The branch, master has been updated
via 24a6876 dfs: always call create_conn_struct with root privileges
from 0045f3b messaging: Fix a memleak (master only..)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 24a687642de21ce872d25f16b3525003844d05f9
Author: Garming Sam <[email protected]>
Date: Thu Dec 19 09:55:44 2013 +1300
dfs: always call create_conn_struct with root privileges
This fixes a bug in dfs_samba4 identified by Daniel Müller.
create_conn_struct calls SMB_VFS_CONNECT which requires root privileges.
SMB_VFS_CONNECT in turn calls dfs_samba4_connect which connects to samdb.
Calls were made to this function without ever becoming root (notably via
setup_dfs_referral)
which resulted in an error and the VFS connect failing. This happens when
you have an active
directory domain controller with host msdfs = yes in smb.conf and dfs links
in place.
Signed-off-by: Garming Sam <[email protected]>
Reviewed-by: Bjoern Baumbach <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Fri Jan 10 20:11:03 CET 2014 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/msdfs.c | 31 ++++++++++++++++++++++++++++++-
1 files changed, 30 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index aede3e6..53c06dd 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -221,9 +221,11 @@ static NTSTATUS parse_dfs_path(connection_struct *conn,
Fake up a connection struct for the VFS layer, for use in
applications (such as the python bindings), that do not want the
global working directory changed under them.
+
+ SMB_VFS_CONNECT requires root privileges.
*********************************************************/
-NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
+static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
struct tevent_context *ev,
struct messaging_context *msg,
connection_struct **pconn,
@@ -347,6 +349,33 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
}
/********************************************************
+ Fake up a connection struct for the VFS layer, for use in
+ applications (such as the python bindings), that do not want the
+ global working directory changed under them.
+
+ SMB_VFS_CONNECT requires root privileges.
+*********************************************************/
+
+NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg,
+ connection_struct **pconn,
+ int snum,
+ const char *path,
+ const struct auth_session_info *session_info)
+{
+ NTSTATUS status;
+ become_root();
+ status = create_conn_struct_as_root(ctx, ev,
+ msg, pconn,
+ snum, path,
+ session_info);
+ unbecome_root();
+
+ return status;
+}
+
+/********************************************************
Fake up a connection struct for the VFS layer.
Note: this performs a vfs connect and CHANGES CWD !!!! JRA.
--
Samba Shared Repository
