The Samba-Bugzilla – Attachment 6905 Details for
Bug 7913
shadow_copy2 module with non-default format parameter requires wide links enabled to work
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix access check
0005-Fix-access-check-thereby-removing-widelinks-requirem.patch (text/plain), 5.79 KB, created by
(account disabled)
on 2011-09-17 07:30:26 UTC
(
hide
)
Description:
Fix access check
Filename:
MIME Type:
Creator:
(account disabled)
Created:
2011-09-17 07:30:26 UTC
Size:
5.79 KB
patch
obsolete
>From 862053ae40d7e9c44a3e1eb4227c766cd37abfde Mon Sep 17 00:00:00 2001 >Date: Thu, 1 Sep 2011 16:51:53 -0700 >Subject: [PATCH 5/5] Fix access check, thereby removing widelinks requirement. > >shadow_copy2_connectpath() was not properly converting the @GMT-... parts >to the real snapshot name, so this was failing whenever a shadow:format >was specified. The error logged was something like this: > > check_reduced_name: Bad access attempt: foo/* is a symlink outside the share path > conn_rootdir =/base/snapshots/@GMT-2011.08.31-20.55.50/ > resolved_name=/base/snapshots/snap_20110831205550/foo/* > >Furthermore, the function was duplicating most of the code in >convert_shadow2_name() (but incompletely). Therefore this patch now >re-uses convert_shadow2_name(). > >This is a slightly modified version of the patch presented here (that >patch did not properly handle narrow symlinks): >http://lists.samba.org/archive/samba-technical/2011-January/075707.html >http://samba.2283325.n4.nabble.com/shadow-copy2-requires-wide-links-enabled-td3178583.html >--- > source3/modules/vfs_shadow_copy2.c | 72 ++++++------------------------------ > 1 files changed, 12 insertions(+), 60 deletions(-) > >diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c >index fedfb53..8255bbf 100644 >--- a/source3/modules/vfs_shadow_copy2.c >+++ b/source3/modules/vfs_shadow_copy2.c >@@ -237,7 +237,7 @@ static const char *shadow_copy2_normalise_path(TALLOC_CTX *mem_ctx, const char * > if (shadow_copy2_match_name(fname, &gmt_start)) { \ > char *name2; \ > rtype ret; \ >- name2 = convert_shadow2_name(handle, fname, gmt_start); \ >+ name2 = convert_shadow2_name(handle, fname, gmt_start, True); \ > if (name2 == NULL) { \ > errno = EINVAL; \ > return eret; \ >@@ -258,7 +258,7 @@ static const char *shadow_copy2_normalise_path(TALLOC_CTX *mem_ctx, const char * > char *name2; \ > char *smb_base_name_tmp = NULL; \ > rtype ret; \ >- name2 = convert_shadow2_name(handle, smb_fname->base_name, gmt_start); \ >+ name2 = convert_shadow2_name(handle, smb_fname->base_name, gmt_start, True); \ > if (name2 == NULL) { \ > errno = EINVAL; \ > return eret; \ >@@ -285,7 +285,7 @@ static const char *shadow_copy2_normalise_path(TALLOC_CTX *mem_ctx, const char * > if (shadow_copy2_match_name(fname, &gmt_start)) { \ > char *name2; \ > NTSTATUS ret; \ >- name2 = convert_shadow2_name(handle, fname, gmt_start); \ >+ name2 = convert_shadow2_name(handle, fname, gmt_start, True); \ > if (name2 == NULL) { \ > errno = EINVAL; \ > return eret; \ >@@ -409,7 +409,8 @@ static const char *shadow_copy2_find_basedir(TALLOC_CTX *mem_ctx, vfs_handle_str > convert a filename from a share relative path, to a path in the > snapshot directory > */ >-static char *convert_shadow2_name(vfs_handle_struct *handle, const char *fname, const char *gmt_path) >+static char *convert_shadow2_name(vfs_handle_struct *handle, const char *fname, >+ const char *gmt_path, const bool incl_rel) > { > TALLOC_CTX *tmp_ctx = talloc_new(handle->data); > const char *snapdir, *relpath, *baseoffset, *basedir; >@@ -486,11 +487,13 @@ static char *convert_shadow2_name(vfs_handle_struct *handle, const char *fname, > if (*relpath == '/') relpath++; > if (*baseoffset == '/') baseoffset++; > >- ret = talloc_asprintf(handle->data, "%s/%s/%s/%s", >+ ret = talloc_asprintf(handle->data, "%s/%s%s%s%s%s", > snapdir, > snapshot, >+ *baseoffset ? "/" : "", > baseoffset, >- relpath); >+ *relpath ? "/" : "", >+ incl_rel ? relpath : ""); > DEBUG(6,("convert_shadow2_name: '%s' -> '%s'\n", fname, ret)); > talloc_free(tmp_ctx); > return ret; >@@ -687,68 +690,17 @@ static char *shadow_copy2_realpath(vfs_handle_struct *handle, > static const char *shadow_copy2_connectpath(struct vfs_handle_struct *handle, > const char *fname) > { >- TALLOC_CTX *tmp_ctx; >- const char *snapdir, *baseoffset, *basedir, *gmt_start; >- size_t baselen; >+ const char *gmt_start; > char *ret; > > DEBUG(10, ("shadow_copy2_connectpath called with %s\n", fname)); > > if (!shadow_copy2_match_name(fname, &gmt_start)) { >- return handle->conn->connectpath; >- } >- >- /* >- * We have to create a real temporary context because we have >- * to put our result on talloc_tos(). Thus we can't use a >- * talloc_stackframe() here. >- */ >- tmp_ctx = talloc_new(talloc_tos()); >- >- fname = shadow_copy2_normalise_path(tmp_ctx, fname, gmt_start); >- if (fname == NULL) { >- TALLOC_FREE(tmp_ctx); >- return NULL; >- } >- >- snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle); >- if (snapdir == NULL) { >- DEBUG(2,("no snapdir found for share at %s\n", >- handle->conn->connectpath)); >- TALLOC_FREE(tmp_ctx); >- return NULL; >- } >- >- basedir = shadow_copy2_find_basedir(tmp_ctx, handle); >- if (basedir == NULL) { >- DEBUG(2,("no basedir found for share at %s\n", >- handle->conn->connectpath)); >- TALLOC_FREE(tmp_ctx); >- return NULL; >- } >- >- baselen = strlen(basedir); >- baseoffset = handle->conn->connectpath + baselen; >- >- /* some sanity checks */ >- if (strncmp(basedir, handle->conn->connectpath, baselen) != 0 || >- (handle->conn->connectpath[baselen] != 0 >- && handle->conn->connectpath[baselen] != '/')) { >- DEBUG(0,("shadow_copy2_connectpath: basedir %s is not a " >- "parent of %s\n", basedir, >- handle->conn->connectpath)); >- TALLOC_FREE(tmp_ctx); >- return NULL; >+ return SMB_VFS_NEXT_CONNECTPATH(handle, fname); > } > >- if (*baseoffset == '/') baseoffset++; >- >- ret = talloc_asprintf(talloc_tos(), "%s/%.*s/%s", >- snapdir, >- GMT_NAME_LEN, fname, >- baseoffset); >+ ret = convert_shadow2_name(handle, fname, gmt_start, False); > DEBUG(6,("shadow_copy2_connectpath: '%s' -> '%s'\n", fname, ret)); >- TALLOC_FREE(tmp_ctx); > return ret; > } > >-- >1.7.3.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 7913
:
6418
|
6422
| 6905