The Samba-Bugzilla – Attachment 9593 Details for
Bug 10378
dfs: always call create_conn_struct with root privileges
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.1.next.
bug-10378.4.1.patch (text/plain), 2.94 KB, created by
Jeremy Allison
on 2014-01-14 18:50:22 UTC
(
hide
)
Description:
git-am fix for 4.1.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2014-01-14 18:50:22 UTC
Size:
2.94 KB
patch
obsolete
>From 59a53f2eb07e71d21da465e65e11dba3eed684b6 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 19 Dec 2013 09:55:44 +1300 >Subject: [PATCH] dfs: always call create_conn_struct with root privileges >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >This fixes a bug in dfs_samba4 identified by Daniel Müller. > >create_conn_struct calls SMB_VFS_CONNECT which requires root privileges. >SMB_VFS_CONNECT in turn calls dfs_samba4_connect which connects to samdb. > >Calls were made to this function without ever becoming root (notably via setup_dfs_referral) >which resulted in an error and the VFS connect failing. This happens when you have an active >directory domain controller with host msdfs = yes in smb.conf and dfs links in place. > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Bjoern Baumbach <bb@sernet.de> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Fri Jan 10 20:11:03 CET 2014 on sn-devel-104 > >(cherry picked from commit 24a687642de21ce872d25f16b3525003844d05f9) >--- > source3/smbd/msdfs.c | 31 ++++++++++++++++++++++++++++++- > 1 file changed, 30 insertions(+), 1 deletion(-) > >diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c >index 52a2a48..096a3a0 100644 >--- a/source3/smbd/msdfs.c >+++ b/source3/smbd/msdfs.c >@@ -221,9 +221,11 @@ static NTSTATUS parse_dfs_path(connection_struct *conn, > Fake up a connection struct for the VFS layer, for use in > applications (such as the python bindings), that do not want the > global working directory changed under them. >+ >+ SMB_VFS_CONNECT requires root privileges. > *********************************************************/ > >-NTSTATUS create_conn_struct(TALLOC_CTX *ctx, >+static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx, > struct tevent_context *ev, > struct messaging_context *msg, > connection_struct **pconn, >@@ -347,6 +349,33 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, > } > > /******************************************************** >+ Fake up a connection struct for the VFS layer, for use in >+ applications (such as the python bindings), that do not want the >+ global working directory changed under them. >+ >+ SMB_VFS_CONNECT requires root privileges. >+*********************************************************/ >+ >+NTSTATUS create_conn_struct(TALLOC_CTX *ctx, >+ struct tevent_context *ev, >+ struct messaging_context *msg, >+ connection_struct **pconn, >+ int snum, >+ const char *path, >+ const struct auth_session_info *session_info) >+{ >+ NTSTATUS status; >+ become_root(); >+ status = create_conn_struct_as_root(ctx, ev, >+ msg, pconn, >+ snum, path, >+ session_info); >+ unbecome_root(); >+ >+ return status; >+} >+ >+/******************************************************** > Fake up a connection struct for the VFS layer. > Note: this performs a vfs connect and CHANGES CWD !!!! JRA. > >-- >1.8.5.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9593">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
bbaumbach
:
review+
obnox
:
review+
metze
:
review+
Actions:
View
Attachments on
bug 10378
: 9593 |
9594