sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

s3:smbd: add helpers to deny vfs calls in some sections

Browse Source 
Code denying vfs calls can do:

{
   struct smb_vfs_deny_state vfs_deny = {};

   smb_vfs_deny_push(&vfs_deny);

   VFS calls are not allowed here...

   smb_vfs_deny_pop(&vfs_deny);
}

This will allow us to safely run some code under a
tdb chainlock later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Stefan Metzmacher 2022-08-21 15:37:18 +02:00 committed by Jeremy Allison
parent 641bfc5905
commit f2fdeb17ec
2 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
source3/include/vfs.h
View File

@ -1405,6 +1405,18 @@ struct vfs_statvfs_struct {
#include "vfs_macros.h"
struct smb_vfs_deny_state {
struct smb_vfs_deny_state *parent;
const char *location;
};
void smb_vfs_assert_allowed(void);
void _smb_vfs_deny_push(struct smb_vfs_deny_state *state, const char *location);
#define smb_vfs_deny_push(__state) _smb_vfs_deny_push(__state, __location__);
void _smb_vfs_deny_pop(struct smb_vfs_deny_state *state, const char *location);
#define smb_vfs_deny_pop(__state) _smb_vfs_deny_pop(__state, __location__);
int smb_vfs_call_connect(struct vfs_handle_struct *handle,
const char *service, const char *user);
void smb_vfs_call_disconnect(struct vfs_handle_struct *handle);

37
source3/smbd/vfs.c
View File

@ -1333,7 +1333,44 @@ NTSTATUS vfs_fget_dos_attributes(struct files_struct *fsp,
return NT_STATUS_OK;
}
static struct smb_vfs_deny_state *smb_vfs_deny_global;
void smb_vfs_assert_allowed(void)
{
if (unlikely(smb_vfs_deny_global != NULL)) {
DBG_ERR("Called with VFS denied by %s\n",
smb_vfs_deny_global->location);
smb_panic("Called with VFS denied!");
}
}
void _smb_vfs_deny_push(struct smb_vfs_deny_state *state, const char *location)
{
SMB_ASSERT(smb_vfs_deny_global != state);
*state = (struct smb_vfs_deny_state) {
.parent = smb_vfs_deny_global,
.location = location,
};
smb_vfs_deny_global = state;
}
void _smb_vfs_deny_pop(struct smb_vfs_deny_state *state, const char *location)
{
SMB_ASSERT(smb_vfs_deny_global == state);
smb_vfs_deny_global = state->parent;
*state = (struct smb_vfs_deny_state) { .parent = NULL, };
}
#define VFS_FIND(__fn__) do { \
if (unlikely(smb_vfs_deny_global != NULL)) { \
DBG_ERR("Called with VFS denied by %s\n", \
smb_vfs_deny_global->location); \
smb_panic("Called with VFS denied!"); \
} \
while (handle->fns->__fn__##_fn==NULL) { \
handle = handle->next; \
} \