[PATCH] copy-chunk fails if src and dst file are on different tcons

Ralph Böhme slow at samba.org
Fri Apr 21 16:39:38 UTC 2017 

On Fri, Apr 21, 2017 at 04:52:10PM +0200, Ralph Böhme wrote:
> On Fri, Apr 21, 2017 at 12:55:55PM +0200, Ralph Böhme via samba-technical wrote:
> > Hi!
> > 
> > As the subject says, this fails against Samba but works against
> > Windows. Verified against Windows 2016.
> > 
> > Attached is a possible fix plus test.
> > 
> > Please review & push if happy. Thanks!
> 
> please ignore for now. metze raised an issue over private RPC dealing with the
> VFS handles that we end up using in the send functions.

metze, maybe we can just do the check at the vfs layer. See attached patch for
the basic idea. Should be expanded to cover all vfs functions that take a fsp
and a vfs handle.

Just fetching and "looking" at an fsp at the smb layer should be possible, it's
where we start using it where we should check. Or am I still missing something?

-slow
-------------- next part --------------
From 424e41015e43f9a6fb3994fb93d969e0deb78a7e Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Fri, 21 Apr 2017 17:36:17 +0200
Subject: [PATCH] WIP: s3/vfs: check that fsp and vfs_handle refer to the same
 conn

...
---
 source3/smbd/vfs.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index b7364b7..9cb7c5b 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -31,6 +31,7 @@
 #include "transfer_file.h"
 #include "ntioctl.h"
 #include "lib/util/tevent_unix.h"
+#include "lib/util/tevent_ntstatus.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_VFS
@@ -1653,6 +1654,11 @@ ssize_t smb_vfs_call_pread(struct vfs_handle_struct *handle,
 			   struct files_struct *fsp, void *data, size_t n,
 			   off_t offset)
 {
+	if (handle->conn != fsp->conn) {
+		errno = EINVAL;
+		return -1;
+	}
+
 	VFS_FIND(pread);
 	return handle->fns->pread_fn(handle, fsp, data, n, offset);
 }
@@ -1680,6 +1686,12 @@ struct tevent_req *smb_vfs_call_pread_send(struct vfs_handle_struct *handle,
 	if (req == NULL) {
 		return NULL;
 	}
+
+	if (handle->conn != fsp->conn) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_HANDLE);
+		return tevent_req_post(req, ev);
+	}
+
 	VFS_FIND(pread_send);
 	state->recv_fn = handle->fns->pread_recv_fn;
 
@@ -1760,6 +1772,12 @@ struct tevent_req *smb_vfs_call_pwrite_send(struct vfs_handle_struct *handle,
 	if (req == NULL) {
 		return NULL;
 	}
+
+	if (handle->conn != fsp->conn) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_HANDLE);
+		return tevent_req_post(req, ev);
+	}
+
 	VFS_FIND(pwrite_send);
 	state->recv_fn = handle->fns->pwrite_recv_fn;
 
-- 
2.9.3

More information about the samba-technical mailing list