The branch, v4-18-test has been updated via c1c2a0ec80d s3:winbindd: Fix double close(fd) via aa2af3c0c20 s3:rpc_server: Fix double blackslash issue in dfs path via 19e110d7ac5 s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo() via c052d8bdea8 s3:tests: Add rpcclient 'dfsgetinfo' test from 14ce7756e7a python/samba: Adjust tarfile extraction filter
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test - Log ----------------------------------------------------------------- commit c1c2a0ec80d65e663f4cd6ed144f77b75d0edea7 Author: Pavel Filipenský <pfilipen...@samba.org> Date: Tue Jul 25 11:16:56 2023 +0200 s3:winbindd: Fix double close(fd) Reported by Red Hat internal coverity BUG: https://bugzilla.samba.org/show_bug.cgi?id=15433 Signed-off-by: Pavel Filipenský <pfilipen...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Pavel Filipensky <pfilipen...@samba.org> Autobuild-Date(master): Tue Jul 25 12:08:49 UTC 2023 on atb-devel-224 (cherry picked from commit dd998cc163358edd6c748e40900247877f91eb1f) Autobuild-User(v4-18-test): Jule Anger <jan...@samba.org> Autobuild-Date(v4-18-test): Fri Jul 28 13:37:01 UTC 2023 on atb-devel-224 commit aa2af3c0c20daed2f7e69b70544dd1fef34de474 Author: Pavel Filipenský <pfilipen...@samba.org> Date: Tue Jun 20 16:24:55 2023 +0200 s3:rpc_server: Fix double blackslash issue in dfs path BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400 Signed-off-by: Pavel Filipenský <pfilipen...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed Jul 5 20:24:35 UTC 2023 on atb-devel-224 (cherry picked from commit 6f073f258f1f4f03a8eb568ea05be78fdbec49eb) commit 19e110d7ac5c3a3f1f45115de9ddb9c38f896d65 Author: Pavel Filipenský <pfilipen...@samba.org> Date: Fri Jun 23 10:08:39 2023 +0200 s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo() Signed-off-by: Pavel Filipenský <pfilipen...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 8c10f53928653d02bbb75d6ab05510e87ee97420) commit c052d8bdea879e20716704234a2049f8c2cfbff2 Author: Pavel Filipenský <pfilipen...@samba.org> Date: Fri Jun 23 12:03:30 2023 +0200 s3:tests: Add rpcclient 'dfsgetinfo' test BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400 Signed-off-by: Pavel Filipenský <pfilipen...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 2af9c65f2a17ace4e1021b5c8fd6df636c904cfe) ----------------------------------------------------------------------- Summary of changes: source3/rpc_server/dfs/srv_dfs_nt.c | 32 ++++++++++++++++++++++-------- source3/script/tests/test_rpcclient_dfs.sh | 7 +++++++ source3/winbindd/winbindd_cm.c | 10 ++++++++-- 3 files changed, 39 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/dfs/srv_dfs_nt.c b/source3/rpc_server/dfs/srv_dfs_nt.c index 7b5119bbaf7..8eaa59a8b0e 100644 --- a/source3/rpc_server/dfs/srv_dfs_nt.c +++ b/source3/rpc_server/dfs/srv_dfs_nt.c @@ -63,6 +63,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r) char *altpath = NULL; NTSTATUS status; TALLOC_CTX *ctx = talloc_tos(); + const char *pathnamep = r->in.path; if (session_info->unix_token->uid != sec_initial_uid()) { DEBUG(10,("_dfs_add: uid != 0. Access denied.\n")); @@ -84,10 +85,15 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r) return WERR_NOT_ENOUGH_MEMORY; } + while (IS_DIRECTORY_SEP(pathnamep[0]) && + IS_DIRECTORY_SEP(pathnamep[1])) { + pathnamep++; + } + /* The following call can change the cwd. */ status = get_referred_path(ctx, session_info, - r->in.path, + pathnamep, remote_address, local_address, jn, &consumedcnt, &self_ref); @@ -141,6 +147,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r) TALLOC_CTX *ctx = talloc_tos(); char *altpath = NULL; NTSTATUS status; + const char *pathnamep = r->in.dfs_entry_path; if (session_info->unix_token->uid != sec_initial_uid()) { DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n")); @@ -166,9 +173,14 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r) r->in.dfs_entry_path, r->in.servername, r->in.sharename)); } + while (IS_DIRECTORY_SEP(pathnamep[0]) && + IS_DIRECTORY_SEP(pathnamep[1])) { + pathnamep++; + } + status = get_referred_path(ctx, session_info, - r->in.dfs_entry_path, + pathnamep, remote_address, local_address, jn, &consumedcnt, &self_ref); @@ -390,20 +402,25 @@ WERROR _dfs_GetInfo(struct pipes_struct *p, struct dfs_GetInfo *r) dcesrv_connection_get_remote_address(dcesrv_conn); struct auth_session_info *session_info = dcesrv_call_session_info(dce_call); - size_t consumedcnt = strlen(r->in.dfs_entry_path); + size_t consumedcnt = 0; struct junction_map *jn = NULL; bool self_ref = False; TALLOC_CTX *ctx = talloc_tos(); bool ret; NTSTATUS status; + const char *pathnamep = r->in.dfs_entry_path; jn = talloc_zero(ctx, struct junction_map); if (!jn) { return WERR_NOT_ENOUGH_MEMORY; } - ret = create_junction(ctx, r->in.dfs_entry_path, - jn); + while (IS_DIRECTORY_SEP(pathnamep[0]) && + IS_DIRECTORY_SEP(pathnamep[1])) { + pathnamep++; + } + + ret = create_junction(ctx, pathnamep, jn); if (!ret) { return WERR_NERR_DFSNOSUCHSERVER; } @@ -411,12 +428,11 @@ WERROR _dfs_GetInfo(struct pipes_struct *p, struct dfs_GetInfo *r) /* The following call can change the cwd. */ status = get_referred_path(ctx, session_info, - r->in.dfs_entry_path, + pathnamep, remote_address, local_address, jn, &consumedcnt, &self_ref); - if(!NT_STATUS_IS_OK(status) || - consumedcnt < strlen(r->in.dfs_entry_path)) { + if(!NT_STATUS_IS_OK(status) || consumedcnt < strlen(pathnamep)) { return WERR_NERR_DFSNOSUCHVOLUME; } diff --git a/source3/script/tests/test_rpcclient_dfs.sh b/source3/script/tests/test_rpcclient_dfs.sh index 6d588d2ced2..0ae9e5015cd 100755 --- a/source3/script/tests/test_rpcclient_dfs.sh +++ b/source3/script/tests/test_rpcclient_dfs.sh @@ -31,8 +31,15 @@ ${RPCCLIENTCMD} -c "dfsenum 5" RC=$? testit "dfsenum" test ${RC} -eq 0 || failed=$((failed + 1)) +# This test fails: _dfs_EnumEx() is not implemented on samba RPC server side ${RPCCLIENTCMD} -c "dfsenumex 5" RC=$? testit "dfsenumex" test ${RC} -eq 0 || failed=$((failed + 1)) +# Every backslash is reduced twice, so we need to enter it 4 times. +# Rpc server then gets: '\\server\share\path' +${RPCCLIENTCMD} -c "dfsgetinfo \\\\\\\\${SERVER}\\\\msdfs-share\\\\msdfs-src1 ${SERVER} msdfs-src1" +RC=$? +testit "dfsgetinfo" test ${RC} -eq 0 || failed=$((failed + 1)) + testok "$0" "${failed}" diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 4aaa67521ee..0d0d4d41601 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -708,6 +708,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, * connect to a foreign domain * without a direct outbound trust. */ + close(sockfd); return NT_STATUS_NO_TRUST_LSA_SECRET; } @@ -761,6 +762,13 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, goto done; } + /* + * cm_prepare_connection() is responsible that sockfd does not leak. + * Once cli_state_create() returns with success, the + * smbXcli_conn_destructor() makes sure that close(sockfd) is finally + * called. Till that, close(sockfd) must be called on every unsuccessful + * return. + */ *cli = cli_state_create(NULL, sockfd, controller, smb_sign_client_connections, flags); if (*cli == NULL) { @@ -1749,8 +1757,6 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain, if (NT_STATUS_IS_OK(result)) { break; } - close(fd); - fd = -1; if (!retry) { break; } -- Samba Shared Repository