mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
smbd: remove struct privilege_paths
The last user of this had been removed by
d485c43cc7
.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 31 19:32:12 UTC 2020 on sn-devel-184
This commit is contained in:
parent
89041a6d18
commit
9edd7268b6
@ -543,7 +543,6 @@ typedef struct connection_struct {
|
||||
} connection_struct;
|
||||
|
||||
struct smbd_smb2_request;
|
||||
struct privilege_paths;
|
||||
struct referral;
|
||||
|
||||
struct smb_request {
|
||||
@ -600,12 +599,6 @@ struct smb_request {
|
||||
*/
|
||||
struct smbd_smb2_request *smb2req;
|
||||
|
||||
/*
|
||||
* Pathnames used if request done
|
||||
* under privilege.
|
||||
*/
|
||||
struct privilege_paths *priv_paths;
|
||||
|
||||
/*
|
||||
* Request list for chained requests, we're part of it.
|
||||
*/
|
||||
|
@ -632,7 +632,6 @@ static bool init_smb_request(struct smb_request *req,
|
||||
}
|
||||
req->chain_fsp = NULL;
|
||||
req->smb2req = NULL;
|
||||
req->priv_paths = NULL;
|
||||
req->chain = NULL;
|
||||
req->posix_pathnames = lp_posix_pathnames();
|
||||
smb_init_perfcount_data(&req->pcd);
|
||||
|
@ -26,15 +26,6 @@ struct dptr_struct;
|
||||
#include "smbd/proto.h"
|
||||
#include "locking/proto.h"
|
||||
|
||||
/*
|
||||
* Pathnames used if request done
|
||||
* under privilege.
|
||||
*/
|
||||
struct privilege_paths {
|
||||
struct smb_filename parent_name;
|
||||
struct smb_filename file_name;
|
||||
};
|
||||
|
||||
struct trans_state {
|
||||
struct trans_state *next, *prev;
|
||||
uint64_t vuid; /* SMB2 compat */
|
||||
|
@ -1025,36 +1025,29 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
|
||||
struct smb_filename *resolved_fname = NULL;
|
||||
struct smb_filename *saved_dir_fname = NULL;
|
||||
struct smb_filename *smb_fname_cwd = NULL;
|
||||
struct privilege_paths *priv_paths = NULL;
|
||||
int ret;
|
||||
struct smb_filename parent_name = { 0 };
|
||||
struct smb_filename file_name = { 0 };
|
||||
|
||||
DEBUG(3,("check_reduced_name_with_privilege [%s] [%s]\n",
|
||||
smb_fname->base_name,
|
||||
conn->connectpath));
|
||||
|
||||
|
||||
priv_paths = talloc_zero(smbreq, struct privilege_paths);
|
||||
if (!priv_paths) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!parent_dirname(ctx, smb_fname->base_name,
|
||||
&dir_name, &last_component)) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto err;
|
||||
}
|
||||
|
||||
priv_paths->parent_name.base_name = talloc_strdup(priv_paths, dir_name);
|
||||
priv_paths->file_name.base_name = talloc_strdup(priv_paths, last_component);
|
||||
|
||||
if (priv_paths->parent_name.base_name == NULL ||
|
||||
priv_paths->file_name.base_name == NULL) {
|
||||
parent_name.base_name = dir_name;
|
||||
file_name.base_name = talloc_strdup(ctx, last_component);
|
||||
if (file_name.base_name == NULL) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (SMB_VFS_STAT(conn, &priv_paths->parent_name) != 0) {
|
||||
if (SMB_VFS_STAT(conn, &parent_name) != 0) {
|
||||
status = map_nt_error_from_unix(errno);
|
||||
goto err;
|
||||
}
|
||||
@ -1065,7 +1058,7 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (vfs_ChDir(conn, &priv_paths->parent_name) == -1) {
|
||||
if (vfs_ChDir(conn, &parent_name) == -1) {
|
||||
status = map_nt_error_from_unix(errno);
|
||||
goto err;
|
||||
}
|
||||
@ -1092,7 +1085,7 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
|
||||
}
|
||||
|
||||
DEBUG(10,("check_reduced_name_with_privilege: realpath [%s] -> [%s]\n",
|
||||
priv_paths->parent_name.base_name,
|
||||
parent_name.base_name,
|
||||
resolved_name));
|
||||
|
||||
/* Now check the stat value is the same. */
|
||||
@ -1102,11 +1095,11 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
|
||||
}
|
||||
|
||||
/* Ensure we're pointing at the same place. */
|
||||
if (!check_same_stat(&smb_fname_cwd->st, &priv_paths->parent_name.st)) {
|
||||
if (!check_same_stat(&smb_fname_cwd->st, &parent_name.st)) {
|
||||
DEBUG(0,("check_reduced_name_with_privilege: "
|
||||
"device/inode/uid/gid on directory %s changed. "
|
||||
"Denying access !\n",
|
||||
priv_paths->parent_name.base_name));
|
||||
parent_name.base_name));
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
goto err;
|
||||
}
|
||||
@ -1153,30 +1146,30 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
|
||||
/* Now ensure that the last component either doesn't
|
||||
exist, or is *NOT* a symlink. */
|
||||
|
||||
ret = SMB_VFS_LSTAT(conn, &priv_paths->file_name);
|
||||
ret = SMB_VFS_LSTAT(conn, &file_name);
|
||||
if (ret == -1) {
|
||||
/* Errno must be ENOENT for this be ok. */
|
||||
if (errno != ENOENT) {
|
||||
status = map_nt_error_from_unix(errno);
|
||||
DEBUG(2, ("check_reduced_name_with_privilege: "
|
||||
"LSTAT on %s failed with %s\n",
|
||||
priv_paths->file_name.base_name,
|
||||
file_name.base_name,
|
||||
nt_errstr(status)));
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
if (VALID_STAT(priv_paths->file_name.st) &&
|
||||
S_ISLNK(priv_paths->file_name.st.st_ex_mode)) {
|
||||
if (VALID_STAT(file_name.st) &&
|
||||
S_ISLNK(file_name.st.st_ex_mode))
|
||||
{
|
||||
DEBUG(2, ("check_reduced_name_with_privilege: "
|
||||
"Last component %s is a symlink. Denying"
|
||||
"access.\n",
|
||||
priv_paths->file_name.base_name));
|
||||
file_name.base_name));
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
goto err;
|
||||
}
|
||||
|
||||
smbreq->priv_paths = priv_paths;
|
||||
status = NT_STATUS_OK;
|
||||
|
||||
err:
|
||||
@ -1186,9 +1179,6 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
|
||||
TALLOC_FREE(saved_dir_fname);
|
||||
}
|
||||
TALLOC_FREE(resolved_fname);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
TALLOC_FREE(priv_paths);
|
||||
}
|
||||
TALLOC_FREE(dir_name);
|
||||
return status;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user