The branch, v3-6-test has been updated via d43d147 s3:smb2_create: use smbd_calculate_access_mask() instead of smbd_check_open_rights() via 89a05c3 s3:smb2_tcon: return the correct maximal_access on the share via c384bf7 s3:smbd: return the real share access mask in the SMBtconX response via 3e87706 s3:smbd: use smbd_calculate_access_mask() also for fake_files via d43f7ff s3:smbd: check the share level access mask in smbd_calculate_access_mask() via 5a1c2b4 s3:smbd: make smbd_calculate_access_mask() non-static via bd91cb8 s3:smbd/msdfs: let create_conn_struct() check the share security descriptor via b3a0350 s3: Fix bug 8102 via 83c6e9d s3: Calculate&store the maximum share access mask via 283f76c s3: Return "granted" from share_access_check via 7b28ae9 s3:smb2_server: add some comments about change_to_user() and change_to_root_user() via 3de9d22 s3:smb2_server: call change_to_root_user() or smbd_smb2_request_check_tcon() via fe6a325 s3:smb2_server: there's no reason to check the session id twice on a smb2_tcon request from ae41415 WHATSNEW: Update changes since rc2.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log ----------------------------------------------------------------- commit d43d147c9d69dd23296677f9ae998c9362771682 Author: Stefan Metzmacher <me...@samba.org> Date: Sun Jul 10 13:09:06 2011 +0200 s3:smb2_create: use smbd_calculate_access_mask() instead of smbd_check_open_rights() metze Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Mon Jul 11 22:45:01 CEST 2011 on sn-devel-104 (cherry picked from commit f5d320ac0fb74d4ad95a03969366096e9b074379) The last 10 patches address bug #8102 (domuser can change ACL from his files over the network). commit 89a05c3a54239d384317f9881430fac264138f3f Author: Stefan Metzmacher <me...@samba.org> Date: Sun Jul 10 13:02:11 2011 +0200 s3:smb2_tcon: return the correct maximal_access on the share metze (cherry picked from commit a1046389ffcc476456ac76cb701a4325d1c42ef9) commit c384bf75284fa7280b9279d305c5404f9f1066df Author: Stefan Metzmacher <me...@samba.org> Date: Mon Jul 11 16:12:57 2011 +0200 s3:smbd: return the real share access mask in the SMBtconX response metze (cherry picked from commit 58eed1b295afeff6acfb8c1f10b0bb02280fd491) commit 3e8770619c53c956f623ae852f97e6226513898d Author: Stefan Metzmacher <me...@samba.org> Date: Sun Jul 10 13:59:40 2011 +0200 s3:smbd: use smbd_calculate_access_mask() also for fake_files metze (cherry picked from commit 581d8fa36b73abab030168dc35fb631ccd42a388) commit d43f7ffb9fa8449a954d2e9fc9012a00289b41e2 Author: Stefan Metzmacher <me...@samba.org> Date: Sun Jul 10 13:03:51 2011 +0200 s3:smbd: check the share level access mask in smbd_calculate_access_mask() I think we should reject invalid access early, before we might create new files. Also smbd_check_open_rights() is only called if the file existed. metze (cherry picked from commit 896f105ed40dc04f83bcbfac367b309c8d957f86) commit 5a1c2b4774c914a45bf2da7e666f6acf7f6927c6 Author: Stefan Metzmacher <me...@samba.org> Date: Sun Jul 10 13:00:25 2011 +0200 s3:smbd: make smbd_calculate_access_mask() non-static metze (cherry picked from commit ce66d4e4a885add09edfa8e6d5eab0f3b5d63081) commit bd91cb862c4ceb3955c742d1c516e51733a19e6e Author: Stefan Metzmacher <me...@samba.org> Date: Tue Jul 12 17:31:13 2011 +0200 s3:smbd/msdfs: let create_conn_struct() check the share security descriptor metze (cherry picked from commit 18f967a24881aa899b39f7676fc70a7f7aaca07b) commit b3a035005ef98bcb31bade50a9e3ddf088302779 Author: Volker Lendecke <v...@samba.org> Date: Tue Jul 5 11:13:07 2011 +0200 s3: Fix bug 8102 We can't allow open with access that has been denied via the share security descriptor Signed-off-by: Stefan Metzmacher <me...@samba.org> Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Tue Jul 5 16:21:54 CEST 2011 on sn-devel-104 (cherry picked from commit 4deca5d72804a40e68158a1183f5633dabf24761) commit 83c6e9d3ad76e8009778e5ba0bf22e256d06ad48 Author: Volker Lendecke <v...@samba.org> Date: Mon Jul 4 18:35:21 2011 +0200 s3: Calculate&store the maximum share access mask Signed-off-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 720fa46f9443ccbe471b265f1c2b9cb9782a3c26) commit 283f76c06308eaeaf9d134e0bfb45188ee684fb3 Author: Volker Lendecke <v...@samba.org> Date: Mon Jul 4 17:02:34 2011 +0200 s3: Return "granted" from share_access_check Signed-off-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 1c022d2e414607633323e65abbc63bb3aeaaa6a4) commit 7b28ae90603ff152e31b2113109bdaebc540810f Author: Stefan Metzmacher <me...@samba.org> Date: Fri Jul 8 09:08:39 2011 +0200 s3:smb2_server: add some comments about change_to_user() and change_to_root_user() metze Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Fri Jul 8 13:45:46 CEST 2011 on sn-devel-104 (cherry picked from commit dbfb88aef30a755c29015bff4699eb17925a4988) The last 3 patches address bug #8292 (Disable SMB2 for 3.6). commit 3de9d2204e1f14c8a1d9642f3dc1e1e7e1013210 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Jul 7 16:38:33 2011 +0200 s3:smb2_server: call change_to_root_user() or smbd_smb2_request_check_tcon() For all requests which don't operate on a tcon, we should call change_to_root_user(), to match the SMB1 behavior. For SMB1 we do the following operations without AS_USER: /* 0x70 */ { "SMBtcon",reply_tcon,0}, /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR}, /* 0x72 */ { "SMBnegprot",reply_negprot,0}, /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0}, /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */ /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0}, ... /* 0x2b */ { "SMBecho",reply_echo,0}, ... /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 }, For SMB2tdis we still call smbd_smb2_request_check_tcon() as close_cnum() calls change_to_root_user() when needed. metze Signed-off-by: Jeremy Allison <j...@samba.org> (cherry picked from commit eea210eba7c20e6d04b13cf8ccd3011ee7c99157) commit fe6a325226a5fb17e5ccf62c5d0882d97baa35b7 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Jul 4 15:57:20 2011 +0200 s3:smb2_server: there's no reason to check the session id twice on a smb2_tcon request metze Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Mon Jul 4 17:34:13 CEST 2011 on sn-devel-104 (cherry picked from commit 7c96e96e9881ec1ad7b41f0ab241a5b0ac17b93f) ----------------------------------------------------------------------- Summary of changes: source3/include/proto.h | 6 +- source3/include/smb.h | 1 + source3/lib/sharesec.c | 10 ++- source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 4 +- source3/smbd/fake_file.c | 13 +++ source3/smbd/globals.h | 5 + source3/smbd/msdfs.c | 30 +++++++ source3/smbd/open.c | 54 +++++++++--- source3/smbd/reply.c | 4 +- source3/smbd/service.c | 36 ++++----- source3/smbd/smb2_create.c | 7 ++- source3/smbd/smb2_server.c | 130 +++++++++++++++++++++++++++-- source3/smbd/smb2_tcon.c | 2 +- source3/smbd/uid.c | 11 ++- 14 files changed, 255 insertions(+), 58 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index d072502..6291f11 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -329,8 +329,10 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser size_t *psize); bool set_share_security(const char *share_name, struct security_descriptor *psd); bool delete_share_security(const char *servicename); -bool share_access_check(const struct security_token *token, const char *sharename, - uint32 desired_access); +bool share_access_check(const struct security_token *token, + const char *sharename, + uint32 desired_access, + uint32_t *pgranted); bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd); /* The following definitions come from lib/smbrun.c */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 3e68a99..3a64af7 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -408,6 +408,7 @@ typedef struct connection_struct { bool printer; bool ipc; bool read_only; /* Attributes for the current user of the share. */ + uint32_t share_access; /* Does this filesystem honor sub second timestamps on files and directories when setting time ? */ diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index c2494e2..410fc13 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -410,8 +410,10 @@ bool delete_share_security(const char *servicename) Can this user access with share with the required permissions ? ********************************************************************/ -bool share_access_check(const struct security_token *token, const char *sharename, - uint32 desired_access) +bool share_access_check(const struct security_token *token, + const char *sharename, + uint32 desired_access, + uint32_t *pgranted) { uint32 granted; NTSTATUS status; @@ -428,6 +430,10 @@ bool share_access_check(const struct security_token *token, const char *sharenam TALLOC_FREE(psd); + if (pgranted != NULL) { + *pgranted = granted; + } + return NT_STATUS_IS_OK(status); } diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index 472a318..a078395 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -539,8 +539,8 @@ static bool is_enumeration_allowed(struct pipes_struct *p, if (!lp_access_based_share_enum(snum)) return true; - return share_access_check(p->session_info->security_token, lp_servicename(snum), - FILE_READ_DATA); + return share_access_check(p->session_info->security_token, + lp_servicename(snum), FILE_READ_DATA, NULL); } /******************************************************************* diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c index 81f7686..68967fb 100644 --- a/source3/smbd/fake_file.c +++ b/source3/smbd/fake_file.c @@ -19,6 +19,7 @@ #include "includes.h" #include "smbd/smbd.h" +#include "smbd/globals.h" #include "fake_file.h" #include "auth.h" @@ -128,6 +129,18 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn, files_struct *fsp = NULL; NTSTATUS status; + status = smbd_calculate_access_mask(conn, smb_fname, + false, /* fake files do not exist */ + access_mask, &access_mask); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("open_fake_file: smbd_calculate_access_mask " + "on service[%s] file[%s] returned %s\n", + lp_servicename(SNUM(conn)), + smb_fname_str_dbg(smb_fname), + nt_errstr(status))); + return status; + } + /* access check */ if (geteuid() != sec_initial_uid()) { DEBUG(3, ("open_fake_file_shared: access_denied to " diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index d9a54d2..58e03a5 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -224,6 +224,11 @@ bool smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx, int *_last_entry_off, struct ea_list *name_list); +NTSTATUS smbd_calculate_access_mask(connection_struct *conn, + const struct smb_filename *smb_fname, + bool file_existed, + uint32_t access_mask, + uint32_t *access_mask_out); NTSTATUS smbd_check_open_rights(struct connection_struct *conn, const struct smb_filename *smb_fname, uint32_t access_mask, diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index ab67ac8..3bdedb8 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -27,6 +27,7 @@ #include "smbd/globals.h" #include "msdfs.h" #include "auth.h" +#include "libcli/security/security.h" /********************************************************************** Parse a DFS pathname of the form \hostname\service\reqpath @@ -278,6 +279,35 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, set_conn_connectpath(conn, connpath); + /* + * New code to check if there's a share security descripter + * added from NT server manager. This is done after the + * smb.conf checks are done as we need a uid and token. JRA. + * + */ + if (conn->session_info) { + share_access_check(conn->session_info->security_token, + lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS, + &conn->share_access); + + if ((conn->share_access & FILE_WRITE_DATA) == 0) { + if ((conn->share_access & FILE_READ_DATA) == 0) { + /* No access, read or write. */ + DEBUG(0,("create_conn_struct: connection to %s " + "denied due to security " + "descriptor.\n", + lp_servicename(snum))); + conn_free(conn); + return NT_STATUS_ACCESS_DENIED; + } else { + conn->read_only = true; + } + } + } else { + conn->share_access = 0; + conn->read_only = true; + } + if (!smbd_vfs_init(conn)) { NTSTATUS status = map_nt_error_from_unix(errno); DEBUG(0,("create_conn_struct: smbd_vfs_init failed.\n")); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 44b1835..81d4e69 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -76,6 +76,14 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, /* Check if we have rights to open. */ NTSTATUS status; struct security_descriptor *sd = NULL; + uint32_t rejected_share_access; + + rejected_share_access = access_mask & ~(conn->share_access); + + if (rejected_share_access) { + *access_granted = rejected_share_access; + return NT_STATUS_ACCESS_DENIED; + } if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) { *access_granted = access_mask; @@ -1514,13 +1522,15 @@ static void schedule_defer_open(struct share_mode_lock *lck, Work out what access_mask to use from what the client sent us. ****************************************************************************/ -static NTSTATUS calculate_access_mask(connection_struct *conn, - const struct smb_filename *smb_fname, - bool file_existed, - uint32_t access_mask, - uint32_t *access_mask_out) +NTSTATUS smbd_calculate_access_mask(connection_struct *conn, + const struct smb_filename *smb_fname, + bool file_existed, + uint32_t access_mask, + uint32_t *access_mask_out) { NTSTATUS status; + uint32_t orig_access_mask = access_mask; + uint32_t rejected_share_access; /* * Convert GENERIC bits to specific bits. @@ -1541,8 +1551,8 @@ static NTSTATUS calculate_access_mask(connection_struct *conn, SECINFO_DACL),&sd); if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("calculate_access_mask: Could not get acl " - "on file %s: %s\n", + DEBUG(10,("smbd_calculate_access_mask: " + "Could not get acl on file %s: %s\n", smb_fname_str_dbg(smb_fname), nt_errstr(status))); return NT_STATUS_ACCESS_DENIED; @@ -1557,8 +1567,9 @@ static NTSTATUS calculate_access_mask(connection_struct *conn, TALLOC_FREE(sd); if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("calculate_access_mask: Access denied on " - "file %s: when calculating maximum access\n", + DEBUG(10, ("smbd_calculate_access_mask: " + "Access denied on file %s: " + "when calculating maximum access\n", smb_fname_str_dbg(smb_fname))); return NT_STATUS_ACCESS_DENIED; } @@ -1567,6 +1578,21 @@ static NTSTATUS calculate_access_mask(connection_struct *conn, } else { access_mask = FILE_GENERIC_ALL; } + + access_mask &= conn->share_access; + } + + rejected_share_access = access_mask & ~(conn->share_access); + + if (rejected_share_access) { + DEBUG(10, ("smbd_calculate_access_mask: Access denied on " + "file %s: rejected by share access mask[0x%08X] " + "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n", + smb_fname_str_dbg(smb_fname), + conn->share_access, + orig_access_mask, access_mask, + rejected_share_access)); + return NT_STATUS_ACCESS_DENIED; } *access_mask_out = access_mask; @@ -1890,11 +1916,11 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, } } - status = calculate_access_mask(conn, smb_fname, file_existed, + status = smbd_calculate_access_mask(conn, smb_fname, file_existed, access_mask, &access_mask); if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("open_file_ntcreate: calculate_access_mask " + DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask " "on file %s returned %s\n", smb_fname_str_dbg(smb_fname), nt_errstr(status))); return status; @@ -2737,10 +2763,10 @@ static NTSTATUS open_directory(connection_struct *conn, return NT_STATUS_NOT_A_DIRECTORY; } - status = calculate_access_mask(conn, smb_dname, dir_existed, - access_mask, &access_mask); + status = smbd_calculate_access_mask(conn, smb_dname, dir_existed, + access_mask, &access_mask); if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("open_directory: calculate_access_mask " + DEBUG(10, ("open_directory: smbd_calculate_access_mask " "on file %s returned %s\n", smb_fname_str_dbg(smb_dname), nt_errstr(status))); diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 099a36e..c594a6b 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -835,9 +835,7 @@ void reply_tcon_and_X(struct smb_request *req) perm1 = FILE_ALL_ACCESS; perm2 = FILE_ALL_ACCESS; } else { - perm1 = CAN_WRITE(conn) ? - SHARE_ALL_ACCESS : - SHARE_READ_ONLY; + perm1 = conn->share_access; } SIVAL(req->outbuf, smb_vwv3, perm1); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a8cd756..d88c02c 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -853,27 +853,21 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, * */ - { - bool can_write = False; - - can_write = share_access_check(conn->session_info->security_token, - lp_servicename(snum), - FILE_WRITE_DATA); - - if (!can_write) { - if (!share_access_check(conn->session_info->security_token, - lp_servicename(snum), - FILE_READ_DATA)) { - /* No access, read or write. */ - DEBUG(0,("make_connection: connection to %s " - "denied due to security " - "descriptor.\n", - lp_servicename(snum))); - *pstatus = NT_STATUS_ACCESS_DENIED; - goto err_root_exit; - } else { - conn->read_only = True; - } + share_access_check(conn->session_info->security_token, + lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS, + &conn->share_access); + + if ((conn->share_access & FILE_WRITE_DATA) == 0) { + if ((conn->share_access & FILE_READ_DATA) == 0) { + /* No access, read or write. */ + DEBUG(0,("make_connection: connection to %s " + "denied due to security " + "descriptor.\n", + lp_servicename(snum))); + *pstatus = NT_STATUS_ACCESS_DENIED; + goto err_root_exit; + } else { + conn->read_only = True; } } /* Initialise VFS function pointers */ diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index 3478f34..fcd8945 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -736,8 +736,13 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, uint32_t max_access_granted; DATA_BLOB blob = data_blob_const(p, sizeof(p)); - status = smbd_check_open_rights(smb1req->conn, + status = smbd_calculate_access_mask(smb1req->conn, result->fsp_name, + /* + * at this stage + * it exists + */ + true, SEC_FLAG_MAXIMUM_ALLOWED, &max_access_granted); diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 416e3c1..c5c7a8e 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1104,6 +1104,14 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } + /* + * Check if the client provided a valid session id, + * if so smbd_smb2_request_check_session() calls + * set_current_user_info(). + * + * As some command don't require a valid session id + * we defer the check of the session_status + */ session_status = smbd_smb2_request_check_session(req); req->do_signing = false; @@ -1139,6 +1147,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) switch (opcode) { case SMB2_OP_NEGPROT: + /* This call needs to be run as root */ + change_to_root_user(); + { START_PROFILE(smb2_negprot); return_value = smbd_smb2_request_process_negprot(req); @@ -1147,6 +1158,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) break; case SMB2_OP_SESSSETUP: + /* This call needs to be run as root */ + change_to_root_user(); + { START_PROFILE(smb2_sesssetup); return_value = smbd_smb2_request_process_sesssetup(req); @@ -1160,6 +1174,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) break; } + /* This call needs to be run as root */ + change_to_root_user(); + { START_PROFILE(smb2_logoff); return_value = smbd_smb2_request_process_logoff(req); @@ -1172,11 +1189,15 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } - status = smbd_smb2_request_check_session(req); - if (!NT_STATUS_IS_OK(status)) { - return_value = smbd_smb2_request_error(req, status); - break; - } + + /* + * This call needs to be run as root. + * + * smbd_smb2_request_process_tcon() + * calls make_connection_snum(), which will call + * change_to_user(), when needed. + */ + change_to_root_user(); { START_PROFILE(smb2_tcon); @@ -1190,11 +1211,20 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); break; } + /* This call needs to be run as root */ + change_to_root_user(); + { START_PROFILE(smb2_tdis); @@ -1208,6 +1238,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1226,6 +1262,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1244,6 +1286,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1262,6 +1310,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. -- Samba Shared Repository