4860 – msdfs on 3.0.25b - trailing backslash problem; parent dir content showing up in a subdir

Bug 4860 - msdfs on 3.0.25b - trailing backslash problem; parent dir content showing up in a subdir

Summary: msdfs on 3.0.25b - trailing backslash problem; parent dir content showing up ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	File Services (show other bugs)
Version:	3.0.25b
Hardware:	Other Linux

Importance:	P3 normal
Target Milestone:	none
Assignee:	Jeremy Allison
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-08-06 13:51 UTC by Jeremy Allison
Modified:	2007-08-06 21:24 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeremy Allison 2007-08-06 13:51:25 UTC

From Jan Martin <Jan.Martin@rwedea.com>

Hi all,

in rare cases, Samba 3.0.25b shows directory contents at the wrong
position in the file tree when displaying a subdirectory of a DFS link.

The problem occurs whenever Windows XP asks for a DFS referral for a
subdirectory of a DFS link with a trailing backslash.
Windows does not do this very often, but we saw it several times per day
on our central DFS server.

smbd/msdfs.c, dfs_path_lookup() does the following with the requested
path:
- in line 390, the local copy 'localpath' is 'unix_convert'ed; the
trailing backslash is removed inside unix_convert
- in lines 417-20, 'dfspath' (another copy of the requested path) is
mangled another way without removing trailing backslashes

That's why the following loop (lines 435-461) that is meant to
synchronously cut off the last path component from both strings until it
comes to a DFS link, does not handle both strings the same.  When the
original path ended with a backslash, 'canon_dfspath' has always one
component more than 'localpath', so that *consumedcntp gets too big in
line 446. This value is reported to the client.

Upon that answer, the clients composes the DFS destination, omitting the
'consumed' part of the original UNC name.
Example:
Original UNC name: \\DFSSERVER\DFSROOT\DFSLINK\SUBDIR\
Answer from DFSSERVER: "Look at \\REALSERVER\REALSHARE; but
\DFSROOT\DFSLINK\SUBDIR\ is already consumed"
So the client shows \\REALSERVER\REALSHARE instead of
\\REALSERVER\REALSHARE\SUBDIR as content of
\\DFSSERVER\DFSROOT\DFSLINK\SUBDIR

To fix that problem, we added a line to trim canon_dfspath in
smbd/msdfs.c, line 430.

This is our patch (4 lines comment, 1 line code):

-------------------------------------------------
diff -rU5 samba-3.0.25b-orig/source/smbd/msdfs.c
samba-3.0.25b-backslash-fix/source/smbd/msdfs.c
--- samba-3.0.25b-orig/source/smbd/msdfs.c      2007-05-11
00:09:34.000000000 +0200
+++ samba-3.0.25b-backslash-fix/source/smbd/msdfs.c     2007-08-06
14:58:41.000000000 +0200
@@ -425,10 +425,16 @@
         * local path, chopping off the last component
         * in both the local path and the canonicalized
         * DFS path. If we hit a DFS link then we're done.
         */

+        /* localpath comes out of unix_convert, so it has
+         * no trailing backslash
+         * make sure that canon_dfspath hasn't either
+         */
+        trim_char(canon_dfspath,0,'/');
+
        p = strrchr_m(localpath, '/');
        if (consumedcntp) {
                q = strrchr_m(canon_dfspath, '/');
        }

-------------------------------------------------

With this patch, our installation does not show the problem any more.
Would you please check and add it (or a better one, of course) to the
Samba sources?

Comment 1 Jeremy Allison 2007-08-06 13:55:10 UTC

Fixed for 3.0.25c with rev 24253.
Jeremy.