Second part of bugfix for bug #8837 - smbd crashes when deleting directory and veto files are enabled.

Store the 'struct security_token' as well as the 'struct security_unix_token' inside the locking db when setting a delete on close.
author: Jeremy Allison <jra@samba.org> 2012-04-04 14:54:02 -0700
committer: Jeremy Allison <jra@samba.org> 2012-04-04 14:58:42 -0700
commit: c10ed730d481e3d5b6710999b11b8e6969e1c16e (patch)
tree: 21c815c14da2fdd2bf7e7da2315cdc49ff94b9e4 /source3/smbd
parent: f042de2f346c98a852957cdbb09a7f8ac871b69c (diff)
download: samba-c10ed730d481e3d5b6710999b11b8e6969e1c16e.tar.gz
samba-c10ed730d481e3d5b6710999b11b8e6969e1c16e.tar.xz
samba-c10ed730d481e3d5b6710999b11b8e6969e1c16e.zip
3 files changed, 22 insertions, 10 deletions
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 34ce7858be4..8b91da81d54 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -332,6 +332,8 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
 	NTSTATUS tmp_status;
 	struct file_id id;
 	const struct security_unix_token *del_token = NULL;
+	const struct security_token *del_nt_token = NULL;
+	bool got_tokens = false;
 
 	/* Ensure any pending write time updates are done. */
 	if (fsp->update_write_time_event) {
@@ -395,7 +397,9 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
 			became_user = True;
 		}
 		fsp->delete_on_close = true;
-		set_delete_on_close_lck(fsp, lck, True, get_current_utok(conn));
+		set_delete_on_close_lck(fsp, lck, True,
+				get_current_nttok(conn),
+				get_current_utok(conn));
 		if (became_user) {
 			unbecome_user();
 		}
@@ -448,8 +452,9 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
 	 */
 	fsp->update_write_time_on_close = false;
 
-	del_token = get_delete_on_close_token(lck, fsp->name_hash);
-	SMB_ASSERT(del_token != NULL);
+	got_tokens = get_delete_on_close_token(lck, fsp->name_hash,
+					&del_nt_token, &del_token);
+	SMB_ASSERT(got_tokens);
 
 	if (!unix_token_equal(del_token, get_current_utok(conn))) {
 		/* Become the user who requested the delete. */
@@ -468,7 +473,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
 			    del_token->gid,
 			    del_token->ngroups,
 			    del_token->groups,
-			    NULL);
+			    del_nt_token);
 
 		changed_user = true;
 	}
@@ -541,7 +546,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
  	 */
 
 	fsp->delete_on_close = false;
-	set_delete_on_close_lck(fsp, lck, false, NULL);
+	set_delete_on_close_lck(fsp, lck, false, NULL, NULL);
 
  done:
 
@@ -1010,6 +1015,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
 	bool delete_dir = False;
 	NTSTATUS status = NT_STATUS_OK;
 	NTSTATUS status1 = NT_STATUS_OK;
+	const struct security_token *del_nt_token = NULL;
 	const struct security_unix_token *del_token = NULL;
 
 	/*
@@ -1044,6 +1050,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
 		send_stat_cache_delete_message(fsp->conn->sconn->msg_ctx,
 					       fsp->fsp_name->base_name);
 		set_delete_on_close_lck(fsp, lck, true,
+				get_current_nttok(fsp->conn),
 				get_current_utok(fsp->conn));
 		fsp->delete_on_close = true;
 		if (became_user) {
@@ -1051,8 +1058,8 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
 		}
 	}
 
-	del_token = get_delete_on_close_token(lck, fsp->name_hash);
-	delete_dir = (del_token != NULL);
+	delete_dir = get_delete_on_close_token(lck, fsp->name_hash,
+					&del_nt_token, &del_token);
 
 	if (delete_dir) {
 		int i;
@@ -1084,7 +1091,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
 				del_token->gid,
 				del_token->ngroups,
 				del_token->groups,
-				NULL);
+				del_nt_token);
 
 		TALLOC_FREE(lck);
 
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 6e4bcab7741..884731088a9 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2546,7 +2546,9 @@ static NTSTATUS do_unlink(connection_struct *conn,
 	}
 
 	/* The set is across all open files on this dev/inode pair. */
-	if (!set_delete_on_close(fsp, True, conn->session_info->unix_token)) {
+	if (!set_delete_on_close(fsp, True,
+				conn->session_info->security_token,
+				conn->session_info->unix_token)) {
 		close_file(req, fsp, NORMAL_CLOSE);
 		return NT_STATUS_ACCESS_DENIED;
 	}
@@ -5664,7 +5666,9 @@ void reply_rmdir(struct smb_request *req)
 		goto out;
 	}
 
-	if (!set_delete_on_close(fsp, true, conn->session_info->unix_token)) {
+	if (!set_delete_on_close(fsp, true,
+			conn->session_info->security_token,
+			conn->session_info->unix_token)) {
 		close_file(req, fsp, ERROR_CLOSE);
 		reply_nterror(req, NT_STATUS_ACCESS_DENIED);
 		goto out;
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 24642cd8181..da552f5a51a 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -5885,6 +5885,7 @@ static NTSTATUS smb_set_file_disposition_info(connection_struct *conn,
 
 	/* The set is across all open files on this dev/inode pair. */
 	if (!set_delete_on_close(fsp, delete_on_close,
+				 conn->session_info->security_token,
 				 conn->session_info->unix_token)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
author	Jeremy Allison <jra@samba.org>	2012-04-04 14:54:02 -0700
committer	Jeremy Allison <jra@samba.org>	2012-04-04 14:58:42 -0700
commit	c10ed730d481e3d5b6710999b11b8e6969e1c16e (patch)
tree	21c815c14da2fdd2bf7e7da2315cdc49ff94b9e4 /source3/smbd
parent	f042de2f346c98a852957cdbb09a7f8ac871b69c (diff)
download	samba-c10ed730d481e3d5b6710999b11b8e6969e1c16e.tar.gz samba-c10ed730d481e3d5b6710999b11b8e6969e1c16e.tar.xz samba-c10ed730d481e3d5b6710999b11b8e6969e1c16e.zip