Attachment 7442 Details for Bug 8837 – Back-port 6 part git-am fix for 3.6.next.

[patch] Back-port 6 part git-am fix for 3.6.next.

look (text/plain), 22.49 KB, created by Jeremy Allison on 2012-04-09 20:22:40 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2012-04-09 20:22:40 UTC

Size: 22.49 KB

patch

obsolete

>From 85f7209614a9665658f1730855358f215cf37f60 Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Wed, 4 Apr 2012 14:53:10 -0700
>Subject: [PATCH 1/6] First part of fix for bug 8837 - smbd crashes when
> deleting directory and veto files are enabled.
>
>Add some const to the sec_ctx code.
>(cherry picked from commit f042de2f346c98a852957cdbb09a7f8ac871b69c)
>---
> source3/smbd/proto.h   |    2 +-
> source3/smbd/sec_ctx.c |    2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
>diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
>index aadad4b..0d31a1c 100644
>--- a/source3/smbd/proto.h
>+++ b/source3/smbd/proto.h
>@@ -953,7 +953,7 @@ void server_encryption_shutdown(void);
> 
> bool unix_token_equal(const struct security_unix_token *t1, const struct security_unix_token *t2);
> bool push_sec_ctx(void);
>-void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct security_token *token);
>+void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, const struct security_token *token);
> void set_root_sec_ctx(void);
> bool pop_sec_ctx(void);
> void init_sec_ctx(void);
>diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
>index f8c8847..14e18a8 100644
>--- a/source3/smbd/sec_ctx.c
>+++ b/source3/smbd/sec_ctx.c
>@@ -304,7 +304,7 @@ static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *grou
>  Set the current security context to a given user.
> ****************************************************************************/
> 
>-void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct security_token *token)
>+void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, const struct security_token *token)
> {
> 	struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
> 
>-- 
>1.7.7.3
>
>
>From 465b170730248983c38db7f2ecbc3370e41cfd78 Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Wed, 4 Apr 2012 14:57:12 -0700
>Subject: [PATCH 2/6] Third part of fix for bug #8837 - smbd crashes when
> deleting directory and veto files are enabled.
>
>Use correct check to see if veto files has been enabled. Even if not
>set lp_veto_files() returns a valid string address (to a '\0' character).
>
>Autobuild-User: Jeremy Allison <jra@samba.org>
>Autobuild-Date: Thu Apr  5 01:36:04 CEST 2012 on sn-devel-104
>(cherry picked from commit 704ea4729b499ae2716cfe6ad5d952bcb1251a3b)
>---
> source3/smbd/close.c |    2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
>diff --git a/source3/smbd/close.c b/source3/smbd/close.c
>index a431a5d..a307f70 100644
>--- a/source3/smbd/close.c
>+++ b/source3/smbd/close.c
>@@ -817,7 +817,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp)
> 		return NT_STATUS_OK;
> 	}
> 
>-	if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
>+	if(((errno == ENOTEMPTY)||(errno == EEXIST)) && *lp_veto_files(SNUM(conn))) {
> 		/*
> 		 * Check to see if the only thing in this directory are
> 		 * vetoed files/directories. If so then delete them and
>-- 
>1.7.7.3
>
>
>From eee35a7ccaf5f274a89596afc67d73ef2bd17969 Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Fri, 6 Apr 2012 14:53:48 -0700
>Subject: [PATCH 3/6] Fix the talloc heirarchy when adding the unix delete
> token.
>
>---
> source3/locking/locking.c |    2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
>diff --git a/source3/locking/locking.c b/source3/locking/locking.c
>index ddd469d..02622d6 100644
>--- a/source3/locking/locking.c
>+++ b/source3/locking/locking.c
>@@ -1518,7 +1518,7 @@ static bool add_delete_on_close_token(struct share_mode_lock *lck,
> 	}
> 
> 	dtl->name_hash = name_hash;
>-	dtl->delete_token = copy_unix_token(lck, tok);
>+	dtl->delete_token = copy_unix_token(dtl, tok);
> 	if (dtl->delete_token == NULL) {
> 		TALLOC_FREE(dtl);
> 		return false;
>-- 
>1.7.7.3
>
>
>From a5d480f7be5a60fd18f8059b4d475f34021009f1 Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Fri, 6 Apr 2012 15:39:03 -0700
>Subject: [PATCH 4/6] The delete tokens are unique to each name hash
> representing a pathname, if we don't correctly return
> here we'll add duplicate tokens for a given pasname
> hash.
>
>---
> source3/locking/locking.c |   13 +++++++------
> 1 files changed, 7 insertions(+), 6 deletions(-)
>
>diff --git a/source3/locking/locking.c b/source3/locking/locking.c
>index 02622d6..8587714 100644
>--- a/source3/locking/locking.c
>+++ b/source3/locking/locking.c
>@@ -1560,13 +1560,14 @@ void set_delete_on_close_lck(files_struct *fsp,
> 				/* Delete this entry. */
> 				DLIST_REMOVE(lck->delete_tokens, dtl);
> 				TALLOC_FREE(dtl);
>-				return;
>+			} else {
>+				/* Replace this token with the
>+				   given tok. */
>+				TALLOC_FREE(dtl->delete_token);
>+				dtl->delete_token = copy_unix_token(dtl, tok);
>+				SMB_ASSERT(dtl->delete_token != NULL);
> 			}
>-			/* Replace this token with the
>-			   given tok. */
>-			TALLOC_FREE(dtl->delete_token);
>-			dtl->delete_token = copy_unix_token(dtl, tok);
>-			SMB_ASSERT(dtl->delete_token != NULL);
>+			return;
> 		}
> 	}
> 
>-- 
>1.7.7.3
>
>
>From a3729b866db25bbbead8c12427dd2e5e1b479f27 Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Mon, 9 Apr 2012 11:47:27 -0700
>Subject: [PATCH 5/6] Convert parse_delete_tokens_list() and
> unparse_share_modes() to use ndr encoding for the
> struct security_unix_token. We can do this as
> libsmb_share_modes never looks inside the delete tokens
> list, only implicitly gets the length.
>
>---
> librpc/idl/security.idl   |    2 +-
> source3/locking/locking.c |  120 +++++++++++++++-----------------------------
> 2 files changed, 42 insertions(+), 80 deletions(-)
>
>diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
>index 3378367..b58e099 100644
>--- a/librpc/idl/security.idl
>+++ b/librpc/idl/security.idl
>@@ -578,7 +578,7 @@ interface security
> 	} security_token;
> 
> 	/* This is not yet sent over the network, but is simply defined in IDL */
>-	typedef [public] struct {
>+	typedef [public,gensize] struct {
> 		uid_t uid;
> 		uid_t gid;
> 		uint32 ngroups;
>diff --git a/source3/locking/locking.c b/source3/locking/locking.c
>index 8587714..e04de79 100644
>--- a/source3/locking/locking.c
>+++ b/source3/locking/locking.c
>@@ -44,6 +44,7 @@
> #include "serverid.h"
> #include "messages.h"
> #include "util_tdb.h"
>+#include "../librpc/gen_ndr/ndr_security.h"
> 
> #undef DBGC_CLASS
> #define DBGC_CLASS DBGC_LOCKING
>@@ -551,33 +552,10 @@ static int parse_delete_tokens_list(struct share_mode_lock *lck,
> 	lck->delete_tokens = NULL;
> 
> 	for (i = 0; i < pdata->u.s.num_delete_token_entries; i++) {
>-		uint32_t token_len;
>+		DATA_BLOB blob;
>+		enum ndr_err_code ndr_err;
> 		struct delete_token_list *pdtl;
>-
>-		if (end_ptr - p < (sizeof(uint32_t) + sizeof(uint32_t) +
>-					sizeof(uid_t) + sizeof(gid_t))) {
>-			DEBUG(0,("parse_delete_tokens_list: "
>-				"corrupt token list (%u)",
>-				(unsigned int)(end_ptr - p)));
>-			smb_panic("corrupt token list");
>-			return -1;
>-		}
>-
>-		memcpy(&token_len, p, sizeof(token_len));
>-		delete_tokens_size += token_len;
>-
>-		if (p + token_len > end_ptr || token_len < sizeof(token_len) +
>-						sizeof(pdtl->name_hash) +
>-						sizeof(uid_t) +
>-						sizeof(gid_t)) {
>-			DEBUG(0,("parse_delete_tokens_list: "
>-				"invalid token length (%u)\n",
>-				(unsigned int)token_len ));
>-			smb_panic("invalid token length");
>-			return -1;
>-		}
>-
>-		p += sizeof(token_len);
>+		size_t token_len = 0;
> 
> 		pdtl = TALLOC_ZERO_P(lck, struct delete_token_list);
> 		if (pdtl == NULL) {
>@@ -587,6 +565,7 @@ static int parse_delete_tokens_list(struct share_mode_lock *lck,
> 		/* Copy out the name_hash. */
> 		memcpy(&pdtl->name_hash, p, sizeof(pdtl->name_hash));
> 		p += sizeof(pdtl->name_hash);
>+		delete_tokens_size += sizeof(pdtl->name_hash);
> 
> 		pdtl->delete_token = TALLOC_ZERO_P(pdtl, struct security_unix_token);
> 		if (pdtl->delete_token == NULL) {
>@@ -594,40 +573,29 @@ static int parse_delete_tokens_list(struct share_mode_lock *lck,
> 			return -1;
> 		}
> 
>-		/* Copy out the uid and gid. */
>-		memcpy(&pdtl->delete_token->uid, p, sizeof(uid_t));
>-		p += sizeof(uid_t);
>-		memcpy(&pdtl->delete_token->gid, p, sizeof(gid_t));
>-		p += sizeof(gid_t);
>-
>-		token_len -= (sizeof(token_len) + sizeof(pdtl->name_hash) +
>-				sizeof(uid_t) + sizeof(gid_t));
>-
>-		/* Any supplementary groups ? */
>-		if (token_len) {
>-			int j;
>-
>-			if (token_len % sizeof(gid_t) != 0) {
>-				DEBUG(0,("parse_delete_tokens_list: "
>-					"corrupt group list (%u)",
>-					(unsigned int)(token_len % sizeof(gid_t)) ));
>-				smb_panic("corrupt group list");
>-				return -1;
>-			}
>+		if (p >= end_ptr) {
>+			DEBUG(0,("parse_delete_tokens_list: corrupt data"));
>+			return -1;
>+		}
> 
>-			pdtl->delete_token->ngroups = token_len / sizeof(gid_t);
>-			pdtl->delete_token->groups = TALLOC_ARRAY(pdtl->delete_token, gid_t,
>-						pdtl->delete_token->ngroups);
>-			if (pdtl->delete_token->groups == NULL) {
>-				DEBUG(0,("parse_delete_tokens_list: talloc failed"));
>-				return -1;
>-			}
>+		blob.data = p;
>+		blob.length = end_ptr - p;
> 
>-			for (j = 0; j < pdtl->delete_token->ngroups; j++) {
>-				memcpy(&pdtl->delete_token->groups[j], p, sizeof(gid_t));
>-				p += sizeof(gid_t);
>-			}
>+		ndr_err = ndr_pull_struct_blob(&blob,
>+				pdtl,
>+				pdtl->delete_token,
>+				(ndr_pull_flags_fn_t)ndr_pull_security_unix_token);
>+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
>+			DEBUG(1, ("parse_delete_tokens_list: "
>+				"ndr_pull_share_mode_data failed\n"));
>+			return -1;
> 		}
>+
>+		token_len = ndr_size_security_unix_token(pdtl->delete_token, 0);
>+
>+		p += token_len;
>+		delete_tokens_size += token_len;
>+
> 		/* Add to the list. */
> 		DLIST_ADD(lck->delete_tokens, pdtl);
> 	}
>@@ -769,11 +737,8 @@ static TDB_DATA unparse_share_modes(const struct share_mode_lock *lck)
> 
> 	for (pdtl = lck->delete_tokens; pdtl; pdtl = pdtl->next) {
> 		num_delete_token_entries++;
>-		delete_tokens_size += (sizeof(uint32_t) +
>-				sizeof(uint32_t) +
>-				sizeof(uid_t) +
>-				sizeof(gid_t) +
>-				pdtl->delete_token->ngroups*sizeof(gid_t));
>+		delete_tokens_size += sizeof(uint32_t) +
>+				ndr_size_security_unix_token(pdtl->delete_token, 0);
> 	}
> 
> 	result.dsize = sizeof(*data) +
>@@ -813,30 +778,27 @@ static TDB_DATA unparse_share_modes(const struct share_mode_lock *lck)
> 	/* Store any delete on close tokens. */
> 	for (pdtl = lck->delete_tokens; pdtl; pdtl = pdtl->next) {
> 		struct security_unix_token *pdt = pdtl->delete_token;
>-		uint32_t token_size = sizeof(uint32_t) +
>-					sizeof(uint32_t) +
>-					sizeof(uid_t) +
>-					sizeof(gid_t) +
>-					(pdt->ngroups * sizeof(gid_t));
> 		uint8_t *p = result.dptr + offset;
>-
>-		memcpy(p, &token_size, sizeof(uint32_t));
>-		p += sizeof(uint32_t);
>+		DATA_BLOB blob;
>+		enum ndr_err_code ndr_err;
> 
> 		memcpy(p, &pdtl->name_hash, sizeof(uint32_t));
> 		p += sizeof(uint32_t);
>+		offset += sizeof(uint32_t);
> 
>-		memcpy(p, &pdt->uid, sizeof(uid_t));
>-		p += sizeof(uid_t);
>+		ndr_err = ndr_push_struct_blob(&blob,
>+				talloc_tos(),
>+				pdt,
>+				(ndr_push_flags_fn_t)ndr_push_security_unix_token);
> 
>-		memcpy(p, &pdt->gid, sizeof(gid_t));
>-		p += sizeof(gid_t);
>-
>-		for (i = 0; i < pdt->ngroups; i++) {
>-			memcpy(p, &pdt->groups[i], sizeof(gid_t));
>-			p += sizeof(gid_t);
>+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
>+			smb_panic("ndr_push_security_unix_token failed");
> 		}
>-		offset += token_size;
>+
>+		/* We know we have space here as we counted above. */
>+		memcpy(p, blob.data, blob.length);
>+		offset += blob.length;
>+		TALLOC_FREE(blob.data);
> 	}
> 
> 	safe_strcpy((char *)result.dptr + offset, lck->servicepath,
>-- 
>1.7.7.3
>
>
>From 63a09af9f29dbfc44670ef44c915200d063bdf29 Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Mon, 9 Apr 2012 12:44:05 -0700
>Subject: [PATCH 6/6] Final back port of fix for bug #8837 - smbd crashes when
> deleting directory and veto files are enabled.
>
>Use ndr encoding to add the NT security token into the stored data when
>delete on close is set.
>---
> librpc/idl/security.idl   |    2 +-
> source3/include/smb.h     |    1 +
> source3/locking/locking.c |   51 +++++++++++++++++++++++++++++++++++++-------
> source3/locking/proto.h   |   10 +++++++-
> source3/smbd/close.c      |   23 +++++++++++++-------
> source3/smbd/reply.c      |    8 +++++-
> source3/smbd/trans2.c     |    1 +
> 7 files changed, 75 insertions(+), 21 deletions(-)
>
>diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
>index b58e099..696d5a5 100644
>--- a/librpc/idl/security.idl
>+++ b/librpc/idl/security.idl
>@@ -570,7 +570,7 @@ interface security
> 	} sec_desc_buf;
> 
> 	/* This is not yet sent over the network, but is simply defined in IDL */
>-	typedef [public] struct {
>+	typedef [public,gensize] struct {
> 		uint32 num_sids;
> 		[size_is(num_sids)] dom_sid sids[*];
> 		se_privilege privilege_mask;
>diff --git a/source3/include/smb.h b/source3/include/smb.h
>index 549ebb2..873657a 100644
>--- a/source3/include/smb.h
>+++ b/source3/include/smb.h
>@@ -637,6 +637,7 @@ struct delete_token_list {
> 	struct delete_token_list *next, *prev;
> 	uint32_t name_hash;
> 	struct security_unix_token *delete_token;
>+	struct security_token *delete_nt_token;
> };
> 
> struct share_mode_lock {
>diff --git a/source3/locking/locking.c b/source3/locking/locking.c
>index e04de79..f510ee1 100644
>--- a/source3/locking/locking.c
>+++ b/source3/locking/locking.c
>@@ -1470,6 +1470,7 @@ static struct security_unix_token *copy_unix_token(TALLOC_CTX *ctx, const struct
> 
> static bool add_delete_on_close_token(struct share_mode_lock *lck,
> 			uint32_t name_hash,
>+			const struct security_token *nt_tok,
> 			const struct security_unix_token *tok)
> {
> 	struct delete_token_list *dtl;
>@@ -1485,6 +1486,11 @@ static bool add_delete_on_close_token(struct share_mode_lock *lck,
> 		TALLOC_FREE(dtl);
> 		return false;
> 	}
>+	dtl->delete_nt_token = dup_nt_token(dtl, nt_tok);
>+	if (dtl->delete_nt_token == NULL) {
>+		TALLOC_FREE(dtl);
>+		return false;
>+	}
> 	DLIST_ADD(lck->delete_tokens, dtl);
> 	lck->modified = true;
> 	return true;
>@@ -1504,14 +1510,17 @@ static bool add_delete_on_close_token(struct share_mode_lock *lck,
> void set_delete_on_close_lck(files_struct *fsp,
> 			struct share_mode_lock *lck,
> 			bool delete_on_close,
>+			const struct security_token *nt_tok,
> 			const struct security_unix_token *tok)
> {
> 	struct delete_token_list *dtl;
> 	bool ret;
> 
> 	if (delete_on_close) {
>+		SMB_ASSERT(nt_tok != NULL);
> 		SMB_ASSERT(tok != NULL);
> 	} else {
>+		SMB_ASSERT(nt_tok == NULL);
> 		SMB_ASSERT(tok == NULL);
> 	}
> 
>@@ -1528,6 +1537,9 @@ void set_delete_on_close_lck(files_struct *fsp,
> 				TALLOC_FREE(dtl->delete_token);
> 				dtl->delete_token = copy_unix_token(dtl, tok);
> 				SMB_ASSERT(dtl->delete_token != NULL);
>+				TALLOC_FREE(dtl->delete_nt_token);
>+				dtl->delete_nt_token = dup_nt_token(dtl, nt_tok);
>+				SMB_ASSERT(dtl->delete_nt_token != NULL);
> 			}
> 			return;
> 		}
>@@ -1538,11 +1550,13 @@ void set_delete_on_close_lck(files_struct *fsp,
> 		return;
> 	}
> 
>-	ret = add_delete_on_close_token(lck, fsp->name_hash, tok);
>+	ret = add_delete_on_close_token(lck, fsp->name_hash, nt_tok, tok);
> 	SMB_ASSERT(ret);
> }
> 
>-bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct security_unix_token *tok)
>+bool set_delete_on_close(files_struct *fsp, bool delete_on_close,
>+			const struct security_token *nt_tok,
>+			const struct security_unix_token *tok)
> {
> 	struct share_mode_lock *lck;
> 	
>@@ -1557,8 +1571,15 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct s
> 		return False;
> 	}
> 
>-	set_delete_on_close_lck(fsp, lck, delete_on_close,
>-			delete_on_close ? tok : NULL);
>+	if (delete_on_close) {
>+		set_delete_on_close_lck(fsp, lck, true,
>+			nt_tok,
>+			tok);
>+	} else {
>+		set_delete_on_close_lck(fsp, lck, false,
>+			NULL,
>+			NULL);
>+	}
> 
> 	if (fsp->is_directory) {
> 		SMB_ASSERT(!is_ntfs_stream_smb_fname(fsp->fsp_name));
>@@ -1573,7 +1594,15 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct s
> 	return True;
> }
> 
>-const struct security_unix_token *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash)
>+/****************************************************************************
>+ Return the NT token and UNIX token if there's a match. Return true if
>+ found, false if not.
>+****************************************************************************/
>+
>+bool get_delete_on_close_token(struct share_mode_lock *lck,
>+				uint32_t name_hash,
>+				const struct security_token **pp_nt_tok,
>+				const struct security_unix_token **pp_tok)
> {
> 	struct delete_token_list *dtl;
> 
>@@ -1584,15 +1613,21 @@ const struct security_unix_token *get_delete_on_close_token(struct share_mode_lo
> 		DEBUG(10,("get_delete_on_close_token: dtl->name_hash = 0x%x\n",
> 				(unsigned int)dtl->name_hash ));
> 		if (dtl->name_hash == name_hash) {
>-			return dtl->delete_token;
>+			if (pp_nt_tok) {
>+				*pp_nt_tok = dtl->delete_nt_token;
>+			}
>+			if (pp_tok) {
>+				*pp_tok =  dtl->delete_token;
>+			}
>+			return true;
> 		}
> 	}
>-	return NULL;
>+	return false;
> }
> 
> bool is_delete_on_close_set(struct share_mode_lock *lck, uint32_t name_hash)
> {
>-	return (get_delete_on_close_token(lck, name_hash) != NULL);
>+	return get_delete_on_close_token(lck, name_hash, NULL, NULL);
> }
> 
> bool set_sticky_write_time(struct file_id fileid, struct timespec write_time)
>diff --git a/source3/locking/proto.h b/source3/locking/proto.h
>index b7c8990..7745da5 100644
>--- a/source3/locking/proto.h
>+++ b/source3/locking/proto.h
>@@ -173,12 +173,18 @@ void del_deferred_open_entry(struct share_mode_lock *lck, uint64_t mid,
> bool remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
> bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
> NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode);
>-const struct security_unix_token *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash);
>+bool get_delete_on_close_token(struct share_mode_lock *lck,
>+			uint32_t name_hash,
>+			const struct security_token **pp_nt_tok,
>+			const struct security_unix_token **pp_tok);
> void set_delete_on_close_lck(files_struct *fsp,
> 			struct share_mode_lock *lck,
> 			bool delete_on_close,
>+			const struct security_token *nt_tok,
>+			const struct security_unix_token *tok);
>+bool set_delete_on_close(files_struct *fsp, bool delete_on_close,
>+			const struct security_token *nt_tok,
> 			const struct security_unix_token *tok);
>-bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct security_unix_token *tok);
> bool is_delete_on_close_set(struct share_mode_lock *lck, uint32_t name_hash);
> bool set_sticky_write_time(struct file_id fileid, struct timespec write_time);
> bool set_write_time(struct file_id fileid, struct timespec write_time);
>diff --git a/source3/smbd/close.c b/source3/smbd/close.c
>index a307f70..36cec1a 100644
>--- a/source3/smbd/close.c
>+++ b/source3/smbd/close.c
>@@ -280,6 +280,8 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
> 	NTSTATUS tmp_status;
> 	struct file_id id;
> 	const struct security_unix_token *del_token = NULL;
>+	const struct security_token *del_nt_token = NULL;
>+	bool got_tokens = false;
> 
> 	/* Ensure any pending write time updates are done. */
> 	if (fsp->update_write_time_event) {
>@@ -345,7 +347,9 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
> 			became_user = True;
> 		}
> 		fsp->delete_on_close = true;
>-		set_delete_on_close_lck(fsp, lck, True, get_current_utok(conn));
>+		set_delete_on_close_lck(fsp, lck, True,
>+				get_current_nttok(conn),
>+				get_current_utok(conn));
> 		if (became_user) {
> 			unbecome_user();
> 		}
>@@ -398,8 +402,9 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
> 	 */
> 	fsp->update_write_time_on_close = false;
> 
>-	del_token = get_delete_on_close_token(lck, fsp->name_hash);
>-	SMB_ASSERT(del_token != NULL);
>+	got_tokens = get_delete_on_close_token(lck, fsp->name_hash,
>+					&del_nt_token, &del_token);
>+	SMB_ASSERT(got_tokens);
> 
> 	if (!unix_token_equal(del_token, get_current_utok(conn))) {
> 		/* Become the user who requested the delete. */
>@@ -418,7 +423,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
> 			    del_token->gid,
> 			    del_token->ngroups,
> 			    del_token->groups,
>-			    NULL);
>+			    del_nt_token);
> 
> 		changed_user = true;
> 	}
>@@ -491,7 +496,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
>  	 */
> 
> 	fsp->delete_on_close = false;
>-	set_delete_on_close_lck(fsp, lck, false, NULL);
>+	set_delete_on_close_lck(fsp, lck, false, NULL, NULL);
> 
>  done:
> 
>@@ -962,6 +967,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
> 	bool delete_dir = False;
> 	NTSTATUS status = NT_STATUS_OK;
> 	NTSTATUS status1 = NT_STATUS_OK;
>+	const struct security_token *del_nt_token = NULL;
> 	const struct security_unix_token *del_token = NULL;
> 
> 	/*
>@@ -998,6 +1004,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
> 		send_stat_cache_delete_message(fsp->conn->sconn->msg_ctx,
> 					       fsp->fsp_name->base_name);
> 		set_delete_on_close_lck(fsp, lck, true,
>+				get_current_nttok(fsp->conn),
> 				get_current_utok(fsp->conn));
> 		fsp->delete_on_close = true;
> 		if (became_user) {
>@@ -1005,8 +1012,8 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
> 		}
> 	}
> 
>-	del_token = get_delete_on_close_token(lck, fsp->name_hash);
>-	delete_dir = (del_token != NULL);
>+	delete_dir = get_delete_on_close_token(lck, fsp->name_hash,
>+					&del_nt_token, &del_token);
> 
> 	if (delete_dir) {
> 		int i;
>@@ -1038,7 +1045,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
> 				del_token->gid,
> 				del_token->ngroups,
> 				del_token->groups,
>-				NULL);
>+				del_nt_token);
> 
> 		TALLOC_FREE(lck);
> 
>diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
>index c0e8a98..ac471aa 100644
>--- a/source3/smbd/reply.c
>+++ b/source3/smbd/reply.c
>@@ -2541,7 +2541,9 @@ static NTSTATUS do_unlink(connection_struct *conn,
> 	}
> 
> 	/* The set is across all open files on this dev/inode pair. */
>-	if (!set_delete_on_close(fsp, True, &conn->session_info->utok)) {
>+	if (!set_delete_on_close(fsp, true,
>+				conn->session_info->security_token,
>+				&conn->session_info->utok)) {
> 		close_file(req, fsp, NORMAL_CLOSE);
> 		return NT_STATUS_ACCESS_DENIED;
> 	}
>@@ -5650,7 +5652,9 @@ void reply_rmdir(struct smb_request *req)
> 		goto out;
> 	}
> 
>-	if (!set_delete_on_close(fsp, true, &conn->session_info->utok)) {
>+	if (!set_delete_on_close(fsp, true,
>+			conn->session_info->security_token,
>+			&conn->session_info->utok)) {
> 		close_file(req, fsp, ERROR_CLOSE);
> 		reply_nterror(req, NT_STATUS_ACCESS_DENIED);
> 		goto out;
>diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
>index 6f933dd..c7cf1a2 100644
>--- a/source3/smbd/trans2.c
>+++ b/source3/smbd/trans2.c
>@@ -5827,6 +5827,7 @@ static NTSTATUS smb_set_file_disposition_info(connection_struct *conn,
> 
> 	/* The set is across all open files on this dev/inode pair. */
> 	if (!set_delete_on_close(fsp, delete_on_close,
>+				 conn->session_info->security_token,
> 				 &conn->session_info->utok)) {
> 		return NT_STATUS_ACCESS_DENIED;
> 	}
>-- 
>1.7.7.3
>

Actions: View

Attachments on bug 8837: 7422 | 7423 | 7442 | 7443