The branch, v3-5-test has been updated
via 82e15a5 s3: Fix bug 7779, crash in expand_msdfs
from d070359 s3: Fix a getgrent crash with many groups
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit 82e15a5ee335ac87ab473899b333056a02bf15b3
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 6 21:18:35 2010 +0100
s3: Fix bug 7779, crash in expand_msdfs
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 1 +
source3/librpc/gen_ndr/ndr_secrets.c | 2 --
source3/rpc_server/srv_dfs_nt.c | 12 +++++++-----
source3/smbd/msdfs.c | 8 +++++---
4 files changed, 13 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index f7bfc2a..3d06c31 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6465,6 +6465,7 @@ bool is_msdfs_link(connection_struct *conn,
const char *path,
SMB_STRUCT_STAT *sbufp);
NTSTATUS get_referred_path(TALLOC_CTX *ctx,
+ struct auth_serversupplied_info *server_info,
const char *dfs_path,
struct junction_map *jucn,
int *consumedcntp,
diff --git a/source3/librpc/gen_ndr/ndr_secrets.c
b/source3/librpc/gen_ndr/ndr_secrets.c
index f9b6145..2b182db 100644
--- a/source3/librpc/gen_ndr/ndr_secrets.c
+++ b/source3/librpc/gen_ndr/ndr_secrets.c
@@ -24,7 +24,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_TRUSTED_DOM_PASS(struct
ndr_push *ndr, int n
NDR_CHECK(ndr_push_trailer_align(ndr, 4));
}
if (ndr_flags & NDR_BUFFERS) {
- NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS,
&r->domain_sid));
}
ndr->flags = _flags_save_STRUCT;
}
@@ -52,7 +51,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_TRUSTED_DOM_PASS(struct
ndr_pull *ndr, int n
NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
}
if (ndr_flags & NDR_BUFFERS) {
- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_BUFFERS,
&r->domain_sid));
}
ndr->flags = _flags_save_STRUCT;
}
diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c
index dfa33c2..2bfbe5e 100644
--- a/source3/rpc_server/srv_dfs_nt.c
+++ b/source3/rpc_server/srv_dfs_nt.c
@@ -70,7 +70,7 @@ WERROR _dfs_Add(pipes_struct *p, struct dfs_Add *r)
}
/* The following call can change the cwd. */
- status = get_referred_path(ctx, r->in.path, jn,
+ status = get_referred_path(ctx, p->server_info, r->in.path, jn,
&consumedcnt, &self_ref);
if(!NT_STATUS_IS_OK(status)) {
return ntstatus_to_werror(status);
@@ -136,8 +136,9 @@ WERROR _dfs_Remove(pipes_struct *p, struct dfs_Remove *r)
r->in.dfs_entry_path, r->in.servername,
r->in.sharename));
}
- if(!NT_STATUS_IS_OK(get_referred_path(ctx, r->in.dfs_entry_path, jn,
- &consumedcnt, &self_ref))) {
+ if(!NT_STATUS_IS_OK(get_referred_path(ctx, p->server_info,
+ r->in.dfs_entry_path, jn,
+ &consumedcnt, &self_ref))) {
return WERR_DFS_NO_SUCH_VOL;
}
@@ -358,8 +359,9 @@ WERROR _dfs_GetInfo(pipes_struct *p, struct dfs_GetInfo *r)
}
/* The following call can change the cwd. */
- if(!NT_STATUS_IS_OK(get_referred_path(ctx, r->in.dfs_entry_path,
- jn, &consumedcnt, &self_ref)) ||
+ if(!NT_STATUS_IS_OK(get_referred_path(ctx, p->server_info,
+ r->in.dfs_entry_path,
+ jn, &consumedcnt, &self_ref)) ||
consumedcnt < strlen(r->in.dfs_entry_path)) {
return WERR_DFS_NO_SUCH_VOL;
}
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 6dfa886..6a2f756 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -795,6 +795,7 @@ static NTSTATUS self_ref(TALLOC_CTX *ctx,
**********************************************************************/
NTSTATUS get_referred_path(TALLOC_CTX *ctx,
+ struct auth_serversupplied_info *server_info,
const char *dfs_path,
struct junction_map *jucn,
int *consumedcntp,
@@ -916,7 +917,7 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx,
}
status = create_conn_struct(ctx, &conn, snum, lp_pathname(snum),
- NULL, &oldpath);
+ server_info, &oldpath);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(pdp);
return status;
@@ -1221,8 +1222,9 @@ int setup_dfs_referral(connection_struct *orig_conn,
}
/* The following call can change cwd. */
- *pstatus = get_referred_path(ctx, pathnamep, junction,
- &consumedcnt, &self_referral);
+ *pstatus = get_referred_path(ctx, orig_conn->server_info,
+ pathnamep, junction,
+ &consumedcnt, &self_referral);
if (!NT_STATUS_IS_OK(*pstatus)) {
vfs_ChDir(orig_conn,orig_conn->connectpath);
talloc_destroy(ctx);
--
Samba Shared Repository
