diff options
| author | Stefan Metzmacher <metze@samba.org> | 2019-07-19 11:14:13 +0200 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2019-09-11 19:59:34 +0000 |
| commit | 5da24aa18e9c0ff6f2852b5421945111ef5c6b2b (patch) | |
| tree | f5777d28bbb00a75986797f175585ebda5a8e2dc | |
| parent | 15699475d6031dd0ed5cd24e9915c574b35a233b (diff) | |
| download | samba-5da24aa18e9c0ff6f2852b5421945111ef5c6b2b.tar.gz | |
smbd: rename [un]become_user*() to [un]become_user_without_service*()
We should make the behavior change (that gives up some protection)
more obvious, by changing the function names.
At least some OEMs have patches relying on the 4.9/4.10 behaviour
and we want them to detect that they have to do more work when they
need to change directories.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
| -rw-r--r-- | source3/include/vfs.h | 1 | ||||
| -rw-r--r-- | source3/modules/vfs_btrfs.c | 6 | ||||
| -rw-r--r-- | source3/printing/nt_printing.c | 12 | ||||
| -rw-r--r-- | source3/rpc_server/fss/srv_fss_agent.c | 16 | ||||
| -rw-r--r-- | source3/smbd/close.c | 8 | ||||
| -rw-r--r-- | source3/smbd/proto.h | 8 | ||||
| -rw-r--r-- | source3/smbd/uid.c | 10 | ||||
| -rw-r--r-- | source3/utils/net_vfs.c | 6 |
8 files changed, 35 insertions, 32 deletions
diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 342b062651a..3b024355168 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -280,6 +280,7 @@ /* Version 42 - Move SMB_VFS_MKDIR -> SMB_VFS_MKDIRAT. */ /* Version 42 - Move change_to_user() -> change_to_user_and_service() */ /* Version 42 - Move change_to_user_by_fsp() -> change_to_user_and_service_by_fsp() */ +/* Version 42 - Move [un]become_user*() -> [un]become_user_without_service*() */ #define SMB_VFS_INTERFACE_VERSION 42 diff --git a/source3/modules/vfs_btrfs.c b/source3/modules/vfs_btrfs.c index a11cb66d8e7..f478d3fac68 100644 --- a/source3/modules/vfs_btrfs.c +++ b/source3/modules/vfs_btrfs.c @@ -214,7 +214,7 @@ static void btrfs_offload_write_cleanup(struct tevent_req *req, return; } - ok = unbecome_user(); + ok = unbecome_user_without_service(); SMB_ASSERT(ok); state->need_unbecome_user = false; } @@ -311,7 +311,7 @@ static struct tevent_req *btrfs_offload_write_send(struct vfs_handle_struct *han return tevent_req_post(req, ev); } - ok = become_user_by_fsp(src_fsp); + ok = become_user_without_service_by_fsp(src_fsp); if (!ok) { tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); return tevent_req_post(req, ev); @@ -342,7 +342,7 @@ static struct tevent_req *btrfs_offload_write_send(struct vfs_handle_struct *han } } - ok = unbecome_user(); + ok = unbecome_user_without_service(); SMB_ASSERT(ok); state->need_unbecome_user = false; diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index fdd91454acd..89405f1c8ee 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1071,7 +1071,7 @@ static uint32_t get_correct_cversion(const struct auth_session_info *session_inf goto error_free_conn; } - if (!become_user_by_session(conn, session_info)) { + if (!become_user_without_service_by_session(conn, session_info)) { DEBUG(0, ("failed to become user\n")); *perr = WERR_ACCESS_DENIED; goto error_free_conn; @@ -1167,7 +1167,7 @@ static uint32_t get_correct_cversion(const struct auth_session_info *session_inf *perr = WERR_OK; error_exit: - unbecome_user(); + unbecome_user_without_service(); error_free_conn: if (fsp != NULL) { close_file(NULL, fsp, NORMAL_CLOSE); @@ -1546,7 +1546,7 @@ WERROR move_driver_to_download_area(const struct auth_session_info *session_info goto err_free_conn; } - if (!become_user_by_session(conn, session_info)) { + if (!become_user_without_service_by_session(conn, session_info)) { DEBUG(0, ("failed to become user\n")); err = WERR_ACCESS_DENIED; goto err_free_conn; @@ -1691,7 +1691,7 @@ WERROR move_driver_to_download_area(const struct auth_session_info *session_info err = WERR_OK; err_exit: - unbecome_user(); + unbecome_user_without_service(); err_free_conn: TALLOC_FREE(frame); return err; @@ -2087,7 +2087,7 @@ bool delete_driver_files(const struct auth_session_info *session_info, goto err_free_conn; } - if (!become_user_by_session(conn, session_info)) { + if (!become_user_without_service_by_session(conn, session_info)) { DEBUG(0, ("failed to become user\n")); ret = false; goto err_free_conn; @@ -2139,7 +2139,7 @@ bool delete_driver_files(const struct auth_session_info *session_info, ret = true; err_out: - unbecome_user(); + unbecome_user_without_service(); err_free_conn: TALLOC_FREE(frame); return ret; diff --git a/source3/rpc_server/fss/srv_fss_agent.c b/source3/rpc_server/fss/srv_fss_agent.c index 03c2668171b..13b4806e6a2 100644 --- a/source3/rpc_server/fss/srv_fss_agent.c +++ b/source3/rpc_server/fss/srv_fss_agent.c @@ -766,14 +766,14 @@ uint32_t _fss_AddToShadowCopySet(struct pipes_struct *p, ret = HRES_ERROR_V(HRES_E_ACCESSDENIED); goto err_tmp_free; } - if (!become_user_by_session(conn, p->session_info)) { + if (!become_user_without_service_by_session(conn, p->session_info)) { DEBUG(0, ("failed to become user\n")); ret = HRES_ERROR_V(HRES_E_ACCESSDENIED); goto err_tmp_free; } status = SMB_VFS_SNAP_CHECK_PATH(conn, frame, path_name, &base_vol); - unbecome_user(); + unbecome_user_without_service(); if (!NT_STATUS_IS_OK(status)) { ret = FSRVP_E_NOT_SUPPORTED; goto err_tmp_free; @@ -893,7 +893,7 @@ static NTSTATUS commit_sc_with_conn(TALLOC_CTX *mem_ctx, return status; } - if (!become_user_by_session(conn, session_info)) { + if (!become_user_without_service_by_session(conn, session_info)) { DEBUG(0, ("failed to become user\n")); TALLOC_FREE(frame); return NT_STATUS_ACCESS_DENIED; @@ -903,7 +903,7 @@ static NTSTATUS commit_sc_with_conn(TALLOC_CTX *mem_ctx, sc->volume_name, &sc->create_ts, rw, base_path, snap_path); - unbecome_user(); + unbecome_user_without_service(); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("snap create failed: %s\n", nt_errstr(status))); TALLOC_FREE(frame); @@ -1349,7 +1349,7 @@ uint32_t _fss_IsPathSupported(struct pipes_struct *p, TALLOC_FREE(frame); return HRES_ERROR_V(HRES_E_ACCESSDENIED); } - if (!become_user_by_session(conn, p->session_info)) { + if (!become_user_without_service_by_session(conn, p->session_info)) { DEBUG(0, ("failed to become user\n")); TALLOC_FREE(frame); return HRES_ERROR_V(HRES_E_ACCESSDENIED); @@ -1357,7 +1357,7 @@ uint32_t _fss_IsPathSupported(struct pipes_struct *p, status = SMB_VFS_SNAP_CHECK_PATH(conn, frame, lp_path(frame, snum), &base_vol); - unbecome_user(); + unbecome_user_without_service(); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); return FSRVP_E_NOT_SUPPORTED; @@ -1628,7 +1628,7 @@ uint32_t _fss_DeleteShareMapping(struct pipes_struct *p, if (!NT_STATUS_IS_OK(status)) { goto err_tmp_free; } - if (!become_user_by_session(conn, p->session_info)) { + if (!become_user_without_service_by_session(conn, p->session_info)) { DEBUG(0, ("failed to become user\n")); status = NT_STATUS_ACCESS_DENIED; goto err_tmp_free; @@ -1636,7 +1636,7 @@ uint32_t _fss_DeleteShareMapping(struct pipes_struct *p, status = SMB_VFS_SNAP_DELETE(conn, frame, sc->volume_name, sc->sc_path); - unbecome_user(); + unbecome_user_without_service(); if (!NT_STATUS_IS_OK(status)) { goto err_tmp_free; } diff --git a/source3/smbd/close.c b/source3/smbd/close.c index 9786c826439..baae5b736ff 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -338,7 +338,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, * wrote a real delete on close. */ if (get_current_vuid(conn) != fsp->vuid) { - become_user(conn, fsp->vuid); + become_user_without_service(conn, fsp->vuid); became_user = True; } fsp->delete_on_close = true; @@ -346,7 +346,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, get_current_nttok(conn), get_current_utok(conn)); if (became_user) { - unbecome_user(); + unbecome_user_without_service(); } } @@ -1141,7 +1141,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp, * wrote a real delete on close. */ if (get_current_vuid(fsp->conn) != fsp->vuid) { - become_user(fsp->conn, fsp->vuid); + become_user_without_service(fsp->conn, fsp->vuid); became_user = True; } send_stat_cache_delete_message(fsp->conn->sconn->msg_ctx, @@ -1151,7 +1151,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp, get_current_utok(fsp->conn)); fsp->delete_on_close = true; if (became_user) { - unbecome_user(); + unbecome_user_without_service(); } } diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index d471e2ed2cb..5ebee0486e7 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -1198,11 +1198,11 @@ void become_root(void); void unbecome_root(void); void smbd_become_root(void); void smbd_unbecome_root(void); -bool become_user(connection_struct *conn, uint64_t vuid); -bool become_user_by_fsp(struct files_struct *fsp); -bool become_user_by_session(connection_struct *conn, +bool become_user_without_service(connection_struct *conn, uint64_t vuid); +bool become_user_without_service_by_fsp(struct files_struct *fsp); +bool become_user_without_service_by_session(connection_struct *conn, const struct auth_session_info *session_info); -bool unbecome_user(void); +bool unbecome_user_without_service(void); uid_t get_current_uid(connection_struct *conn); gid_t get_current_gid(connection_struct *conn); const struct security_unix_token *get_current_utok(connection_struct *conn); diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 106f1430011..0e8d5bca4de 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -659,7 +659,7 @@ void smbd_unbecome_root(void) Saves and restores the connection context. ****************************************************************************/ -bool become_user(connection_struct *conn, uint64_t vuid) +bool become_user_without_service(connection_struct *conn, uint64_t vuid) { struct user_struct *vuser; int snum = SNUM(conn); @@ -696,12 +696,12 @@ bool become_user(connection_struct *conn, uint64_t vuid) return true; } -bool become_user_by_fsp(struct files_struct *fsp) +bool become_user_without_service_by_fsp(struct files_struct *fsp) { - return become_user(fsp->conn, fsp->vuid); + return become_user_without_service(fsp->conn, fsp->vuid); } -bool become_user_by_session(connection_struct *conn, +bool become_user_without_service_by_session(connection_struct *conn, const struct auth_session_info *session_info) { bool ok; @@ -726,7 +726,7 @@ bool become_user_by_session(connection_struct *conn, return true; } -bool unbecome_user(void) +bool unbecome_user_without_service(void) { pop_sec_ctx(); pop_conn_ctx(); diff --git a/source3/utils/net_vfs.c b/source3/utils/net_vfs.c index eca8b5f136e..c9e115292b3 100644 --- a/source3/utils/net_vfs.c +++ b/source3/utils/net_vfs.c @@ -186,9 +186,11 @@ static int net_vfs_init(struct net_context *c, int argc, const char **argv) state.conn_tos->conn->read_only = false; file_init(state.conn_tos->conn->sconn); - ok = become_user_by_session(state.conn_tos->conn, state.session_info); + ok = become_user_without_service_by_session(state.conn_tos->conn, + state.session_info); if (!ok) { - fprintf(stderr, "become_user_by_session failed\n"); + fprintf(stderr, + "become_user_without_service_by_session failed\n"); goto done; } |