diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-07-07 16:38:33 +0200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-07-07 14:17:17 -0700 |
commit | eea210eba7c20e6d04b13cf8ccd3011ee7c99157 (patch) | |
tree | 3d7f63f7763823a8913b1283433cf5954813a1c8 | |
parent | 6db705d6fcc5b58b205afed2a9140716c6323fae (diff) | |
download | samba-eea210eba7c20e6d04b13cf8ccd3011ee7c99157.tar.gz samba-eea210eba7c20e6d04b13cf8ccd3011ee7c99157.tar.bz2 samba-eea210eba7c20e6d04b13cf8ccd3011ee7c99157.zip |
s3:smb2_server: call change_to_root_user() or smbd_smb2_request_check_tcon()
For all requests which don't operate on a tcon, we should call
change_to_root_user(), to match the SMB1 behavior.
For SMB1 we do the following operations without AS_USER:
/* 0x70 */ { "SMBtcon",reply_tcon,0},
/* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
/* 0x72 */ { "SMBnegprot",reply_negprot,0},
/* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
/* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
/* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
...
/* 0x2b */ { "SMBecho",reply_echo,0},
...
/* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
For SMB2tdis we still call smbd_smb2_request_check_tcon()
as close_cnum() calls change_to_root_user() when needed.
metze
Signed-off-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | source3/smbd/smb2_server.c | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 1bbb10800b..90f4767203 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1139,6 +1139,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) switch (opcode) { case SMB2_OP_NEGPROT: + /* This call needs to be run as root */ + change_to_root_user(); + { START_PROFILE(smb2_negprot); return_value = smbd_smb2_request_process_negprot(req); @@ -1147,6 +1150,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) break; case SMB2_OP_SESSSETUP: + /* This call needs to be run as root */ + change_to_root_user(); + { START_PROFILE(smb2_sesssetup); return_value = smbd_smb2_request_process_sesssetup(req); @@ -1160,6 +1166,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) break; } + /* This call needs to be run as root */ + change_to_root_user(); + { START_PROFILE(smb2_logoff); return_value = smbd_smb2_request_process_logoff(req); @@ -1173,6 +1182,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) break; } + /* This call needs to be run as root */ + change_to_root_user(); + { START_PROFILE(smb2_tcon); return_value = smbd_smb2_request_process_tcon(req); @@ -1190,6 +1202,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, status); break; } + /* This call needs to be run as root */ + change_to_root_user(); + { START_PROFILE(smb2_tdis); @@ -1333,6 +1348,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) break; case SMB2_OP_CANCEL: + /* This call needs to be run as root */ + change_to_root_user(); + { START_PROFILE(smb2_cancel); return_value = smbd_smb2_request_process_cancel(req); @@ -1341,9 +1359,14 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) break; case SMB2_OP_KEEPALIVE: - {START_PROFILE(smb2_keepalive); - return_value = smbd_smb2_request_process_keepalive(req); - END_PROFILE(smb2_keepalive);} + /* This call needs to be run as root */ + change_to_root_user(); + + { + START_PROFILE(smb2_keepalive); + return_value = smbd_smb2_request_process_keepalive(req); + END_PROFILE(smb2_keepalive); + } break; case SMB2_OP_FIND: |