[Patches] Preparation for tevent impersonation (part1)

Jeremy Allison jra at samba.org
Thu Jun 14 17:19:15 UTC 2018 

On Thu, Jun 14, 2018 at 10:12:45AM -0700, Jeremy Allison wrote:
> On Thu, Jun 14, 2018 at 10:03:42AM -0700, Jeremy Allison via samba-technical wrote:
> > On Thu, Jun 14, 2018 at 06:48:39PM +0200, Stefan Metzmacher wrote:
> > > Hi Jeremy,
> > > 
> > > > OK, finishing up the review with this patch inserted
> > > > before #6 in the previous set. Should get this finished
> > > > (and pushed) tomorrow.
> > > 
> > > Here's an updated patchset.
> > > 
> > > The author of the first two commits is fixed and the commit message
> > > of the last one is extended (as requested by Andreas).
> > 
> > FYI: Descriptions for patches 22/41 and 23/41 are incorrect,
> > missing signed-off-by in patch 37/41.
> > 
> > Other than that RB+ - looks good to me.
> > 
> > However I'm getting an interesting autobuild failure
> > when I push:
> > 
> > I'm looking into it !
> 
> Found it !
> 
> source3/smbd/pysmbd.c:static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode)
> 
> return an ACL created on a talloc stackframe
> that is freed. The additional patch is needed
> I think. Can you add on top and review ?

Mea culpa, the crash was caused by my additional

TALLOC_FREE(frame);

change in make_simple_acl(). Having said that
the stackframe handling in make_simple_acl()
was utterly broken before that anyway (it
created a new stackframe that was left
hanging around on exit from the function).

Jeremy.


> From cd43ba5f76824807f5e93a8ad2543bea74fb464a Mon Sep 17 00:00:00 2001
> From: Jeremy Allison <jra at samba.org>
> Date: Thu, 14 Jun 2018 10:12:03 -0700
> Subject: [PATCH] pysmbd: Don't return an ACL on a freed talloc_stackframe.
> 
> Signed-off-by: Jeremy Allison <jra at samba.org>
> ---
>  source3/smbd/pysmbd.c | 34 ++++++++++------------------------
>  1 file changed, 10 insertions(+), 24 deletions(-)
> 
> diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
> index 4e4299ca5d7..95325098bb6 100644
> --- a/source3/smbd/pysmbd.c
> +++ b/source3/smbd/pysmbd.c
> @@ -260,106 +260,88 @@ static int set_acl_entry_perms(SMB_ACL_ENTRY_T entry, mode_t perm_mask)
>  	return 0;
>  }
>  
> -static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode)
> +static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
> +		gid_t gid,
> +		mode_t chmod_mode)
>  {
> -	TALLOC_CTX *frame = talloc_stackframe();
> -
>  	mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE;
>  
>  	mode_t mode_user = (chmod_mode & 0700) >> 6;
>  	mode_t mode_group = (chmod_mode & 070) >> 3;
>  	mode_t mode_other = chmod_mode &  07;
>  	SMB_ACL_ENTRY_T entry;
> -	SMB_ACL_T acl = sys_acl_init(frame);
> +	SMB_ACL_T acl = sys_acl_init(mem_ctx);
>  
>  	if (!acl) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (sys_acl_create_entry(&acl, &entry) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (sys_acl_set_tag_type(entry, SMB_ACL_USER_OBJ) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (set_acl_entry_perms(entry, mode_user) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (sys_acl_create_entry(&acl, &entry) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP_OBJ) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (set_acl_entry_perms(entry, mode_group) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (sys_acl_create_entry(&acl, &entry) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (sys_acl_set_tag_type(entry, SMB_ACL_OTHER) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (set_acl_entry_perms(entry, mode_other) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (gid != -1) {
>  		if (sys_acl_create_entry(&acl, &entry) != 0) {
> -			TALLOC_FREE(frame);
>  			return NULL;
>  		}
>  
>  		if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP) != 0) {
> -			TALLOC_FREE(frame);
>  			return NULL;
>  		}
>  
>  		if (sys_acl_set_qualifier(entry, &gid) != 0) {
> -			TALLOC_FREE(frame);
>  			return NULL;
>  		}
>  
>  		if (set_acl_entry_perms(entry, mode_group) != 0) {
> -			TALLOC_FREE(frame);
>  			return NULL;
>  		}
>  	}
>  
>  	if (sys_acl_create_entry(&acl, &entry) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (sys_acl_set_tag_type(entry, SMB_ACL_MASK) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
>  	if (set_acl_entry_perms(entry, mode) != 0) {
> -		TALLOC_FREE(frame);
>  		return NULL;
>  	}
>  
> -	TALLOC_FREE(frame);
>  	return acl;
>  }
>  
> @@ -381,10 +363,14 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject
>  					 &fname, &mode, &gid, &service))
>  		return NULL;
>  
> -	acl = make_simple_acl(gid, mode);
> -
>  	frame = talloc_stackframe();
>  
> +	acl = make_simple_acl(frame, gid, mode);
> +	if (acl == NULL) {
> +		TALLOC_FREE(frame);
> +		return NULL;
> +	}
> +
>  	conn = get_conn_tos(service);
>  	if (!conn) {
>  		TALLOC_FREE(frame);
> -- 
> 2.18.0.rc1.244.gcf134e6275-goog
>

More information about the samba-technical mailing list