The Samba-Bugzilla – Attachment 17976 Details for
Bug 15400
rpcserver no longer accepts double backslash in dfs pathname
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
4.18 patch
4.18.patch (text/plain), 6.83 KB, created by
Pavel Filipenský
on 2023-07-11 13:48:27 UTC
(
hide
)
Description:
4.18 patch
Filename:
MIME Type:
Creator:
Pavel Filipenský
Created:
2023-07-11 13:48:27 UTC
Size:
6.83 KB
patch
obsolete
>From cc15308b1f2c9554ded00c6f999c8edc9d9e48dd Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org> >Date: Fri, 23 Jun 2023 12:03:30 +0200 >Subject: [PATCH 1/3] s3:tests: Add rpcclient 'dfsgetinfo' test >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400 > >Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >--- > selftest/knownfail.d/rpc-dfs | 1 + > source3/script/tests/test_rpcclient_dfs.sh | 7 +++++++ > 2 files changed, 8 insertions(+) > >diff --git a/selftest/knownfail.d/rpc-dfs b/selftest/knownfail.d/rpc-dfs >index 8ab72ff7b38..50499bf3662 100644 >--- a/selftest/knownfail.d/rpc-dfs >+++ b/selftest/knownfail.d/rpc-dfs >@@ -1,2 +1,3 @@ > #_dfs_EnumEx() is not implemented on RPC server side > ^samba3.blackbox.rpcclient_dfs.dfsenumex >+^samba3.blackbox.rpcclient_dfs.dfsgetinfo >diff --git a/source3/script/tests/test_rpcclient_dfs.sh b/source3/script/tests/test_rpcclient_dfs.sh >index 6d588d2ced2..0ae9e5015cd 100755 >--- a/source3/script/tests/test_rpcclient_dfs.sh >+++ b/source3/script/tests/test_rpcclient_dfs.sh >@@ -31,8 +31,15 @@ ${RPCCLIENTCMD} -c "dfsenum 5" > RC=$? > testit "dfsenum" test ${RC} -eq 0 || failed=$((failed + 1)) > >+# This test fails: _dfs_EnumEx() is not implemented on samba RPC server side > ${RPCCLIENTCMD} -c "dfsenumex 5" > RC=$? > testit "dfsenumex" test ${RC} -eq 0 || failed=$((failed + 1)) > >+# Every backslash is reduced twice, so we need to enter it 4 times. >+# Rpc server then gets: '\\server\share\path' >+${RPCCLIENTCMD} -c "dfsgetinfo \\\\\\\\${SERVER}\\\\msdfs-share\\\\msdfs-src1 ${SERVER} msdfs-src1" >+RC=$? >+testit "dfsgetinfo" test ${RC} -eq 0 || failed=$((failed + 1)) >+ > testok "$0" "${failed}" >-- >2.40.1 > > >From f6b56d0a104eafc3688b91d237e9ebb059e2e5cb Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org> >Date: Fri, 23 Jun 2023 10:08:39 +0200 >Subject: [PATCH 2/3] s3:rpc_server: Initialize consumedcnt to 0 in > _dfs_GetInfo() >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >--- > source3/rpc_server/dfs/srv_dfs_nt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/rpc_server/dfs/srv_dfs_nt.c b/source3/rpc_server/dfs/srv_dfs_nt.c >index 7b5119bbaf7..34b49419b07 100644 >--- a/source3/rpc_server/dfs/srv_dfs_nt.c >+++ b/source3/rpc_server/dfs/srv_dfs_nt.c >@@ -390,7 +390,7 @@ WERROR _dfs_GetInfo(struct pipes_struct *p, struct dfs_GetInfo *r) > dcesrv_connection_get_remote_address(dcesrv_conn); > struct auth_session_info *session_info = > dcesrv_call_session_info(dce_call); >- size_t consumedcnt = strlen(r->in.dfs_entry_path); >+ size_t consumedcnt = 0; > struct junction_map *jn = NULL; > bool self_ref = False; > TALLOC_CTX *ctx = talloc_tos(); >-- >2.40.1 > > >From dfde6f296bae46c811230540b0c065e3c89ed207 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org> >Date: Tue, 20 Jun 2023 16:24:55 +0200 >Subject: [PATCH 3/3] s3:rpc_server: Fix double blackslash issue in dfs path >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400 > >Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Wed Jul 5 20:24:35 UTC 2023 on atb-devel-224 >--- > selftest/knownfail.d/rpc-dfs | 1 - > source3/rpc_server/dfs/srv_dfs_nt.c | 30 ++++++++++++++++++++++------- > 2 files changed, 23 insertions(+), 8 deletions(-) > >diff --git a/selftest/knownfail.d/rpc-dfs b/selftest/knownfail.d/rpc-dfs >index 50499bf3662..8ab72ff7b38 100644 >--- a/selftest/knownfail.d/rpc-dfs >+++ b/selftest/knownfail.d/rpc-dfs >@@ -1,3 +1,2 @@ > #_dfs_EnumEx() is not implemented on RPC server side > ^samba3.blackbox.rpcclient_dfs.dfsenumex >-^samba3.blackbox.rpcclient_dfs.dfsgetinfo >diff --git a/source3/rpc_server/dfs/srv_dfs_nt.c b/source3/rpc_server/dfs/srv_dfs_nt.c >index 34b49419b07..8eaa59a8b0e 100644 >--- a/source3/rpc_server/dfs/srv_dfs_nt.c >+++ b/source3/rpc_server/dfs/srv_dfs_nt.c >@@ -63,6 +63,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r) > char *altpath = NULL; > NTSTATUS status; > TALLOC_CTX *ctx = talloc_tos(); >+ const char *pathnamep = r->in.path; > > if (session_info->unix_token->uid != sec_initial_uid()) { > DEBUG(10,("_dfs_add: uid != 0. Access denied.\n")); >@@ -84,10 +85,15 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r) > return WERR_NOT_ENOUGH_MEMORY; > } > >+ while (IS_DIRECTORY_SEP(pathnamep[0]) && >+ IS_DIRECTORY_SEP(pathnamep[1])) { >+ pathnamep++; >+ } >+ > /* The following call can change the cwd. */ > status = get_referred_path(ctx, > session_info, >- r->in.path, >+ pathnamep, > remote_address, > local_address, > jn, &consumedcnt, &self_ref); >@@ -141,6 +147,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r) > TALLOC_CTX *ctx = talloc_tos(); > char *altpath = NULL; > NTSTATUS status; >+ const char *pathnamep = r->in.dfs_entry_path; > > if (session_info->unix_token->uid != sec_initial_uid()) { > DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n")); >@@ -166,9 +173,14 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r) > r->in.dfs_entry_path, r->in.servername, r->in.sharename)); > } > >+ while (IS_DIRECTORY_SEP(pathnamep[0]) && >+ IS_DIRECTORY_SEP(pathnamep[1])) { >+ pathnamep++; >+ } >+ > status = get_referred_path(ctx, > session_info, >- r->in.dfs_entry_path, >+ pathnamep, > remote_address, > local_address, > jn, &consumedcnt, &self_ref); >@@ -396,14 +408,19 @@ WERROR _dfs_GetInfo(struct pipes_struct *p, struct dfs_GetInfo *r) > TALLOC_CTX *ctx = talloc_tos(); > bool ret; > NTSTATUS status; >+ const char *pathnamep = r->in.dfs_entry_path; > > jn = talloc_zero(ctx, struct junction_map); > if (!jn) { > return WERR_NOT_ENOUGH_MEMORY; > } > >- ret = create_junction(ctx, r->in.dfs_entry_path, >- jn); >+ while (IS_DIRECTORY_SEP(pathnamep[0]) && >+ IS_DIRECTORY_SEP(pathnamep[1])) { >+ pathnamep++; >+ } >+ >+ ret = create_junction(ctx, pathnamep, jn); > if (!ret) { > return WERR_NERR_DFSNOSUCHSERVER; > } >@@ -411,12 +428,11 @@ WERROR _dfs_GetInfo(struct pipes_struct *p, struct dfs_GetInfo *r) > /* The following call can change the cwd. */ > status = get_referred_path(ctx, > session_info, >- r->in.dfs_entry_path, >+ pathnamep, > remote_address, > local_address, > jn, &consumedcnt, &self_ref); >- if(!NT_STATUS_IS_OK(status) || >- consumedcnt < strlen(r->in.dfs_entry_path)) { >+ if(!NT_STATUS_IS_OK(status) || consumedcnt < strlen(pathnamep)) { > return WERR_NERR_DFSNOSUCHVOLUME; > } > >-- >2.40.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 15400
:
17976
|
18002