From 4ee73fd97b63c65cdb8d4fcbe3287a746d667de0 Mon Sep 17 00:00:00 2001 From: Christian Ambach Date: Thu, 13 Jun 2013 15:23:07 +0200 Subject: s3:smbd/close remove filesystem lock before removing sharemode otherwise we are open for a race condition: opener 1 opens file and closes it - during the close, the share mode entry will be removed from locking.tdb, but share mode in the file system will be dropped later after delete_on_close and write time updates have been done opener 2 requests open of same file with file overwrite - locking.tdb does not list original entry, but file system share mode is still around - VFS_FTRUNCATE will fail and error was converted to STATUS_ACCESS_DENIED Signed-off-by: Christian Ambach Reviewed-by: Volker Lendecke Autobuild-User(master): Christian Ambach Autobuild-Date(master): Tue Jun 25 14:48:44 CEST 2013 on sn-devel-104 --- source3/smbd/close.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/smbd/close.c') diff --git a/source3/smbd/close.c b/source3/smbd/close.c index 093bb9f7ed..2bd588b176 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -246,6 +246,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, const struct security_token *del_nt_token = NULL; bool got_tokens = false; bool normal_close; + int ret_flock; /* Ensure any pending write time updates are done. */ if (fsp->update_write_time_event) { @@ -469,6 +470,14 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, pop_sec_ctx(); } + /* remove filesystem sharemodes */ + ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, 0, 0); + if (ret_flock == -1) { + DEBUG(2, ("close_remove_share_mode: removing kernel flock for " + "%s failed: %s\n", fsp_str_dbg(fsp), + strerror(errno))); + } + if (!del_share_mode(lck, fsp)) { DEBUG(0, ("close_remove_share_mode: Could not delete share " "entry for file %s\n", fsp_str_dbg(fsp))); -- cgit