The branch, v4-18-test has been updated
via c1c2a0ec80d s3:winbindd: Fix double close(fd)
via aa2af3c0c20 s3:rpc_server: Fix double blackslash issue in dfs path
via 19e110d7ac5 s3:rpc_server: Initialize consumedcnt to 0 in
_dfs_GetInfo()
via c052d8bdea8 s3:tests: Add rpcclient 'dfsgetinfo' test
from 14ce7756e7a python/samba: Adjust tarfile extraction filter
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test
- Log -----------------------------------------------------------------
commit c1c2a0ec80d65e663f4cd6ed144f77b75d0edea7
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Tue Jul 25 11:16:56 2023 +0200
s3:winbindd: Fix double close(fd)
Reported by Red Hat internal coverity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15433
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipen...@samba.org>
Autobuild-Date(master): Tue Jul 25 12:08:49 UTC 2023 on atb-devel-224
(cherry picked from commit dd998cc163358edd6c748e40900247877f91eb1f)
Autobuild-User(v4-18-test): Jule Anger <jan...@samba.org>
Autobuild-Date(v4-18-test): Fri Jul 28 13:37:01 UTC 2023 on atb-devel-224
commit aa2af3c0c20daed2f7e69b70544dd1fef34de474
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Tue Jun 20 16:24:55 2023 +0200
s3:rpc_server: Fix double blackslash issue in dfs path
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Wed Jul 5 20:24:35 UTC 2023 on atb-devel-224
(cherry picked from commit 6f073f258f1f4f03a8eb568ea05be78fdbec49eb)
commit 19e110d7ac5c3a3f1f45115de9ddb9c38f896d65
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Fri Jun 23 10:08:39 2023 +0200
s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo()
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 8c10f53928653d02bbb75d6ab05510e87ee97420)
commit c052d8bdea879e20716704234a2049f8c2cfbff2
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Fri Jun 23 12:03:30 2023 +0200
s3:tests: Add rpcclient 'dfsgetinfo' test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 2af9c65f2a17ace4e1021b5c8fd6df636c904cfe)
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/dfs/srv_dfs_nt.c | 32 ++++++++++++++++++++++--------
source3/script/tests/test_rpcclient_dfs.sh | 7 +++++++
source3/winbindd/winbindd_cm.c | 10 ++++++++--
3 files changed, 39 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/dfs/srv_dfs_nt.c
b/source3/rpc_server/dfs/srv_dfs_nt.c
index 7b5119bbaf7..8eaa59a8b0e 100644
--- a/source3/rpc_server/dfs/srv_dfs_nt.c
+++ b/source3/rpc_server/dfs/srv_dfs_nt.c
@@ -63,6 +63,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r)
char *altpath = NULL;
NTSTATUS status;
TALLOC_CTX *ctx = talloc_tos();
+ const char *pathnamep = r->in.path;
if (session_info->unix_token->uid != sec_initial_uid()) {
DEBUG(10,("_dfs_add: uid != 0. Access denied.\n"));
@@ -84,10 +85,15 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r)
return WERR_NOT_ENOUGH_MEMORY;
}
+ while (IS_DIRECTORY_SEP(pathnamep[0]) &&
+ IS_DIRECTORY_SEP(pathnamep[1])) {
+ pathnamep++;
+ }
+
/* The following call can change the cwd. */
status = get_referred_path(ctx,
session_info,
- r->in.path,
+ pathnamep,
remote_address,
local_address,
jn, &consumedcnt, &self_ref);
@@ -141,6 +147,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct
dfs_Remove *r)
TALLOC_CTX *ctx = talloc_tos();
char *altpath = NULL;
NTSTATUS status;
+ const char *pathnamep = r->in.dfs_entry_path;
if (session_info->unix_token->uid != sec_initial_uid()) {
DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n"));
@@ -166,9 +173,14 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct
dfs_Remove *r)
r->in.dfs_entry_path, r->in.servername,
r->in.sharename));
}
+ while (IS_DIRECTORY_SEP(pathnamep[0]) &&
+ IS_DIRECTORY_SEP(pathnamep[1])) {
+ pathnamep++;
+ }
+
status = get_referred_path(ctx,
session_info,
- r->in.dfs_entry_path,
+ pathnamep,
remote_address,
local_address,
jn, &consumedcnt, &self_ref);
@@ -390,20 +402,25 @@ WERROR _dfs_GetInfo(struct pipes_struct *p, struct
dfs_GetInfo *r)
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
- size_t consumedcnt = strlen(r->in.dfs_entry_path);
+ size_t consumedcnt = 0;
struct junction_map *jn = NULL;
bool self_ref = False;
TALLOC_CTX *ctx = talloc_tos();
bool ret;
NTSTATUS status;
+ const char *pathnamep = r->in.dfs_entry_path;
jn = talloc_zero(ctx, struct junction_map);
if (!jn) {
return WERR_NOT_ENOUGH_MEMORY;
}
- ret = create_junction(ctx, r->in.dfs_entry_path,
- jn);
+ while (IS_DIRECTORY_SEP(pathnamep[0]) &&
+ IS_DIRECTORY_SEP(pathnamep[1])) {
+ pathnamep++;
+ }
+
+ ret = create_junction(ctx, pathnamep, jn);
if (!ret) {
return WERR_NERR_DFSNOSUCHSERVER;
}
@@ -411,12 +428,11 @@ WERROR _dfs_GetInfo(struct pipes_struct *p, struct
dfs_GetInfo *r)
/* The following call can change the cwd. */
status = get_referred_path(ctx,
session_info,
- r->in.dfs_entry_path,
+ pathnamep,
remote_address,
local_address,
jn, &consumedcnt, &self_ref);
- if(!NT_STATUS_IS_OK(status) ||
- consumedcnt < strlen(r->in.dfs_entry_path)) {
+ if(!NT_STATUS_IS_OK(status) || consumedcnt < strlen(pathnamep)) {
return WERR_NERR_DFSNOSUCHVOLUME;
}
diff --git a/source3/script/tests/test_rpcclient_dfs.sh
b/source3/script/tests/test_rpcclient_dfs.sh
index 6d588d2ced2..0ae9e5015cd 100755
--- a/source3/script/tests/test_rpcclient_dfs.sh
+++ b/source3/script/tests/test_rpcclient_dfs.sh
@@ -31,8 +31,15 @@ ${RPCCLIENTCMD} -c "dfsenum 5"
RC=$?
testit "dfsenum" test ${RC} -eq 0 || failed=$((failed + 1))
+# This test fails: _dfs_EnumEx() is not implemented on samba RPC server side
${RPCCLIENTCMD} -c "dfsenumex 5"
RC=$?
testit "dfsenumex" test ${RC} -eq 0 || failed=$((failed + 1))
+# Every backslash is reduced twice, so we need to enter it 4 times.
+# Rpc server then gets: '\\server\share\path'
+${RPCCLIENTCMD} -c "dfsgetinfo \\\\\\\\${SERVER}\\\\msdfs-share\\\\msdfs-src1
${SERVER} msdfs-src1"
+RC=$?
+testit "dfsgetinfo" test ${RC} -eq 0 || failed=$((failed + 1))
+
testok "$0" "${failed}"
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 4aaa67521ee..0d0d4d41601 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -708,6 +708,7 @@ static NTSTATUS cm_prepare_connection(struct
winbindd_domain *domain,
* connect to a foreign domain
* without a direct outbound trust.
*/
+ close(sockfd);
return NT_STATUS_NO_TRUST_LSA_SECRET;
}
@@ -761,6 +762,13 @@ static NTSTATUS cm_prepare_connection(struct
winbindd_domain *domain,
goto done;
}
+ /*
+ * cm_prepare_connection() is responsible that sockfd does not leak.
+ * Once cli_state_create() returns with success, the
+ * smbXcli_conn_destructor() makes sure that close(sockfd) is finally
+ * called. Till that, close(sockfd) must be called on every unsuccessful
+ * return.
+ */
*cli = cli_state_create(NULL, sockfd, controller,
smb_sign_client_connections, flags);
if (*cli == NULL) {
@@ -1749,8 +1757,6 @@ static NTSTATUS cm_open_connection(struct winbindd_domain
*domain,
if (NT_STATUS_IS_OK(result)) {
break;
}
- close(fd);
- fd = -1;
if (!retry) {
break;
}
--
Samba Shared Repository
