summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-07-08 09:08:39 +0200
committerStefan Metzmacher <metze@samba.org>2011-07-08 13:45:46 +0200
commitdbfb88aef30a755c29015bff4699eb17925a4988 (patch)
treece10393a81f57ecf5ab39dd94fff37a4281e9f0d
parentcda86869400285afe17db87a9a666fbcc5b918a8 (diff)
downloadsamba-dbfb88aef30a755c29015bff4699eb17925a4988.tar.gz
samba-dbfb88aef30a755c29015bff4699eb17925a4988.tar.bz2
samba-dbfb88aef30a755c29015bff4699eb17925a4988.zip
s3:smb2_server: add some comments about change_to_user() and change_to_root_user()
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jul 8 13:45:46 CEST 2011 on sn-devel-104
-rw-r--r--source3/smbd/smb2_server.c100
1 files changed, 98 insertions, 2 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index ca03c8d762..72beb86c60 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1105,6 +1105,14 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
+ /*
+ * Check if the client provided a valid session id,
+ * if so smbd_smb2_request_check_session() calls
+ * set_current_user_info().
+ *
+ * As some command don't require a valid session id
+ * we defer the check of the session_status
+ */
session_status = smbd_smb2_request_check_session(req);
req->do_signing = false;
@@ -1183,7 +1191,13 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
break;
}
- /* This call needs to be run as root */
+ /*
+ * This call needs to be run as root.
+ *
+ * smbd_smb2_request_process_tcon()
+ * calls make_connection_snum(), which will call
+ * change_to_user(), when needed.
+ */
change_to_root_user();
{
@@ -1198,6 +1212,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);
@@ -1219,6 +1239,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);
@@ -1237,6 +1263,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);
@@ -1255,6 +1287,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);
@@ -1273,6 +1311,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);
@@ -1291,6 +1335,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);
@@ -1313,6 +1363,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
/* Too ugly to live ? JRA. */
@@ -1335,6 +1391,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);
@@ -1349,7 +1411,11 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
break;
case SMB2_OP_CANCEL:
- /* This call needs to be run as root */
+ /*
+ * This call needs to be run as root
+ *
+ * That is what we also do in the SMB1 case.
+ */
change_to_root_user();
{
@@ -1375,6 +1441,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);
@@ -1393,6 +1465,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);
@@ -1411,6 +1489,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);
@@ -1429,6 +1513,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);
@@ -1447,6 +1537,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
return_value = smbd_smb2_request_error(req, session_status);
break;
}
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
status = smbd_smb2_request_check_tcon(req);
if (!NT_STATUS_IS_OK(status)) {
return_value = smbd_smb2_request_error(req, status);