[SCM] Samba Shared Repository - branch master updated

Jeremy Allison Mon, 14 Jan 2019 13:31:40 -0800

The branch, master has been updated
       via  6619cec3dec s3:smbd: perform impersonation in 
smb2_query_directory_fetch_write_time_done()
       via  c6728403b07 s3:smbd: perform impersonation in 
smb2_query_directory_dos_mode_done()
       via  75e2e242de8 s3:smbd: perform impersonation in 
dos_mode_at_vfs_get_dosmode_done()
       via  d21be78ef92 vfs_default: use change_to_user_by_fsp() instead of 
change_to_user()
       via  0b7c6d50099 vfs: perform impersonation in 
smb_vfs_call_getxattrat_done()
       via  333a180b6a5 vfs: use struct initializer in 
smb_vfs_call_getxattrat_send()
       via  2720d95d1fd vfs: perform impersonation in 
smb_vfs_call_get_dos_attributes_done()
       via  3672f02e476 vfs: use struct initializer in 
smb_vfs_call_get_dos_attributes_send
      from  792b8d3f833 netcmd: Change domain backup commands to use s3 SMB Py 
bindings


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6619cec3dec8c8a2116d111aea7e5440875d0fa8
Author: Ralph Boehme <[email protected]>
Date:   Mon Jan 14 13:51:23 2019 +0100

    s3:smbd: perform impersonation in 
smb2_query_directory_fetch_write_time_done()
    
    This is not strictly required, as we ne never trigger additional VFS
    requests via this codepath. But for safety reasons ensure we're running
    in the correct impersonation state.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>
    
    Autobuild-User(master): Jeremy Allison <[email protected]>
    Autobuild-Date(master): Mon Jan 14 22:30:24 CET 2019 on sn-devel-144

commit c6728403b07361a276078a264c576edeebd92abf
Author: Ralph Boehme <[email protected]>
Date:   Mon Jan 14 13:51:23 2019 +0100

    s3:smbd: perform impersonation in smb2_query_directory_dos_mode_done()
    
    This is needed as the callback might be called in an arbitrary
    impersonation state.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>

commit 75e2e242de83fc880b91dacdc7622e646b05b1a0
Author: Ralph Boehme <[email protected]>
Date:   Mon Jan 14 13:51:23 2019 +0100

    s3:smbd: perform impersonation in dos_mode_at_vfs_get_dosmode_done()
    
    This is needed as the callback might be called in an arbitrary
    impersonation state.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>

commit d21be78ef9248de70f53eee46fc8e02b3a955436
Author: Ralph Boehme <[email protected]>
Date:   Mon Jan 14 13:54:29 2019 +0100

    vfs_default: use change_to_user_by_fsp() instead of change_to_user()
    
    Cosmetic change.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>

commit 0b7c6d500991afebf15c5c6d9bb256ff234076de
Author: Ralph Boehme <[email protected]>
Date:   Mon Jan 14 13:51:23 2019 +0100

    vfs: perform impersonation in smb_vfs_call_getxattrat_done()
    
    This is needed as the callback might be called in an arbitrary
    impersonation state.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>

commit 333a180b6a550ae7422c1199a515095c42ff1738
Author: Ralph Boehme <[email protected]>
Date:   Mon Jan 14 13:52:51 2019 +0100

    vfs: use struct initializer in smb_vfs_call_getxattrat_send()
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>

commit 2720d95d1fd921ae43c881369d10ea6ada499690
Author: Ralph Boehme <[email protected]>
Date:   Mon Jan 14 13:51:23 2019 +0100

    vfs: perform impersonation in smb_vfs_call_get_dos_attributes_done()
    
    This is needed as the callback might be called in an arbitrary
    impersonation state.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>

commit 3672f02e4769da244d5c2ba82b46921a88fa9472
Author: Ralph Boehme <[email protected]>
Date:   Mon Jan 14 13:50:31 2019 +0100

    vfs: use struct initializer in smb_vfs_call_get_dos_attributes_send
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_default.c       |  8 ++------
 source3/smbd/dosmode.c              |  7 +++++++
 source3/smbd/smb2_query_directory.c | 14 ++++++++++++++
 source3/smbd/vfs.c                  | 28 ++++++++++++++++++++++++++--
 4 files changed, 49 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 8d40cd64540..a27d33a6bea 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -3177,12 +3177,8 @@ static void vfswrap_getxattrat_done(struct tevent_req 
*subreq)
        /*
         * Make sure we run as the user again
         */
-       ok = change_to_user(state->dir_fsp->conn,
-                           state->dir_fsp->vuid);
-       if (!ok) {
-               smb_panic("Can't change to user");
-               return;
-       }
+       ok = change_to_user_by_fsp(state->dir_fsp);
+       SMB_ASSERT(ok);
 
        ret = pthreadpool_tevent_job_recv(subreq);
        TALLOC_FREE(subreq);
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 177fe68c894..a4625718a56 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -811,6 +811,13 @@ static void dos_mode_at_vfs_get_dosmode_done(struct 
tevent_req *subreq)
        struct smb_filename *smb_path = NULL;
        struct vfs_aio_state aio_state;
        NTSTATUS status;
+       bool ok;
+
+       /*
+        * Make sure we run as the user again
+        */
+       ok = change_to_user_by_fsp(state->dir_fsp);
+       SMB_ASSERT(ok);
 
        status = SMB_VFS_GET_DOS_ATTRIBUTES_RECV(subreq,
                                                 &aio_state,
diff --git a/source3/smbd/smb2_query_directory.c 
b/source3/smbd/smb2_query_directory.c
index fdb87188f93..13fb820ce6c 100644
--- a/source3/smbd/smb2_query_directory.c
+++ b/source3/smbd/smb2_query_directory.c
@@ -730,6 +730,13 @@ static void 
smb2_query_directory_fetch_write_time_done(struct tevent_req *subreq
        struct smbd_smb2_query_directory_state *state = tevent_req_data(
                req, struct smbd_smb2_query_directory_state);
        NTSTATUS status;
+       bool ok;
+
+       /*
+        * Make sure we run as the user again
+        */
+       ok = change_to_user_by_fsp(state->fsp);
+       SMB_ASSERT(ok);
 
        state->async_sharemode_count--;
 
@@ -752,6 +759,13 @@ static void smb2_query_directory_dos_mode_done(struct 
tevent_req *subreq)
                tevent_req_data(req,
                struct smbd_smb2_query_directory_state);
        NTSTATUS status;
+       bool ok;
+
+       /*
+        * Make sure we run as the user again
+        */
+       ok = change_to_user_by_fsp(state->fsp);
+       SMB_ASSERT(ok);
 
        status = fetch_dos_mode_recv(subreq);
        TALLOC_FREE(subreq);
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 5e0ca091f7b..d3bb9c5d63f 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -2382,6 +2382,7 @@ NTSTATUS smb_vfs_call_offload_write_recv(struct 
vfs_handle_struct *handle,
 }
 
 struct smb_vfs_call_get_dos_attributes_state {
+       files_struct *dir_fsp;
        NTSTATUS (*recv_fn)(struct tevent_req *req,
                            struct vfs_aio_state *aio_state,
                            uint32_t *dosmode);
@@ -2409,7 +2410,11 @@ struct tevent_req *smb_vfs_call_get_dos_attributes_send(
        }
 
        VFS_FIND(get_dos_attributes_send);
-       state->recv_fn = handle->fns->get_dos_attributes_recv_fn;
+
+       *state = (struct smb_vfs_call_get_dos_attributes_state) {
+               .dir_fsp = dir_fsp,
+               .recv_fn = handle->fns->get_dos_attributes_recv_fn,
+       };
 
        subreq = handle->fns->get_dos_attributes_send_fn(mem_ctx,
                                                         ev,
@@ -2437,6 +2442,13 @@ static void smb_vfs_call_get_dos_attributes_done(struct 
tevent_req *subreq)
                tevent_req_data(req,
                struct smb_vfs_call_get_dos_attributes_state);
        NTSTATUS status;
+       bool ok;
+
+       /*
+        * Make sure we run as the user again
+        */
+       ok = change_to_user_by_fsp(state->dir_fsp);
+       SMB_ASSERT(ok);
 
        status = state->recv_fn(subreq,
                                &state->aio_state,
@@ -2647,6 +2659,7 @@ ssize_t smb_vfs_call_getxattr(struct vfs_handle_struct 
*handle,
 
 
 struct smb_vfs_call_getxattrat_state {
+       files_struct *dir_fsp;
        ssize_t (*recv_fn)(struct tevent_req *req,
                           struct vfs_aio_state *aio_state,
                           TALLOC_CTX *mem_ctx,
@@ -2678,7 +2691,11 @@ struct tevent_req *smb_vfs_call_getxattrat_send(
        }
 
        VFS_FIND(getxattrat_send);
-       state->recv_fn = handle->fns->getxattrat_recv_fn;
+
+       *state = (struct smb_vfs_call_getxattrat_state) {
+               .dir_fsp = dir_fsp,
+               .recv_fn = handle->fns->getxattrat_recv_fn,
+       };
 
        subreq = handle->fns->getxattrat_send_fn(mem_ctx,
                                                 ev,
@@ -2702,6 +2719,13 @@ static void smb_vfs_call_getxattrat_done(struct 
tevent_req *subreq)
                subreq, struct tevent_req);
        struct smb_vfs_call_getxattrat_state *state = tevent_req_data(
                req, struct smb_vfs_call_getxattrat_state);
+       bool ok;
+
+       /*
+        * Make sure we run as the user again
+        */
+       ok = change_to_user_by_fsp(state->dir_fsp);
+       SMB_ASSERT(ok);
 
        state->retval = state->recv_fn(subreq,
                                       &state->aio_state,


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to