The branch, master has been updated via f705629a171 smbd: avoid double chdir() in chdir_current_service() via 8bfa0d58671 s3/lib: RIP smb_user_name via 92499287edb s3/auth: use set_current_user_info() in auth3_check_password_send() via dc4b1e39ce1 s3/auth: use set_current_user_info() in auth3_generate_session_info_pac() via 1484fb0c663 s3/rpc_server/netlogon: use set_current_user_info() in _netr_LogonSamLogon_base() via dbe7d13988d smbd: remove sub_set_smb_name()/reload_services() via d1b2254f45e s4/auth: use talloc_alpha_strcpy() in auth_session_info_fill_unix() via a6054e2b352 s3/rpc_server: use talloc_alpha_strcpy() in _winreg_InitiateSystemShutdownEx() via f8e218acd31 s3/lib: use talloc_alpha_strcpy() in sub_set_smb_name() via e3cd8e46b3a s3/lib: use talloc_alpha_strcpy() in set_remote_machine_name() via 1a8e6271c61 s3/lib: use talloc_alpha_strcpy() in set_local_machine_name() via 2b230321da2 s3:auth: use talloc_alpha_strcpy() in auth3_session_info_create() via 5e35d30b68d s3/auth: use talloc_alpha_strcpy() in create_local_token() via 276d280d27e lib/util: add talloc_alpha_strcpy() via e6e722abde8 smbd: setting current_user stuff here is redundant from 52722746a5e wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit f705629a171c1411131164f3adff36175154c093 Author: Ralph Boehme <s...@samba.org> Date: Wed Jan 22 10:52:39 2020 +0100 smbd: avoid double chdir() in chdir_current_service() Since 8e81090789e4cc3ba9e5aa792d4e52971909c894 we're doing chdir() twice, first into conn->connectpath, then into conn->origpath. Before commit 8e81090789e4cc3ba9e5aa792d4e52971909c894 if chdir(conn->connectpath) succeeded, we wouldn't do the second chdir(). While at it, simplify the logging logic: if chdir() fails in this core function, just always log is as error including the unix token. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14256 RN: smbd does a chdir() twice per request Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Thu Feb 6 11:44:07 UTC 2020 on sn-devel-184 commit 8bfa0d58671e42509b5b4408ec4076cc4cb046f1 Author: Ralph Boehme <s...@samba.org> Date: Sat Jan 18 08:11:52 2020 +0100 s3/lib: RIP smb_user_name This has been replaced in previous commits by consistently using current_user_info.smb_name. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 92499287edb4b6b7eb4cb711597a08542361a1b5 Author: Ralph Boehme <s...@samba.org> Date: Sat Jan 18 08:09:22 2020 +0100 s3/auth: use set_current_user_info() in auth3_check_password_send() This delays reloading config slightly, but I don't see how could affect observable behaviour other then log messages coming from the functions in between the different locations for lp_load_with_shares() like make_user_info_map() are sent to a different logfile if "log file" uses %U. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit dc4b1e39ce1f2201a2d6ae2d4cffef2448f69a62 Author: Ralph Boehme <s...@samba.org> Date: Sat Jan 18 08:06:45 2020 +0100 s3/auth: use set_current_user_info() in auth3_generate_session_info_pac() This delays reloading config slightly, but I don't see how could affect observable behaviour other then log messages coming from the functions in between the different locations for lp_load_with_shares() like make_session_info_krb5() are sent to a different logfile if "log file" uses %U. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 1484fb0c6636308958f0d8d7c81429e0743f5cbd Author: Ralph Boehme <s...@samba.org> Date: Fri Jan 17 21:56:27 2020 +0100 s3/rpc_server/netlogon: use set_current_user_info() in _netr_LogonSamLogon_base() Note that we're now sanitizing the username we got from the client, as we do everywhere else. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit dbe7d13988d5eb88f13144def8f4d69f1259fef6 Author: Ralph Boehme <s...@samba.org> Date: Fri Jan 17 21:55:35 2020 +0100 smbd: remove sub_set_smb_name()/reload_services() This means switching auth backend based on %U include, ie passdb backend = tdbsam include = smb.conf.%U and smb.conf.SOMEUSER contains passdb backend = smbpasswd won't work anymore. We're still calling set_current_user_info() and reload_services() later on in this function, so everything else still works as before. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit d1b2254f45ec6b4aa7dc846dd4b9be0b2f48d7a5 Author: Ralph Boehme <s...@samba.org> Date: Fri Jan 17 19:31:06 2020 +0100 s4/auth: use talloc_alpha_strcpy() in auth_session_info_fill_unix() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit a6054e2b3523b51b379e3e311978912868c1d7fb Author: Ralph Boehme <s...@samba.org> Date: Fri Jan 17 19:30:36 2020 +0100 s3/rpc_server: use talloc_alpha_strcpy() in _winreg_InitiateSystemShutdownEx() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit f8e218acd31381e821da9bf6c8d3379225c35cb7 Author: Ralph Boehme <s...@samba.org> Date: Fri Jan 17 19:30:18 2020 +0100 s3/lib: use talloc_alpha_strcpy() in sub_set_smb_name() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit e3cd8e46b3a32968a3d2c43ffb15daa57a068e55 Author: Ralph Boehme <s...@samba.org> Date: Fri Jan 17 19:30:01 2020 +0100 s3/lib: use talloc_alpha_strcpy() in set_remote_machine_name() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 1a8e6271c61400565b665584edace2e7cce8eb84 Author: Ralph Boehme <s...@samba.org> Date: Fri Jan 17 19:28:54 2020 +0100 s3/lib: use talloc_alpha_strcpy() in set_local_machine_name() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 2b230321da2a74c17fdbaf478f4963eca5d769a3 Author: Ralph Boehme <s...@samba.org> Date: Fri Jan 17 19:28:34 2020 +0100 s3:auth: use talloc_alpha_strcpy() in auth3_session_info_create() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 5e35d30b68d071e50e71073f23b17c93715a7bc0 Author: Ralph Boehme <s...@samba.org> Date: Fri Jan 17 19:28:13 2020 +0100 s3/auth: use talloc_alpha_strcpy() in create_local_token() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 276d280d27e1bfa959da4d9f4e061dba87bb5dfc Author: Ralph Boehme <s...@samba.org> Date: Fri Jan 17 19:15:22 2020 +0100 lib/util: add talloc_alpha_strcpy() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit e6e722abde82252b01e30691c0fe4aef579b3584 Author: Ralph Boehme <s...@samba.org> Date: Fri Jan 17 14:42:22 2020 +0100 smbd: setting current_user stuff here is redundant This is already handled by set_sec_ctx() below, we just have to pass in the values instead of setting it here in this function before calling set_sec_ctx(). Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/util/charset/charset.h | 3 + lib/util/util_str_common.c | 22 ++++++ source3/auth/auth_generic.c | 14 ++-- source3/auth/auth_ntlmssp.c | 32 +++++++-- source3/auth/auth_util.c | 21 +++--- source3/lib/substitute.c | 102 +++------------------------- source3/rpc_server/netlogon/srv_netlog_nt.c | 16 ++++- source3/rpc_server/winreg/srv_winreg_nt.c | 11 ++- source3/smbd/service.c | 67 ++++++++---------- source3/smbd/sesssetup.c | 4 -- source3/smbd/uid.c | 8 +-- source4/auth/unix_token.c | 13 ++-- 12 files changed, 134 insertions(+), 179 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/charset/charset.h b/lib/util/charset/charset.h index ff466c34bb9..ef7911a6254 100644 --- a/lib/util/charset/charset.h +++ b/lib/util/charset/charset.h @@ -112,6 +112,9 @@ size_t strlen_m(const char *s); size_t strlen_m_term(const char *s); size_t strlen_m_term_null(const char *s); char *alpha_strcpy(char *dest, const char *src, const char *other_safe_chars, size_t maxlength); +char *talloc_alpha_strcpy(TALLOC_CTX *mem_ctx, + const char *src, + const char *other_safe_chars); void string_replace_m(char *s, char oldc, char newc); bool strcsequal(const char *s1,const char *s2); bool strequal_m(const char *s1, const char *s2); diff --git a/lib/util/util_str_common.c b/lib/util/util_str_common.c index 0933e183c80..1e93a46fbad 100644 --- a/lib/util/util_str_common.c +++ b/lib/util/util_str_common.c @@ -159,3 +159,25 @@ char *alpha_strcpy(char *dest, return dest; } + +char *talloc_alpha_strcpy(TALLOC_CTX *mem_ctx, + const char *src, + const char *other_safe_chars) +{ + char *dest = NULL; + size_t slen; + + if (src == NULL) { + return NULL; + } + + slen = strlen(src); + + dest = talloc_zero_size(mem_ctx, slen + 1); + if (dest == NULL) { + return NULL; + } + + alpha_strcpy(dest, src, other_safe_chars, slen + 1); + return dest; +} diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c index 9243a0ba02d..0e9500ac08d 100644 --- a/source3/auth/auth_generic.c +++ b/source3/auth/auth_generic.c @@ -159,12 +159,6 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, } } - /* setup the string used by %U */ - sub_set_smb_name(username); - - /* reload services so that the new %U is taken into account */ - lp_load_with_shares(get_dyn_CONFIGFILE()); - status = make_session_info_krb5(mem_ctx, ntuser, ntdomain, username, pw, info3_copy, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */, @@ -176,6 +170,14 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, goto done; } + /* setup the string used by %U */ + set_current_user_info((*session_info)->unix_info->sanitized_username, + (*session_info)->unix_info->unix_name, + (*session_info)->info->domain_name); + + /* reload services so that the new %U is taken into account */ + lp_load_with_shares(get_dyn_CONFIGFILE()); + DEBUG(5, (__location__ "OK: user: %s domain: %s client: %s\n", ntuser, ntdomain, rhost)); diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 3e39be30588..8d213f194cf 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -150,6 +150,7 @@ struct tevent_req *auth3_check_password_send( auth4_context->private_data, struct auth_context); struct auth_usersupplied_info *mapped_user_info = NULL; struct auth_serversupplied_info *server_info = NULL; + char *sanitized_username = NULL; NTSTATUS nt_status; bool username_was_mapped; @@ -169,12 +170,6 @@ struct tevent_req *auth3_check_password_send( set_remote_machine_name(user_info->workstation_name, True); - /* setup the string used by %U */ - /* sub_set_smb_name checks for weird internally */ - sub_set_smb_name(user_info->client.account_name); - - lp_load_with_shares(get_dyn_CONFIGFILE()); - nt_status = make_user_info_map(talloc_tos(), &mapped_user_info, user_info->client.account_name, @@ -196,6 +191,15 @@ struct tevent_req *auth3_check_password_send( mapped_user_info->flags = user_info->flags; + sanitized_username = talloc_alpha_strcpy( + state, + user_info->client.account_name, + SAFE_NETBIOS_CHARS "$"); + if (sanitized_username == NULL) { + tevent_req_nterror(req, NT_STATUS_NO_MEMORY); + return tevent_req_post(req, ev); + } + nt_status = auth_check_ntlm_password(state, auth_context, mapped_user_info, @@ -224,6 +228,15 @@ struct tevent_req *auth3_check_password_send( &server_info); if (!tevent_req_nterror(req, nt_status)) { state->authoritative = 1; + + /* setup the string used by %U */ + set_current_user_info( + sanitized_username, + server_info->unix_name, + server_info->info3->base.logon_domain.string); + + lp_load_with_shares(get_dyn_CONFIGFILE()); + tevent_req_done(req); } state->server_info = server_info; @@ -232,6 +245,13 @@ struct tevent_req *auth3_check_password_send( server_info->nss_token |= username_was_mapped; + /* setup the string used by %U */ + set_current_user_info(sanitized_username, + server_info->unix_name, + server_info->info3->base.logon_domain.string); + + lp_load_with_shares(get_dyn_CONFIGFILE()); + /* Clear out the session keys, and pass them to the caller. * They will not be used in this form again - instead the * NTLMSSP code will decide on the final correct session key, diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 3e0fcea2410..9427c05f573 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -478,7 +478,6 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, struct dom_sid tmp_sid; struct auth_session_info *session_info; struct unixid *ids; - fstring tmp; /* Ensure we can't possible take a code path leading to a * null defref. */ @@ -494,9 +493,10 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, } /* This is a potentially untrusted username for use in %U */ - alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp)); session_info->unix_info->sanitized_username = - talloc_strdup(session_info->unix_info, tmp); + talloc_alpha_strcpy(session_info->unix_info, + smb_username, + SAFE_NETBIOS_CHARS "$"); if (session_info->unix_info->sanitized_username == NULL) { TALLOC_FREE(session_info); return NT_STATUS_NO_MEMORY; @@ -535,9 +535,14 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, } /* This is a potentially untrusted username for use in %U */ - alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp)); session_info->unix_info->sanitized_username = - talloc_strdup(session_info->unix_info, tmp); + talloc_alpha_strcpy(session_info->unix_info, + smb_username, + SAFE_NETBIOS_CHARS "$"); + if (session_info->unix_info->sanitized_username == NULL) { + TALLOC_FREE(session_info); + return NT_STATUS_NO_MEMORY; + } if (session_key) { data_blob_free(&session_info->session_key); @@ -767,7 +772,6 @@ NTSTATUS auth3_session_info_create(TALLOC_CTX *mem_ctx, uint32_t num_gids = 0; gid_t *gids = NULL; struct dom_sid tmp_sid = { 0, }; - fstring tmp = { 0, }; NTSTATUS status; size_t i; bool ok; @@ -1083,9 +1087,10 @@ NTSTATUS auth3_session_info_create(TALLOC_CTX *mem_ctx, } /* This is a potentially untrusted username for use in %U */ - alpha_strcpy(tmp, original_user_name, ". _-$", sizeof(tmp)); session_info->unix_info->sanitized_username = - talloc_strdup(session_info->unix_info, tmp); + talloc_alpha_strcpy(session_info->unix_info, + original_user_name, + SAFE_NETBIOS_CHARS "$"); if (session_info->unix_info->sanitized_username == NULL) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index b5e08e0aa55..7d1e55f568b 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -44,7 +44,6 @@ bool set_local_machine_name(const char *local_name, bool perm) { static bool already_perm = false; char *tmp_local_machine = NULL; - size_t len; if (already_perm) { return true; @@ -57,15 +56,12 @@ bool set_local_machine_name(const char *local_name, bool perm) trim_char(tmp_local_machine,' ',' '); TALLOC_FREE(local_machine); - len = strlen(tmp_local_machine); - local_machine = (char *)TALLOC_ZERO(NULL, len+1); - if (!local_machine) { - TALLOC_FREE(tmp_local_machine); + local_machine = talloc_alpha_strcpy(NULL, + tmp_local_machine, + SAFE_NETBIOS_CHARS); + if (local_machine == NULL) { return false; } - /* alpha_strcpy includes the space for the terminating nul. */ - alpha_strcpy(local_machine,tmp_local_machine, - SAFE_NETBIOS_CHARS,len+1); if (!strlower_m(local_machine)) { TALLOC_FREE(tmp_local_machine); return false; @@ -98,7 +94,6 @@ bool set_remote_machine_name(const char *remote_name, bool perm) { static bool already_perm = False; char *tmp_remote_machine; - size_t len; if (already_perm) { return true; @@ -111,16 +106,12 @@ bool set_remote_machine_name(const char *remote_name, bool perm) trim_char(tmp_remote_machine,' ',' '); TALLOC_FREE(remote_machine); - len = strlen(tmp_remote_machine); - remote_machine = (char *)TALLOC_ZERO(NULL, len+1); - if (!remote_machine) { - TALLOC_FREE(tmp_remote_machine); + remote_machine = talloc_alpha_strcpy(NULL, + tmp_remote_machine, + SAFE_NETBIOS_CHARS); + if (remote_machine == NULL) { return false; } - - /* alpha_strcpy includes the space for the terminating nul. */ - alpha_strcpy(remote_machine,tmp_remote_machine, - SAFE_NETBIOS_CHARS,len+1); if (!strlower_m(remote_machine)) { TALLOC_FREE(tmp_remote_machine); return false; @@ -137,69 +128,6 @@ const char *get_remote_machine_name(void) return remote_machine ? remote_machine : ""; } -/******************************************************************* - Setup the string used by %U substitution. -********************************************************************/ - -static char *smb_user_name; - -void sub_set_smb_name(const char *name) -{ - char *tmp; - size_t len; - bool is_machine_account = false; - - /* don't let anonymous logins override the name */ - if (!name || !*name) { - return; - } - - tmp = talloc_strdup(NULL, name); - if (!tmp) { - return; - } - trim_char(tmp, ' ', ' '); - if (!strlower_m(tmp)) { - TALLOC_FREE(tmp); - return; - } - - len = strlen(tmp); - - if (len == 0) { - TALLOC_FREE(tmp); - return; - } - - /* long story but here goes....we have to allow usernames - ending in '$' as they are valid machine account names. - So check for a machine account and re-add the '$' - at the end after the call to alpha_strcpy(). --jerry */ - - if (tmp[len-1] == '$') { - is_machine_account = True; - } - - TALLOC_FREE(smb_user_name); - smb_user_name = (char *)TALLOC_ZERO(NULL, len+1); - if (!smb_user_name) { - TALLOC_FREE(tmp); - return; - } - - /* alpha_strcpy includes the space for the terminating nul. */ - alpha_strcpy(smb_user_name, tmp, - SAFE_NETBIOS_CHARS, - len+1); - - TALLOC_FREE(tmp); - - if (is_machine_account) { - len = strlen(smb_user_name); - smb_user_name[len-1] = '$'; - } -} - static char sub_peeraddr[INET6_ADDRSTRLEN]; static const char *sub_peername = NULL; static char sub_sockaddr[INET6_ADDRSTRLEN]; @@ -232,11 +160,6 @@ void sub_set_socket_ids(const char *peeraddr, const char *peername, strlcpy(sub_sockaddr, sockaddr, sizeof(sub_sockaddr)); } -static const char *get_smb_user_name(void) -{ - return smb_user_name ? smb_user_name : ""; -} - /******************************************************************* Setup the strings used by substitutions. Called per packet. Ensure %U name is set correctly also. @@ -262,11 +185,6 @@ void set_current_user_info(const char *smb_name, const char *unix_name, fstrcpy(current_user_info.unix_name, unix_name); fstrcpy(current_user_info.domain, domain); - /* The following is safe as current_user_info.smb_name - * has already been sanitised in register_existing_vuid. */ - - sub_set_smb_name(current_user_info.smb_name); - last_smb_name = smb_name; last_unix_name = unix_name; last_domain = domain; @@ -278,10 +196,6 @@ void set_current_user_info(const char *smb_name, const char *unix_name, const char *get_current_username(void) { - if (current_user_info.smb_name[0] == '\0' ) { - return get_smb_user_name(); - } - return current_user_info.smb_name; } diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 52b17c10e61..3f1347a31ed 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1517,6 +1517,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, NTSTATUS status = NT_STATUS_OK; union netr_LogonLevel *logon = r->in.logon; const char *nt_username, *nt_domain, *nt_workstation; + char *sanitized_username = NULL; struct auth_usersupplied_info *user_info = NULL; struct auth_serversupplied_info *server_info = NULL; struct auth_context *auth_context = NULL; @@ -1603,8 +1604,6 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, } /* end switch */ DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain)); - fstrcpy(current_user_info.smb_name, nt_username); - sub_set_smb_name(nt_username); DEBUG(5,("Attempting validation level %d for unmapped username %s.\n", r->in.validation_level, nt_username)); @@ -1745,6 +1744,19 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, return NT_STATUS_LOGON_FAILURE; } + sanitized_username = talloc_alpha_strcpy(talloc_tos(), + nt_username, + SAFE_NETBIOS_CHARS "$"); + if (sanitized_username == NULL) { + TALLOC_FREE(server_info); + return NT_STATUS_NO_MEMORY; + } + + set_current_user_info(sanitized_username, + server_info->unix_name, + server_info->info3->base.logon_domain.string); + TALLOC_FREE(sanitized_username); + /* This is the point at which, if the login was successful, that the SAM Local Security Authority should record that the user is logged in to the domain. */ diff --git a/source3/rpc_server/winreg/srv_winreg_nt.c b/source3/rpc_server/winreg/srv_winreg_nt.c index 6c3270d886a..05dc051e247 100644 --- a/source3/rpc_server/winreg/srv_winreg_nt.c +++ b/source3/rpc_server/winreg/srv_winreg_nt.c @@ -522,7 +522,6 @@ WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p, const struct loadparm_substitution *lp_sub = loadparm_s3_global_substitution(); char *shutdown_script = NULL; - char *msg = NULL; char *chkmsg = NULL; fstring str_timeout; fstring str_reason; @@ -542,14 +541,12 @@ WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p, /* pull the message string and perform necessary sanity checks on it */ if ( r->in.message && r->in.message->string ) { - if ( (msg = talloc_strdup(p->mem_ctx, r->in.message->string )) == NULL ) { + chkmsg = talloc_alpha_strcpy(p->mem_ctx, + r->in.message->string, + NULL); + if (chkmsg == NULL) { return WERR_NOT_ENOUGH_MEMORY; } - chkmsg = talloc_array(p->mem_ctx, char, strlen(msg)+1); - if (!chkmsg) { - return WERR_NOT_ENOUGH_MEMORY; - } - alpha_strcpy(chkmsg, msg, NULL, strlen(msg)+1); } fstr_sprintf(str_timeout, "%d", r->in.timeout); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 1abc23ad422..03125a30dad 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -146,55 +146,46 @@ bool chdir_current_service(connection_struct *conn) const struct smb_filename origpath_fname = { .base_name = conn->origpath, }; + int saved_errno = 0; + char *utok_str = NULL; int ret; conn->lastused_count++; ret = vfs_ChDir(conn, &connectpath_fname); - if (ret != 0) { - int saved_errno = errno; - - if (saved_errno == EACCES) { - char *str = utok_string( - talloc_tos(), - conn->session_info->unix_token); - DBG_WARNING("vfs_ChDir(%s) got " - "permission denied, current " - "token: %s\n", - conn->connectpath, str); - TALLOC_FREE(str); - } else { - DBG_ERR("vfs_ChDir(%s) failed: " - "%s!\n", - conn->connectpath, - strerror(saved_errno)); - } + if (ret == 0) { + return true; + } + saved_errno = errno; + + utok_str = utok_string(talloc_tos(), + conn->session_info->unix_token); + if (utok_str == NULL) { + errno = saved_errno; return false; } + DBG_ERR("vfs_ChDir(%s) failed: %s. Current token: %s\n", + conn->connectpath, + strerror(saved_errno), + utok_str); + ret = vfs_ChDir(conn, &origpath_fname); - if (ret != 0) { -- Samba Shared Repository