The branch, master has been updated
via c14a95dc1ac smbd: simplify uid_entry_in_group()
via 0b9ddce90c9 libcli: simplify an if condition
via b7e77ce32db s3:auth: fill in info3 domain name in
passwd_to_SamInfo3()
via 792c82d6dbb smbd: RIP conn->origpath
via 3d099937254 smbd: avoid become_user_without_service() in
close_directory()
via 367c0d19108 smbd: avoid become_user_without_service() in
close_remove_share_mode()
from cbe80ceef85 smbd: don't free smb_fname_parent in unix_mode()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c14a95dc1ac00d49c747eea39db7cff32e59cc86
Author: Ralph Boehme <[email protected]>
Date: Tue Jan 21 12:05:59 2020 +0100
smbd: simplify uid_entry_in_group()
conn->session_info is always valid since
1fa05e5c76e718142326915f8671299217a093df and preceeding commits.
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Sat May 30 02:40:22 UTC 2020 on sn-devel-184
commit 0b9ddce90c91ab3ef041dc779bce243a2d5ce001
Author: Ralph Boehme <[email protected]>
Date: Tue Jan 21 11:56:18 2020 +0100
libcli: simplify an if condition
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit b7e77ce32dbb5bbbc5605fe6cbe557378bbbe966
Author: Ralph Boehme <[email protected]>
Date: Fri Dec 13 12:14:04 2019 +0100
s3:auth: fill in info3 domain name in passwd_to_SamInfo3()
This is needed for make_session_info_from_username() to fill in the domain
name. The callchain goes like this:
make_session_info_from_username()
-> make_server_info_pw()
-> passwd_to_SamInfo3()
Other callers of passwd_to_SamInfo3() are also affected. A subsequent change
will let set_conn_force_user_group() user the domainname from the
session_info
returned from make_session_info_from_username() to create substitution
context. Without this fix domain name would be NULL.
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 792c82d6dbba0dd58106cc0ff38c4d86a49cee25
Author: Ralph Boehme <[email protected]>
Date: Tue Apr 7 09:56:51 2020 +0200
smbd: RIP conn->origpath
conn->origpath is always a duplicate of conn->connectpath.
The only function that sets conn->connectpath is set_conn_connectpath() and
everywhere it's called, there's a subsequent talloc_strdup() into
conn->origpath.
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 3d09993725412bb0e856cc2ebf6ac68f8e762730
Author: Ralph Boehme <[email protected]>
Date: Tue Apr 7 09:55:35 2020 +0200
smbd: avoid become_user_without_service() in close_directory()
Here we called become_user_without_service() just in order to be able to
fetch
the nt_token and unix_token subsequently via get_current_[nt|u]tok(conn).
The
same can be achieved by fetching the session_info with
smbXsrv_session_info_lookup().
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 367c0d191083240ccf9a59f1dc196da2d8ba17e4
Author: Ralph Boehme <[email protected]>
Date: Tue Apr 7 09:54:24 2020 +0200
smbd: avoid become_user_without_service() in close_remove_share_mode()
Here we called become_user_without_service() just in order to be able to
fetch
the nt_token and unix_token subsequently via
get_current_[nt|u]tok(conn). The same can be achieved by fetching the
session_info with smbXsrv_session_info_lookup().
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
libcli/security/security_token.c | 5 ++++-
source3/auth/server_info.c | 6 ++++++
source3/include/vfs.h | 1 -
source3/smbd/close.c | 35 +++++++++++++++++------------------
source3/smbd/conn.c | 6 ------
source3/smbd/msdfs.c | 7 -------
source3/smbd/posix_acls.c | 30 +++++++++++-------------------
source3/smbd/service.c | 18 ------------------
8 files changed, 38 insertions(+), 70 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/security_token.c b/libcli/security/security_token.c
index ef6ee0ff661..ad03f2d100d 100644
--- a/libcli/security/security_token.c
+++ b/libcli/security/security_token.c
@@ -70,7 +70,10 @@ void security_token_debug(int dbg_class, int dbg_lev, const
struct security_toke
bool security_token_is_sid(const struct security_token *token, const struct
dom_sid *sid)
{
- if (token->sids && dom_sid_equal(&token->sids[PRIMARY_USER_SID_INDEX],
sid)) {
+ if (token->sids == NULL) {
+ return false;
+ }
+ if (dom_sid_equal(&token->sids[PRIMARY_USER_SID_INDEX], sid)) {
return true;
}
return false;
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 527a7dbce60..f3e2b3b25f8 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -732,6 +732,12 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
goto done;
}
+ info3->base.logon_domain.string = talloc_strdup(info3, domain_name);
+ if (info3->base.logon_domain.string == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
ZERO_STRUCT(domain_sid);
status = SamInfo3_handle_sids(unix_username,
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 3126f228626..ab4098636dc 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -528,7 +528,6 @@ typedef struct connection_struct {
and directories when setting time ? */
enum timestamp_set_resolution ts_res;
char *connectpath;
- char *origpath;
struct files_struct *cwd_fsp; /* Working directory. */
bool tcon_done;
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 05882392ce1..da28559e49b 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -341,22 +341,21 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
if (fsp->fsp_flags.initial_delete_on_close &&
!is_delete_on_close_set(lck, fsp->name_hash)) {
- bool became_user = False;
+ struct auth_session_info *session_info = NULL;
/* Initial delete on close was set and no one else
* wrote a real delete on close. */
- if (get_current_vuid(conn) != fsp->vuid) {
- become_user_without_service(conn, fsp->vuid);
- became_user = True;
+ status = smbXsrv_session_info_lookup(conn->sconn->client,
+ fsp->vuid,
+ &session_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_INTERNAL_ERROR;
}
fsp->fsp_flags.delete_on_close = true;
set_delete_on_close_lck(fsp, lck,
- get_current_nttok(conn),
- get_current_utok(conn));
- if (became_user) {
- unbecome_user_without_service();
- }
+ session_info->security_token,
+ session_info->unix_token);
}
delete_file = is_delete_on_close_set(lck, fsp->name_hash) &&
@@ -1139,25 +1138,25 @@ static NTSTATUS close_directory(struct smb_request
*req, files_struct *fsp,
}
if (fsp->fsp_flags.initial_delete_on_close) {
- bool became_user = False;
+ struct auth_session_info *session_info = NULL;
/* Initial delete on close was set - for
* directories we don't care if anyone else
* wrote a real delete on close. */
- if (get_current_vuid(fsp->conn) != fsp->vuid) {
- become_user_without_service(fsp->conn, fsp->vuid);
- became_user = True;
+ status = smbXsrv_session_info_lookup(fsp->conn->sconn->client,
+ fsp->vuid,
+ &session_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_INTERNAL_ERROR;
}
+
send_stat_cache_delete_message(fsp->conn->sconn->msg_ctx,
fsp->fsp_name->base_name);
set_delete_on_close_lck(fsp, lck,
- get_current_nttok(fsp->conn),
- get_current_utok(fsp->conn));
+ session_info->security_token,
+ session_info->unix_token);
fsp->fsp_flags.delete_on_close = true;
- if (became_user) {
- unbecome_user_without_service();
- }
}
delete_dir = get_delete_on_close_token(
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index 0f30ab1fb88..547f55db7d8 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -84,12 +84,6 @@ connection_struct *conn_new(struct smbd_server_connection
*sconn)
TALLOC_FREE(conn);
return NULL;
}
- conn->origpath = talloc_strdup(conn, "");
- if (conn->origpath == NULL) {
- DBG_ERR("talloc_zero failed\n");
- TALLOC_FREE(conn);
- return NULL;
- }
conn->cwd_fsp = talloc_zero(conn, struct files_struct);
if (conn->cwd_fsp == NULL) {
DBG_ERR("talloc_zero failed\n");
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 41b73afc056..2c31e2b960a 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -365,13 +365,6 @@ static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
return NT_STATUS_ACCESS_DENIED;
}
- talloc_free(conn->origpath);
- conn->origpath = talloc_strdup(conn, conn->connectpath);
- if (conn->origpath == NULL) {
- conn_free(conn);
- return NT_STATUS_NO_MEMORY;
- }
-
conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn, &conn->ts_res);
conn->tcon_done = true;
*pconn = talloc_move(ctx, &conn);
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index df2b3b57f2a..db2d36a89a1 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1263,26 +1263,18 @@ static bool uid_entry_in_group(connection_struct *conn,
canon_ace *uid_ace, cano
if (dom_sid_equal(&group_ace->trustee, &global_sid_World))
return True;
- /*
- * if we have session info in conn, we already have the (SID
- * based) NT token and don't need to do the complex
- * user_in_group_sid() call
- */
- if (conn->session_info) {
- security_token = conn->session_info->security_token;
- /* security_token should not be NULL */
- SMB_ASSERT(security_token);
- is_sid = security_token_is_sid(security_token,
- &uid_ace->trustee);
- if (is_sid) {
- has_sid = security_token_has_sid(security_token,
- &group_ace->trustee);
-
- if (has_sid) {
- return true;
- }
+ security_token = conn->session_info->security_token;
+ /* security_token should not be NULL */
+ SMB_ASSERT(security_token);
+ is_sid = security_token_is_sid(security_token,
+ &uid_ace->trustee);
+ if (is_sid) {
+ has_sid = security_token_has_sid(security_token,
+ &group_ace->trustee);
+
+ if (has_sid) {
+ return true;
}
-
}
/*
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index ea99f0d2129..ed38121f292 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -144,9 +144,6 @@ bool chdir_current_service(connection_struct *conn)
const struct smb_filename connectpath_fname = {
.base_name = conn->connectpath,
};
- const struct smb_filename origpath_fname = {
- .base_name = conn->origpath,
- };
int saved_errno = 0;
char *utok_str = NULL;
int ret;
@@ -171,18 +168,6 @@ bool chdir_current_service(connection_struct *conn)
strerror(saved_errno),
utok_str);
- ret = vfs_ChDir(conn, &origpath_fname);
- if (ret == 0) {
- TALLOC_FREE(utok_str);
- return true;
- }
- saved_errno = errno;
-
- DBG_ERR("vfs_ChDir(%s) failed: %s. Current token: %s\n",
- conn->origpath,
- strerror(saved_errno),
- utok_str);
-
if (saved_errno != 0) {
errno = saved_errno;
}
@@ -860,9 +845,6 @@ static NTSTATUS make_connection_snum(struct
smbXsrv_connection *xconn,
}
conn->base_share_dev = smb_fname_cpath->st.st_ex_dev;
- talloc_free(conn->origpath);
- conn->origpath = talloc_strdup(conn, conn->connectpath);
-
/* Figure out the characteristics of the underlying filesystem. This
* assumes that all the filesystem mounted within a share path have
* the same characteristics, which is likely but not guaranteed.
--
Samba Shared Repository
