diff options
| -rw-r--r-- | source3/include/vfs.h | 1 | ||||
| -rw-r--r-- | source3/modules/vfs_aio_pthread.c | 2 | ||||
| -rw-r--r-- | source3/smbd/process.c | 2 | ||||
| -rw-r--r-- | source3/smbd/proto.h | 2 | ||||
| -rw-r--r-- | source3/smbd/service.c | 4 | ||||
| -rw-r--r-- | source3/smbd/smb2_server.c | 2 | ||||
| -rw-r--r-- | source3/smbd/smb2_setinfo.c | 4 | ||||
| -rw-r--r-- | source3/smbd/uid.c | 13 |
8 files changed, 19 insertions, 11 deletions
diff --git a/source3/include/vfs.h b/source3/include/vfs.h index d164e91e886..289da0c9672 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -278,6 +278,7 @@ /* Version 42 - Move SMB_VFS_READLINK -> SMB_VFS_READLINKAT. */ /* Version 42 - Move SMB_VFS_SYMLINK -> SMB_VFS_SYMLINKAT. */ /* Version 42 - Move SMB_VFS_MKDIR -> SMB_VFS_MKDIRAT. */ +/* Version 42 - Move change_to_user() -> change_to_user_and_service() */ #define SMB_VFS_INTERFACE_VERSION 42 diff --git a/source3/modules/vfs_aio_pthread.c b/source3/modules/vfs_aio_pthread.c index 577180b6b01..a7d97223dbd 100644 --- a/source3/modules/vfs_aio_pthread.c +++ b/source3/modules/vfs_aio_pthread.c @@ -105,7 +105,7 @@ static void aio_open_handle_completion(struct tevent_req *subreq) /* * Make sure we run as the user again */ - ok = change_to_user(opd->conn, opd->conn->vuid); + ok = change_to_user_and_service(opd->conn, opd->conn->vuid); if (!ok) { smb_panic("Can't change to user"); return; diff --git a/source3/smbd/process.c b/source3/smbd/process.c index ab3c08b27ae..0e0d45d2af1 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1626,7 +1626,7 @@ static connection_struct *switch_message(uint8_t type, struct smb_request *req) * change_to_user() implies set_current_user_info() * and chdir_connect_service(). */ - if (!change_to_user(conn,session_tag)) { + if (!change_to_user_and_service(conn,session_tag)) { DEBUG(0, ("Error: Could not change to user. Removing " "deferred open, mid=%llu.\n", (unsigned long long)req->mid)); diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 7efbb80d3e3..7829546c987 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -1189,7 +1189,7 @@ NTSTATUS check_user_share_access(connection_struct *conn, const struct auth_session_info *session_info, uint32_t *p_share_access, bool *p_readonly_share); -bool change_to_user(connection_struct *conn, uint64_t vuid); +bool change_to_user_and_service(connection_struct *conn, uint64_t vuid); bool change_to_user_by_fsp(struct files_struct *fsp); bool smbd_change_to_root_user(void); bool smbd_become_authenticated_pipe_user(struct auth_session_info *session_info); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 7b3abe4c3e0..7e252a459b3 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -747,7 +747,7 @@ static NTSTATUS make_connection_snum(struct smbXsrv_connection *xconn, } /* USER Activites: */ - if (!change_to_user(conn, conn->vuid)) { + if (!change_to_user_and_service(conn, conn->vuid)) { /* No point continuing if they fail the basic checks */ DEBUG(0,("Can't become connected user!\n")); status = NT_STATUS_LOGON_FAILURE; @@ -1162,7 +1162,7 @@ void close_cnum(connection_struct *conn, uint64_t vuid) /* execute any "postexec = " line */ if (*lp_postexec(talloc_tos(), SNUM(conn)) && - change_to_user(conn, vuid)) { + change_to_user_and_service(conn, vuid)) { char *cmd = talloc_sub_advanced(talloc_tos(), lp_const_servicename(SNUM(conn)), conn->session_info->unix_info->unix_name, diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 0776fa2bdd2..5a98a2e82d4 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1883,7 +1883,7 @@ static NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req) return status; } - if (!change_to_user(tcon->compat, req->session->compat->vuid)) { + if (!change_to_user_and_service(tcon->compat, req->session->compat->vuid)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/smbd/smb2_setinfo.c b/source3/smbd/smb2_setinfo.c index 82abd9c9d2e..49b921cd092 100644 --- a/source3/smbd/smb2_setinfo.c +++ b/source3/smbd/smb2_setinfo.c @@ -295,8 +295,8 @@ static void defer_rename_done(struct tevent_req *subreq) /* * Make sure we run as the user again */ - ok = change_to_user(state->smb2req->tcon->compat, - state->smb2req->session->compat->vuid); + ok = change_to_user_and_service(state->smb2req->tcon->compat, + state->smb2req->session->compat->vuid); if (!ok) { tevent_req_nterror(state->req, NT_STATUS_ACCESS_DENIED); return; diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 8fa38e459dd..2dd0d11367a 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -454,7 +454,14 @@ static bool change_to_user_internal(connection_struct *conn, return true; } -bool change_to_user(connection_struct *conn, uint64_t vuid) +/** + * Impersonate user and change directory to service + * + * change_to_user_and_service() is used to impersonate the user associated with + * the given vuid and to change the working directory of the process to the + * service base directory. + **/ +bool change_to_user_and_service(connection_struct *conn, uint64_t vuid) { struct user_struct *vuser; int snum = SNUM(conn); @@ -478,7 +485,7 @@ bool change_to_user(connection_struct *conn, uint64_t vuid) bool change_to_user_by_fsp(struct files_struct *fsp) { - return change_to_user(fsp->conn, fsp->vuid); + return change_to_user_and_service(fsp->conn, fsp->vuid); } static bool change_to_user_by_session(connection_struct *conn, @@ -661,7 +668,7 @@ bool become_user(connection_struct *conn, uint64_t vuid) push_conn_ctx(); - if (!change_to_user(conn, vuid)) { + if (!change_to_user_and_service(conn, vuid)) { pop_sec_ctx(); pop_conn_ctx(); return False; |