The Samba-Bugzilla – Attachment 5369 Details for
Bug 6557
Do not work VFS full_audit
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am patch for 3.5.0rc3
0001-Fix-bug-6557-Do-not-work-VFS-full_audit.patch (text/plain), 3.50 KB, created by
Jeremy Allison
on 2010-02-17 12:14:59 UTC
(
hide
)
Description:
git-am patch for 3.5.0rc3
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2010-02-17 12:14:59 UTC
Size:
3.50 KB
patch
obsolete
>From 8e04cdbdd84a48cd27d88b1fac5e0923adc44cec Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Wed, 17 Feb 2010 10:11:57 -0800 >Subject: [PATCH] Fix bug #6557 - Do not work VFS full_audit > >Re-arrange the operations order so SMB_VFS_CONNECT is done >first as root (to allow modules to correctly initialize themselves). > >Reviewed modules to check if they needed CONNECT invoked as >a user (which we previously did) and it turns out any of them >that cared needed root permissions anyway. > >Jeremy. >--- > source3/smbd/service.c | 35 ++++++++++++++++------------------- > 1 files changed, 16 insertions(+), 19 deletions(-) > >diff --git a/source3/smbd/service.c b/source3/smbd/service.c >index d8ba4fe..572861a 100644 >--- a/source3/smbd/service.c >+++ b/source3/smbd/service.c >@@ -652,7 +652,6 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, > fstring dev; > int ret; > char addr[INET6_ADDRSTRLEN]; >- bool on_err_call_dis_hook = false; > NTSTATUS status; > > fstrcpy(dev, pdev); >@@ -887,6 +886,18 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, > return NULL; > } > >+ /* Invoke VFS make connection hook - must be the first >+ VFS operation we do. */ >+ >+ if (SMB_VFS_CONNECT(conn, lp_servicename(snum), >+ conn->server_info->unix_name) < 0) { >+ DEBUG(0,("make_connection: VFS make connection failed!\n")); >+ yield_connection(conn, lp_servicename(snum)); >+ conn_free(conn); >+ *pstatus = NT_STATUS_UNSUCCESSFUL; >+ return NULL; >+ } >+ > /* > * Fix compatibility issue pointed out by Volker. > * We pass the conn->connectpath to the preexec >@@ -917,6 +928,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, > if (ret != 0 && lp_rootpreexec_close(snum)) { > DEBUG(1,("root preexec gave %d - failing " > "connection\n", ret)); >+ SMB_VFS_DISCONNECT(conn); > yield_connection(conn, lp_servicename(snum)); > conn_free(conn); > *pstatus = NT_STATUS_ACCESS_DENIED; >@@ -928,6 +940,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, > if (!change_to_user(conn, conn->vuid)) { > /* No point continuing if they fail the basic checks */ > DEBUG(0,("Can't become connected user!\n")); >+ SMB_VFS_DISCONNECT(conn); > yield_connection(conn, lp_servicename(snum)); > conn_free(conn); > *pstatus = NT_STATUS_LOGON_FAILURE; >@@ -993,20 +1006,6 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, > lp_aio_write_behind(snum)); > } > >- /* Invoke VFS make connection hook - do this before the VFS_STAT call >- to allow any filesystems needing user credentials to initialize >- themselves. */ >- >- if (SMB_VFS_CONNECT(conn, lp_servicename(snum), >- conn->server_info->unix_name) < 0) { >- DEBUG(0,("make_connection: VFS make connection failed!\n")); >- *pstatus = NT_STATUS_UNSUCCESSFUL; >- goto err_root_exit; >- } >- >- /* Any error exit after here needs to call the disconnect hook. */ >- on_err_call_dis_hook = true; >- > status = create_synthetic_smb_fname(talloc_tos(), conn->connectpath, > NULL, NULL, &smb_fname_cpath); > if (!NT_STATUS_IS_OK(status)) { >@@ -1085,10 +1084,8 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, > err_root_exit: > TALLOC_FREE(smb_fname_cpath); > change_to_root_user(); >- if (on_err_call_dis_hook) { >- /* Call VFS disconnect hook */ >- SMB_VFS_DISCONNECT(conn); >- } >+ /* Call VFS disconnect hook */ >+ SMB_VFS_DISCONNECT(conn); > yield_connection(conn, lp_servicename(snum)); > conn_free(conn); > return NULL; >-- >1.6.6.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 6557
:
5354
| 5369 |
5370
|
5371