diff options
| author | Garming Sam <garming@catalyst.net.nz> | 2013-12-19 09:55:44 +1300 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2014-01-10 20:11:03 +0100 |
| commit | 24a687642de21ce872d25f16b3525003844d05f9 (patch) | |
| tree | d4ddc00c7a70409ef3f2f2786536b12d04dcf7b9 /source3 | |
| parent | 0045f3b0a3d232103a059f9cec3743486f402452 (diff) | |
| download | samba-24a687642de21ce872d25f16b3525003844d05f9.tar.gz samba-24a687642de21ce872d25f16b3525003844d05f9.tar.xz samba-24a687642de21ce872d25f16b3525003844d05f9.zip | |
dfs: always call create_conn_struct with root privileges
This fixes a bug in dfs_samba4 identified by Daniel Müller.
create_conn_struct calls SMB_VFS_CONNECT which requires root privileges.
SMB_VFS_CONNECT in turn calls dfs_samba4_connect which connects to samdb.
Calls were made to this function without ever becoming root (notably via setup_dfs_referral)
which resulted in an error and the VFS connect failing. This happens when you have an active
directory domain controller with host msdfs = yes in smb.conf and dfs links in place.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Bjoern Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 10 20:11:03 CET 2014 on sn-devel-104
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/smbd/msdfs.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index aede3e6da0b..53c06dd015c 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -221,9 +221,11 @@ static NTSTATUS parse_dfs_path(connection_struct *conn, Fake up a connection struct for the VFS layer, for use in applications (such as the python bindings), that do not want the global working directory changed under them. + + SMB_VFS_CONNECT requires root privileges. *********************************************************/ -NTSTATUS create_conn_struct(TALLOC_CTX *ctx, +static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx, struct tevent_context *ev, struct messaging_context *msg, connection_struct **pconn, @@ -347,6 +349,33 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, } /******************************************************** + Fake up a connection struct for the VFS layer, for use in + applications (such as the python bindings), that do not want the + global working directory changed under them. + + SMB_VFS_CONNECT requires root privileges. +*********************************************************/ + +NTSTATUS create_conn_struct(TALLOC_CTX *ctx, + struct tevent_context *ev, + struct messaging_context *msg, + connection_struct **pconn, + int snum, + const char *path, + const struct auth_session_info *session_info) +{ + NTSTATUS status; + become_root(); + status = create_conn_struct_as_root(ctx, ev, + msg, pconn, + snum, path, + session_info); + unbecome_root(); + + return status; +} + +/******************************************************** Fake up a connection struct for the VFS layer. Note: this performs a vfs connect and CHANGES CWD !!!! JRA. |