From 59a1081e0fb339ddf2e44f1ebd4ebdb58370fb11 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 6 Nov 2010 21:18:35 +0100 Subject: [PATCH] s3: Fix bug 7779, crash in expand_msdfs --- source3/include/proto.h | 1 + source3/librpc/gen_ndr/ndr_secrets.c | 2 -- source3/rpc_server/srv_dfs_nt.c | 12 +++++++----- source3/smbd/msdfs.c | 8 +++++--- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 5064fdb..181e48a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6463,6 +6463,7 @@ bool is_msdfs_link(connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbufp); NTSTATUS get_referred_path(TALLOC_CTX *ctx, + struct auth_serversupplied_info *server_info, const char *dfs_path, struct junction_map *jucn, int *consumedcntp, diff --git a/source3/librpc/gen_ndr/ndr_secrets.c b/source3/librpc/gen_ndr/ndr_secrets.c index f9b6145..2b182db 100644 --- a/source3/librpc/gen_ndr/ndr_secrets.c +++ b/source3/librpc/gen_ndr/ndr_secrets.c @@ -24,7 +24,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_TRUSTED_DOM_PASS(struct ndr_push *ndr, int n NDR_CHECK(ndr_push_trailer_align(ndr, 4)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->domain_sid)); } ndr->flags = _flags_save_STRUCT; } @@ -52,7 +51,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_TRUSTED_DOM_PASS(struct ndr_pull *ndr, int n NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_BUFFERS, &r->domain_sid)); } ndr->flags = _flags_save_STRUCT; } diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c index dfa33c2..2bfbe5e 100644 --- a/source3/rpc_server/srv_dfs_nt.c +++ b/source3/rpc_server/srv_dfs_nt.c @@ -70,7 +70,7 @@ WERROR _dfs_Add(pipes_struct *p, struct dfs_Add *r) } /* The following call can change the cwd. */ - status = get_referred_path(ctx, r->in.path, jn, + status = get_referred_path(ctx, p->server_info, r->in.path, jn, &consumedcnt, &self_ref); if(!NT_STATUS_IS_OK(status)) { return ntstatus_to_werror(status); @@ -136,8 +136,9 @@ WERROR _dfs_Remove(pipes_struct *p, struct dfs_Remove *r) r->in.dfs_entry_path, r->in.servername, r->in.sharename)); } - if(!NT_STATUS_IS_OK(get_referred_path(ctx, r->in.dfs_entry_path, jn, - &consumedcnt, &self_ref))) { + if(!NT_STATUS_IS_OK(get_referred_path(ctx, p->server_info, + r->in.dfs_entry_path, jn, + &consumedcnt, &self_ref))) { return WERR_DFS_NO_SUCH_VOL; } @@ -358,8 +359,9 @@ WERROR _dfs_GetInfo(pipes_struct *p, struct dfs_GetInfo *r) } /* The following call can change the cwd. */ - if(!NT_STATUS_IS_OK(get_referred_path(ctx, r->in.dfs_entry_path, - jn, &consumedcnt, &self_ref)) || + if(!NT_STATUS_IS_OK(get_referred_path(ctx, p->server_info, + r->in.dfs_entry_path, + jn, &consumedcnt, &self_ref)) || consumedcnt < strlen(r->in.dfs_entry_path)) { return WERR_DFS_NO_SUCH_VOL; } diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 6dfa886..6a2f756 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -795,6 +795,7 @@ static NTSTATUS self_ref(TALLOC_CTX *ctx, **********************************************************************/ NTSTATUS get_referred_path(TALLOC_CTX *ctx, + struct auth_serversupplied_info *server_info, const char *dfs_path, struct junction_map *jucn, int *consumedcntp, @@ -916,7 +917,7 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx, } status = create_conn_struct(ctx, &conn, snum, lp_pathname(snum), - NULL, &oldpath); + server_info, &oldpath); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(pdp); return status; @@ -1221,8 +1222,9 @@ int setup_dfs_referral(connection_struct *orig_conn, } /* The following call can change cwd. */ - *pstatus = get_referred_path(ctx, pathnamep, junction, - &consumedcnt, &self_referral); + *pstatus = get_referred_path(ctx, orig_conn->server_info, + pathnamep, junction, + &consumedcnt, &self_referral); if (!NT_STATUS_IS_OK(*pstatus)) { vfs_ChDir(orig_conn,orig_conn->connectpath); talloc_destroy(ctx); -- 1.7.0.4