From 59a53f2eb07e71d21da465e65e11dba3eed684b6 Mon Sep 17 00:00:00 2001 From: Garming Sam Date: Thu, 19 Dec 2013 09:55:44 +1300 Subject: [PATCH] dfs: always call create_conn_struct with root privileges MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes a bug in dfs_samba4 identified by Daniel Müller. create_conn_struct calls SMB_VFS_CONNECT which requires root privileges. SMB_VFS_CONNECT in turn calls dfs_samba4_connect which connects to samdb. Calls were made to this function without ever becoming root (notably via setup_dfs_referral) which resulted in an error and the VFS connect failing. This happens when you have an active directory domain controller with host msdfs = yes in smb.conf and dfs links in place. Signed-off-by: Garming Sam Reviewed-by: Bjoern Baumbach Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Jan 10 20:11:03 CET 2014 on sn-devel-104 (cherry picked from commit 24a687642de21ce872d25f16b3525003844d05f9) --- source3/smbd/msdfs.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 52a2a48..096a3a0 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -221,9 +221,11 @@ static NTSTATUS parse_dfs_path(connection_struct *conn, Fake up a connection struct for the VFS layer, for use in applications (such as the python bindings), that do not want the global working directory changed under them. + + SMB_VFS_CONNECT requires root privileges. *********************************************************/ -NTSTATUS create_conn_struct(TALLOC_CTX *ctx, +static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx, struct tevent_context *ev, struct messaging_context *msg, connection_struct **pconn, @@ -347,6 +349,33 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, } /******************************************************** + Fake up a connection struct for the VFS layer, for use in + applications (such as the python bindings), that do not want the + global working directory changed under them. + + SMB_VFS_CONNECT requires root privileges. +*********************************************************/ + +NTSTATUS create_conn_struct(TALLOC_CTX *ctx, + struct tevent_context *ev, + struct messaging_context *msg, + connection_struct **pconn, + int snum, + const char *path, + const struct auth_session_info *session_info) +{ + NTSTATUS status; + become_root(); + status = create_conn_struct_as_root(ctx, ev, + msg, pconn, + snum, path, + session_info); + unbecome_root(); + + return status; +} + +/******************************************************** Fake up a connection struct for the VFS layer. Note: this performs a vfs connect and CHANGES CWD !!!! JRA. -- 1.8.5.2