}
-static int atalk_lchown(struct vfs_handle_struct *handle, const char *path, uid_t uid, gid_t gid)
+static int atalk_lchown(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int ret = 0;
char *adbl_path = 0;
@@ -442,14 +445,12 @@ static int atalk_lchown(struct vfs_handle_struct *handle, const char *path, uid_
SMB_STRUCT_STAT orig_info;
TALLOC_CTX *ctx;
- ret = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
-
- if (!path) return ret;
+ ret = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
if (!(ctx = talloc_init("lchown_file")))
return ret;
- if (atalk_build_paths(ctx, handle->conn->cwd, path,
+ if (atalk_build_paths(ctx, handle->conn->cwd, smb_fname->base_name,
&adbl_path, &orig_path,
&adbl_info, &orig_info) != 0)
goto exit_lchown;
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index 68bc84b..30dae98 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -1185,19 +1185,23 @@ static int smb_time_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
}
static int smb_time_audit_lchown(vfs_handle_struct *handle,
- const char *path, uid_t uid, gid_t gid)
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
- result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
+ result = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
- smb_time_audit_log_fname("lchown", timediff, path);
+ smb_time_audit_log_fname("lchown",
+ timediff,
+ smb_fname->base_name);
}
return result;
diff --git a/source3/modules/vfs_unityed_media.c b/source3/modules/vfs_unityed_media.c
index 84191cc..d46b376 100644
--- a/source3/modules/vfs_unityed_media.c
+++ b/source3/modules/vfs_unityed_media.c
@@ -1236,28 +1236,30 @@ err:
}
static int um_lchown(vfs_handle_struct *handle,
- const char *path,
- uid_t uid,
- gid_t gid)
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
int status;
- char *client_path = NULL;
+ struct smb_filename *client_fname = NULL;
DEBUG(10, ("Entering um_lchown\n"));
- if (!is_in_media_files(path)) {
- return SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
+ if (!is_in_media_files(smb_fname->base_name)) {
+ return SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
}
- status = alloc_get_client_path(handle, talloc_tos(),
- path, &client_path);
+ status = alloc_get_client_smb_fname(handle,
+ talloc_tos(),
+ smb_fname,
+ &client_fname);
if (status != 0) {
goto err;
}
- status = SMB_VFS_NEXT_LCHOWN(handle, client_path, uid, gid);
+ status = SMB_VFS_NEXT_LCHOWN(handle, client_fname, uid, gid);
err:
- TALLOC_FREE(client_path);
+ TALLOC_FREE(client_fname);
return status;
}
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index efa7bed..2cc1415 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -592,8 +592,10 @@ NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
}
become_root();
- ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
- (gid_t)-1);
+ ret = SMB_VFS_LCHOWN(conn,
+ smb_fname_cwd,
+ smb_fname_parent->st.st_ex_uid,
+ (gid_t)-1);
unbecome_root();
if (ret == -1) {
status = map_nt_error_from_unix(errno);
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index dbc9f66..51c2433 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -7593,7 +7593,7 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
* UNIX extensions calls must always operate
* on symlinks.
*/
- ret = SMB_VFS_LCHOWN(conn, smb_fname->base_name,
+ ret = SMB_VFS_LCHOWN(conn, smb_fname,
set_owner, (gid_t)-1);
}
@@ -7625,7 +7625,7 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
* UNIX extensions calls must always operate
* on symlinks.
*/
- ret = SMB_VFS_LCHOWN(conn, smb_fname->base_name, (uid_t)-1,
+ ret = SMB_VFS_LCHOWN(conn, smb_fname, (uid_t)-1,
set_grp);
}
if (ret != 0) {
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 8b87b32..878d8b1 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -1898,21 +1898,23 @@ int smb_vfs_call_fchown(struct vfs_handle_struct *handle,
return handle->fns->fchown_fn(handle, fsp, uid, gid);
}
-int smb_vfs_call_lchown(struct vfs_handle_struct *handle, const char *path,
- uid_t uid, gid_t gid)
+int smb_vfs_call_lchown(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uid_t uid,
+ gid_t gid)
{
VFS_FIND(lchown);
- return handle->fns->lchown_fn(handle, path, uid, gid);
+ return handle->fns->lchown_fn(handle, smb_fname, uid, gid);
}
NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
{
int ret;
bool as_root = false;
- const char *path;
char *saved_dir = NULL;
char *parent_dir = NULL;
NTSTATUS status;
+ struct smb_filename *local_smb_fname = NULL;
if (fsp->fh->fd != -1) {
/* Try fchown. */
@@ -1927,6 +1929,13 @@ NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
as_root = (geteuid() == 0);
+ /*
+ * FIXME. The logic around as_root and FSP_POSIX_FLAGS_OPEN
+ * is way too complex and is a security issue waiting to
+ * happen. This should be simplified into separate if
+ * blocks. JRA.
+ */
+
if (as_root) {
/*
* We are being asked to chown as root. Make
@@ -1935,7 +1944,6 @@ NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
* don't deref any symbolic links.
*/
const char *final_component = NULL;
- struct smb_filename local_fname;
saved_dir = vfs_GetWd(talloc_tos(),fsp->conn);
if (!saved_dir) {
@@ -1959,29 +1967,35 @@ NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
return map_nt_error_from_unix(errno);
}
- ZERO_STRUCT(local_fname);
- local_fname.base_name = discard_const_p(char, final_component);
+ local_smb_fname = synthetic_smb_fname(talloc_tos(),
+ final_component,
+ NULL,
+ NULL);
+ if (local_smb_fname == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
/* Must use lstat here. */
- ret = SMB_VFS_LSTAT(fsp->conn, &local_fname);
+ ret = SMB_VFS_LSTAT(fsp->conn, local_smb_fname);
if (ret == -1) {
status = map_nt_error_from_unix(errno);
goto out;
}
/* Ensure it matches the fsp stat. */
- if (!check_same_stat(&local_fname.st, &fsp->fsp_name->st)) {
+ if (!check_same_stat(&local_smb_fname->st,
+ &fsp->fsp_name->st)) {
status = NT_STATUS_ACCESS_DENIED;
goto out;
}
- path = final_component;
} else {
- path = fsp->fsp_name->base_name;
- }
+ local_smb_fname = fsp->fsp_name;
+ }
if ((fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) || as_root) {
ret = SMB_VFS_LCHOWN(fsp->conn,
- path,
+ local_smb_fname,
uid, gid);
} else {
ret = SMB_VFS_CHOWN(fsp->conn,
@@ -1999,6 +2013,7 @@ NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
if (as_root) {
vfs_ChDir(fsp->conn,saved_dir);
+ TALLOC_FREE(local_smb_fname);
TALLOC_FREE(saved_dir);
TALLOC_FREE(parent_dir);
}
--
2.7.0.rc3.207.g0ac5344
From 610273433bbeb2042527e33339bc7b6cdaeb8546 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 3 Mar 2016 15:29:10 -0800
Subject: [PATCH 4/4] smbd: Clean up the logic inside vfs_chown_fsp() to
prevent future security issues.
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/smbd/vfs.c | 47 ++++++++++++++++++++++++-----------------------
1 file changed, 24 insertions(+), 23 deletions(-)
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 878d8b1..19f75d1 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -1911,10 +1911,7 @@ NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
{
int ret;
bool as_root = false;
- char *saved_dir = NULL;
- char *parent_dir = NULL;
NTSTATUS status;
- struct smb_filename *local_smb_fname = NULL;
if (fsp->fh->fd != -1) {
/* Try fchown. */
@@ -1929,13 +1926,6 @@ NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
as_root = (geteuid() == 0);
- /*
- * FIXME. The logic around as_root and FSP_POSIX_FLAGS_OPEN
- * is way too complex and is a security issue waiting to
- * happen. This should be simplified into separate if
- * blocks. JRA.
- */
-
if (as_root) {
/*
* We are being asked to chown as root. Make
@@ -1943,7 +1933,10 @@ NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
* and always act using lchown to ensure we
* don't deref any symbolic links.
*/
+ char *saved_dir = NULL;
+ char *parent_dir = NULL;
const char *final_component = NULL;
+ struct smb_filename *local_smb_fname = NULL;
saved_dir = vfs_GetWd(talloc_tos(),fsp->conn);
if (!saved_dir) {
@@ -1989,14 +1982,31 @@ NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
status = NT_STATUS_ACCESS_DENIED;
goto out;
}
- } else {
- local_smb_fname = fsp->fsp_name;
- }
- if ((fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) || as_root) {
ret = SMB_VFS_LCHOWN(fsp->conn,
local_smb_fname,
uid, gid);
+
+ if (ret == 0) {
+ status = NT_STATUS_OK;
+ } else {
+ status = map_nt_error_from_unix(errno);
+ }
+
+ out:
+
+ vfs_ChDir(fsp->conn,saved_dir);
+ TALLOC_FREE(local_smb_fname);
+ TALLOC_FREE(saved_dir);
+ TALLOC_FREE(parent_dir);
+
+ return status;
+ }
+
+ if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
+ ret = SMB_VFS_LCHOWN(fsp->conn,
+ fsp->fsp_name,
+ uid, gid);
} else {
ret = SMB_VFS_CHOWN(fsp->conn,
fsp->fsp_name,
@@ -2008,15 +2018,6 @@ NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
} else {
status = map_nt_error_from_unix(errno);
}
-
- out:
-
- if (as_root) {
- vfs_ChDir(fsp->conn,saved_dir);
- TALLOC_FREE(local_smb_fname);
- TALLOC_FREE(saved_dir);
- TALLOC_FREE(parent_dir);
- }
return status;
}
--
2.7.0.rc3.207.g0ac5344
More information about the samba-technical
mailing list