summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDerrell Lipman <derrell.lipman@unwireduniverse.com>2008-01-17 11:49:17 -0500
committerDerrell Lipman <derrell.lipman@unwireduniverse.com>2008-01-17 11:49:17 -0500
commit4f09727df8502c3a66cbf0cb423da1067d215c90 (patch)
treed425d5a32d72b2a2854a0e214fec8d0b01fcd38f
parent76b5c674e70dff0d37409e64d53cda41ef9731a6 (diff)
downloadsamba-4f09727df8502c3a66cbf0cb423da1067d215c90.tar.gz
samba-4f09727df8502c3a66cbf0cb423da1067d215c90.tar.bz2
samba-4f09727df8502c3a66cbf0cb423da1067d215c90.zip
Fix bug 5185: repeated calls to smbc_getxattr() lose sid-name mapping
If we're going to cache connections to IPC$, we'd better also cache the policy handle and not use a stack-based handle that's invalid on subsequent calls. Derrell (This used to be commit 67c415661f6466c21cd0eaafabe58cba049d2af3)
-rw-r--r--source3/include/libsmb_internal.h1
-rw-r--r--source3/libsmb/libsmbclient.c83
2 files changed, 38 insertions, 46 deletions
diff --git a/source3/include/libsmb_internal.h b/source3/include/libsmb_internal.h
index dbc115429b..6c7dc80da8 100644
--- a/source3/include/libsmb_internal.h
+++ b/source3/include/libsmb_internal.h
@@ -15,6 +15,7 @@ struct _SMBCSRV {
bool no_pathinfo;
bool no_pathinfo2;
bool no_nt_session;
+ POLICY_HND pol;
SMBCSRV *next, *prev;
diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c
index 077970647d..2fd8294d04 100644
--- a/source3/libsmb/libsmbclient.c
+++ b/source3/libsmb/libsmbclient.c
@@ -1037,8 +1037,7 @@ smbc_attr_server(TALLOC_CTX *ctx,
const char *share,
char **pp_workgroup,
char **pp_username,
- char **pp_password,
- POLICY_HND *pol)
+ char **pp_password)
{
int flags;
struct sockaddr_storage ss;
@@ -1122,36 +1121,34 @@ smbc_attr_server(TALLOC_CTX *ctx,
ZERO_STRUCTP(ipc_srv);
ipc_srv->cli = ipc_cli;
- if (pol) {
- pipe_hnd = cli_rpc_pipe_open_noauth(ipc_srv->cli,
- PI_LSARPC,
- &nt_status);
- if (!pipe_hnd) {
- DEBUG(1, ("cli_nt_session_open fail!\n"));
- errno = ENOTSUP;
- cli_shutdown(ipc_srv->cli);
- free(ipc_srv);
- return NULL;
- }
-
- /*
- * Some systems don't support
- * SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000
- * so we might as well do it too.
- */
+ pipe_hnd = cli_rpc_pipe_open_noauth(ipc_srv->cli,
+ PI_LSARPC,
+ &nt_status);
+ if (!pipe_hnd) {
+ DEBUG(1, ("cli_nt_session_open fail!\n"));
+ errno = ENOTSUP;
+ cli_shutdown(ipc_srv->cli);
+ free(ipc_srv);
+ return NULL;
+ }
- nt_status = rpccli_lsa_open_policy(
- pipe_hnd,
- talloc_tos(),
- True,
- GENERIC_EXECUTE_ACCESS,
- pol);
+ /*
+ * Some systems don't support
+ * SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000
+ * so we might as well do it too.
+ */
- if (!NT_STATUS_IS_OK(nt_status)) {
- errno = smbc_errno(context, ipc_srv->cli);
- cli_shutdown(ipc_srv->cli);
- return NULL;
- }
+ nt_status = rpccli_lsa_open_policy(
+ pipe_hnd,
+ talloc_tos(),
+ True,
+ GENERIC_EXECUTE_ACCESS,
+ &ipc_srv->pol);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ errno = smbc_errno(context, ipc_srv->cli);
+ cli_shutdown(ipc_srv->cli);
+ return NULL;
}
/* now add it to the cache (internal or external) */
@@ -5728,7 +5725,6 @@ smbc_setxattr_ctx(SMBCCTX *context,
char *password = NULL;
char *workgroup = NULL;
char *path = NULL;
- POLICY_HND pol;
DOS_ATTR_DESC *dad = NULL;
struct {
const char * create_time_attr;
@@ -5787,8 +5783,7 @@ smbc_setxattr_ctx(SMBCCTX *context,
if (! srv->no_nt_session) {
ipc_srv = smbc_attr_server(frame, context, server, share,
- &workgroup, &user, &password,
- &pol);
+ &workgroup, &user, &password);
if (! ipc_srv) {
srv->no_nt_session = True;
}
@@ -5814,7 +5809,7 @@ smbc_setxattr_ctx(SMBCCTX *context,
if (ipc_srv) {
ret = cacl_set(talloc_tos(), srv->cli,
- ipc_srv->cli, &pol, path,
+ ipc_srv->cli, &ipc_srv->pol, path,
namevalue,
(*namevalue == '*'
? SMBC_XATTR_MODE_SET
@@ -5878,7 +5873,7 @@ smbc_setxattr_ctx(SMBCCTX *context,
ret = -1;
} else {
ret = cacl_set(talloc_tos(), srv->cli,
- ipc_srv->cli, &pol, path,
+ ipc_srv->cli, &ipc_srv->pol, path,
namevalue,
(*namevalue == '*'
? SMBC_XATTR_MODE_SET
@@ -5908,7 +5903,7 @@ smbc_setxattr_ctx(SMBCCTX *context,
ret = -1;
} else {
ret = cacl_set(talloc_tos(), srv->cli,
- ipc_srv->cli, &pol, path,
+ ipc_srv->cli, &ipc_srv->pol, path,
namevalue, SMBC_XATTR_MODE_CHOWN, 0);
}
TALLOC_FREE(frame);
@@ -5935,7 +5930,7 @@ smbc_setxattr_ctx(SMBCCTX *context,
ret = -1;
} else {
ret = cacl_set(talloc_tos(), srv->cli,
- ipc_srv->cli, &pol, path,
+ ipc_srv->cli, &ipc_srv->pol, path,
namevalue, SMBC_XATTR_MODE_CHOWN, 0);
}
TALLOC_FREE(frame);
@@ -6026,7 +6021,6 @@ smbc_getxattr_ctx(SMBCCTX *context,
char *password = NULL;
char *workgroup = NULL;
char *path = NULL;
- POLICY_HND pol;
struct {
const char * create_time_attr;
const char * access_time_attr;
@@ -6083,8 +6077,7 @@ smbc_getxattr_ctx(SMBCCTX *context,
if (! srv->no_nt_session) {
ipc_srv = smbc_attr_server(frame, context, server, share,
- &workgroup, &user, &password,
- &pol);
+ &workgroup, &user, &password);
if (! ipc_srv) {
srv->no_nt_session = True;
}
@@ -6137,7 +6130,7 @@ smbc_getxattr_ctx(SMBCCTX *context,
/* Yup. */
ret = cacl_get(context, talloc_tos(), srv,
ipc_srv == NULL ? NULL : ipc_srv->cli,
- &pol, path,
+ &ipc_srv->pol, path,
CONST_DISCARD(char *, name),
CONST_DISCARD(char *, value), size);
if (ret < 0 && errno == 0) {
@@ -6168,7 +6161,6 @@ smbc_removexattr_ctx(SMBCCTX *context,
char *password = NULL;
char *workgroup = NULL;
char *path = NULL;
- POLICY_HND pol;
TALLOC_CTX *frame = talloc_stackframe();
if (!context || !context->internal ||
@@ -6219,8 +6211,7 @@ smbc_removexattr_ctx(SMBCCTX *context,
if (! srv->no_nt_session) {
ipc_srv = smbc_attr_server(frame, context, server, share,
- &workgroup, &user, &password,
- &pol);
+ &workgroup, &user, &password);
if (! ipc_srv) {
srv->no_nt_session = True;
}
@@ -6239,7 +6230,7 @@ smbc_removexattr_ctx(SMBCCTX *context,
/* Yup. */
ret = cacl_set(talloc_tos(), srv->cli,
- ipc_srv->cli, &pol, path,
+ ipc_srv->cli, &ipc_srv->pol, path,
NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0);
TALLOC_FREE(frame);
return ret;
@@ -6259,7 +6250,7 @@ smbc_removexattr_ctx(SMBCCTX *context,
/* Yup. */
ret = cacl_set(talloc_tos(), srv->cli,
- ipc_srv->cli, &pol, path,
+ ipc_srv->cli, &ipc_srv->pol, path,
name + 19, SMBC_XATTR_MODE_REMOVE, 0);
TALLOC_FREE(frame);
return ret;