summaryrefslogtreecommitdiffstats
path: root/source3/smbd/open.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-10-10 11:50:27 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-10-11 12:25:11 +1100
commitc8ade07760ae0ccfdf2d875c9f3027926e62321b (patch)
treeabac36ce81b1e0737bfeb607699a41773beb958e /source3/smbd/open.c
parent9158974540d0e311021f04789ed75ebda466c5b3 (diff)
downloadsamba-c8ade07760ae0ccfdf2d875c9f3027926e62321b.tar.gz
samba-c8ade07760ae0ccfdf2d875c9f3027926e62321b.tar.xz
samba-c8ade07760ae0ccfdf2d875c9f3027926e62321b.zip
smbd: Add mem_ctx to {f,}get_nt_acl VFS call
This makes it clear which context the returned SD is allocated on, as a number of callers do not want it on talloc_tos(). As the ACL transformation allocates and then no longer needs a great deal of memory, a talloc_stackframe() call is used to contain the memory that is not returned further up the stack. Andrew Bartlett
Diffstat (limited to 'source3/smbd/open.c')
-rw-r--r--source3/smbd/open.c22
1 files changed, 14 insertions, 8 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index d4babd40f7d..efabe4a480e 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -115,7 +115,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- SECINFO_DACL),&sd);
+ SECINFO_DACL), talloc_tos(), &sd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("smbd_check_access_rights: Could not get acl "
@@ -237,6 +237,7 @@ static NTSTATUS check_parent_access(struct connection_struct *conn,
status = SMB_VFS_GET_NT_ACL(conn,
parent_dir,
SECINFO_DACL,
+ talloc_tos(),
&parent_sd);
if (!NT_STATUS_IS_OK(status)) {
@@ -1683,7 +1684,8 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- SECINFO_DACL),&sd);
+ SECINFO_DACL),
+ talloc_tos(), &sd);
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
/*
@@ -3425,7 +3427,7 @@ NTSTATUS open_streams_for_delete(connection_struct *conn,
static NTSTATUS inherit_new_acl(files_struct *fsp)
{
- TALLOC_CTX *ctx = talloc_tos();
+ TALLOC_CTX *frame = talloc_stackframe();
char *parent_name = NULL;
struct security_descriptor *parent_desc = NULL;
NTSTATUS status = NT_STATUS_OK;
@@ -3437,14 +3439,15 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
bool inheritable_components = false;
size_t size = 0;
- if (!parent_dirname(ctx, fsp->fsp_name->base_name, &parent_name, NULL)) {
+ if (!parent_dirname(frame, fsp->fsp_name->base_name, &parent_name, NULL)) {
return NT_STATUS_NO_MEMORY;
}
status = SMB_VFS_GET_NT_ACL(fsp->conn,
- parent_name,
- (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
- &parent_desc);
+ parent_name,
+ (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
+ frame,
+ &parent_desc);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -3453,6 +3456,7 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
fsp->is_directory);
if (!inheritable_components && !inherit_owner) {
+ TALLOC_FREE(frame);
/* Nothing to inherit and not setting owner. */
return NT_STATUS_OK;
}
@@ -3478,7 +3482,7 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
group_sid = &fsp->conn->session_info->security_token->sids[PRIMARY_GROUP_SID_INDEX];
}
- status = se_create_child_secdesc(ctx,
+ status = se_create_child_secdesc(frame,
&psd,
&size,
parent_desc,
@@ -3486,6 +3490,7 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
group_sid,
fsp->is_directory);
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
return status;
}
@@ -3516,6 +3521,7 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
if (inherit_owner) {
unbecome_root();
}
+ TALLOC_FREE(frame);
return status;
}