From dbfb88aef30a755c29015bff4699eb17925a4988 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 8 Jul 2011 09:08:39 +0200 Subject: s3:smb2_server: add some comments about change_to_user() and change_to_root_user() metze Autobuild-User: Stefan Metzmacher Autobuild-Date: Fri Jul 8 13:45:46 CEST 2011 on sn-devel-104 --- source3/smbd/smb2_server.c | 100 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 98 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index ca03c8d762..72beb86c60 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1105,6 +1105,14 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } + /* + * Check if the client provided a valid session id, + * if so smbd_smb2_request_check_session() calls + * set_current_user_info(). + * + * As some command don't require a valid session id + * we defer the check of the session_status + */ session_status = smbd_smb2_request_check_session(req); req->do_signing = false; @@ -1183,7 +1191,13 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) break; } - /* This call needs to be run as root */ + /* + * This call needs to be run as root. + * + * smbd_smb2_request_process_tcon() + * calls make_connection_snum(), which will call + * change_to_user(), when needed. + */ change_to_root_user(); { @@ -1198,6 +1212,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1219,6 +1239,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1237,6 +1263,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1255,6 +1287,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1273,6 +1311,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1291,6 +1335,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1313,6 +1363,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { /* Too ugly to live ? JRA. */ @@ -1335,6 +1391,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1349,7 +1411,11 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) break; case SMB2_OP_CANCEL: - /* This call needs to be run as root */ + /* + * This call needs to be run as root + * + * That is what we also do in the SMB1 case. + */ change_to_root_user(); { @@ -1375,6 +1441,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1393,6 +1465,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1411,6 +1489,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1429,6 +1513,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); @@ -1447,6 +1537,12 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return_value = smbd_smb2_request_error(req, session_status); break; } + /* + * This call needs to be run as user. + * + * smbd_smb2_request_check_tcon() + * calls change_to_user() on success. + */ status = smbd_smb2_request_check_tcon(req); if (!NT_STATUS_IS_OK(status)) { return_value = smbd_smb2_request_error(req, status); -- cgit