The branch, master has been updated
via 6e9c6dd6d6d vfs: Don't ever call openat(-1, ...) for relative paths
via dade2981c35 vfs: Only call openat for valid params in fake_acls_stat
via 142a78eb24a vfs: Use the getwd-cache only if we have a valid tcon
via c31e7aecbab vfs: Change the condition when to fill the getwd cache
via 0ab88a1fe7b smbd: Don't print cwd before tcon is done
from f8994bc2890 smbd: Fix an error resource leak in
OpenDir_from_pathref()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6e9c6dd6d6dc720a50efdbb1c88350354271e066
Author: Volker Lendecke <[email protected]>
Date: Mon Oct 21 12:12:27 2024 +0200
vfs: Don't ever call openat(-1, ...) for relative paths
This is always a bug, we should never do this. In one iteration of my
code I was doing this, which led to an invalid fallback code, which
itself lead to an infinite recursion. Make this more obvious with an
assert.
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Autobuild-User(master): Ralph Böhme <[email protected]>
Autobuild-Date(master): Tue Nov 12 15:13:03 UTC 2024 on atb-devel-224
commit dade2981c3558242086599a2435bb795160b1f67
Author: Volker Lendecke <[email protected]>
Date: Mon Nov 11 17:50:03 2024 +0100
vfs: Only call openat for valid params in fake_acls_stat
openat(-1, "relative path", ..) is invalid. I've tried to also tighten
this down to just relative paths (i.e. base_name[0] != '/'), but
non_widelink_open makes modifications further down that make this more
difficult.
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 142a78eb24a7fb62ca52ca76d878fd19f5caeed9
Author: Volker Lendecke <[email protected]>
Date: Mon Nov 11 16:19:17 2024 +0100
vfs: Use the getwd-cache only if we have a valid tcon
A valid tcon will have changed fsp_get_pathref_fd() to AT_FDCWD, -100
on Linux.
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit c31e7aecbab5e8e845dc3bc95560f8543abbaeff
Author: Volker Lendecke <[email protected]>
Date: Mon Nov 11 16:16:32 2024 +0100
vfs: Change the condition when to fill the getwd cache
The next patch will add another excluding condition, this change
keeps the if-condition that is changed here simple.
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 0ab88a1fe7b48bd22e8516849ad4f21e9365fcd9
Author: Volker Lendecke <[email protected]>
Date: Mon Oct 21 12:20:55 2024 +0200
smbd: Don't print cwd before tcon is done
vfs_GetWd depends upon a current tcon in fake_acls, otherwise it will
call openat with an invalid dirfd on a relative pathname.
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_default.c | 7 +++++--
source3/modules/vfs_fake_acls.c | 20 ++++++++++++++------
source3/smbd/uid.c | 7 +++----
source3/smbd/vfs.c | 5 ++++-
4 files changed, 26 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index e895de189fa..f4032656e1f 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -607,6 +607,7 @@ static int vfswrap_openat(vfs_handle_struct *handle,
files_struct *fsp,
const struct vfs_open_how *how)
{
+ int dirfd = fsp_get_pathref_fd(dirfsp);
int flags = how->flags;
mode_t mode = how->mode;
bool have_opath = false;
@@ -615,6 +616,8 @@ static int vfswrap_openat(vfs_handle_struct *handle,
START_PROFILE(syscall_openat);
+ SMB_ASSERT((dirfd != -1) || (smb_fname->base_name[0] == '/'));
+
if (how->resolve & ~(VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS |
VFS_OPEN_HOW_WITH_BACKUP_INTENT)) {
errno = ENOSYS;
@@ -656,7 +659,7 @@ static int vfswrap_openat(vfs_handle_struct *handle,
.resolve = RESOLVE_NO_SYMLINKS,
};
- result = openat2(fsp_get_pathref_fd(dirfsp),
+ result = openat2(dirfd,
smb_fname->base_name,
&linux_how,
sizeof(linux_how));
@@ -683,7 +686,7 @@ static int vfswrap_openat(vfs_handle_struct *handle,
became_root = true;
}
- result = openat(fsp_get_pathref_fd(dirfsp),
+ result = openat(dirfd,
smb_fname->base_name,
flags,
mode);
diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c
index 69cae8ce21d..d2b96976582 100644
--- a/source3/modules/vfs_fake_acls.c
+++ b/source3/modules/vfs_fake_acls.c
@@ -126,12 +126,20 @@ static int fake_acls_stat(vfs_handle_struct *handle,
return -1;
}
- /* Recursion guard. */
- prd->calling_pathref_fsp = true;
- status = openat_pathref_fsp(handle->conn->cwd_fsp,
- smb_fname_cp);
- /* End recursion guard. */
- prd->calling_pathref_fsp = false;
+ if (fsp_get_pathref_fd(handle->conn->cwd_fsp) == -1) {
+ /*
+ * No tcon around, fail as if we don't have
+ * the EAs
+ */
+ status = NT_STATUS_INVALID_HANDLE;
+ } else {
+ /* Recursion guard. */
+ prd->calling_pathref_fsp = true;
+ status = openat_pathref_fsp(handle->conn->cwd_fsp,
+ smb_fname_cp);
+ /* End recursion guard. */
+ prd->calling_pathref_fsp = false;
+ }
if (!NT_STATUS_IS_OK(status)) {
/*
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index e8f51003a1e..74ab3d9dd08 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -453,9 +453,8 @@ static void print_impersonation_info(connection_struct
*conn)
return;
}
- cwdfname = vfs_GetWd(talloc_tos(), conn);
- if (cwdfname == NULL) {
- return;
+ if (conn->tcon_done) {
+ cwdfname = vfs_GetWd(talloc_tos(), conn);
}
DBG_INFO("Impersonated user: uid=(%d,%d), gid=(%d,%d), cwd=[%s]\n",
@@ -463,7 +462,7 @@ static void print_impersonation_info(connection_struct
*conn)
(int)geteuid(),
(int)getgid(),
(int)getegid(),
- cwdfname->base_name);
+ cwdfname ? cwdfname->base_name : "no cwd");
TALLOC_FREE(cwdfname);
}
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 9940dee0e82..462f57f854e 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -1022,6 +1022,9 @@ struct smb_filename *vfs_GetWd(TALLOC_CTX *ctx,
connection_struct *conn)
if (!lp_getwd_cache()) {
goto nocache;
}
+ if (fsp_get_pathref_fd(conn->cwd_fsp) == -1) {
+ goto nocache;
+ }
smb_fname_dot = synthetic_smb_fname(ctx,
".",
@@ -1086,7 +1089,7 @@ struct smb_filename *vfs_GetWd(TALLOC_CTX *ctx,
connection_struct *conn)
goto out;
}
- if (lp_getwd_cache() && VALID_STAT(smb_fname_dot->st)) {
+ if ((smb_fname_dot != NULL) && VALID_STAT(smb_fname_dot->st)) {
key = vfs_file_id_from_sbuf(conn, &smb_fname_dot->st);
/*
--
Samba Shared Repository
