smbd: Avoid share_mode_lock dereference in scavenger

Pass "struct file_id" to callees without accessing share_mode_lock
internals

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/scavenger.c b/source3/smbd/scavenger.c
index 8e7ed0572d8b0f7b2210f67b099247811aa6cb4c..6e8f97b530fef201120f5245343320e46436e33e 100644 (file)
--- a/source3/smbd/scavenger.c
+++ b/source3/smbd/scavenger.c
@@ -467,6 +467,7 @@ struct scavenger_timer_context {
 };
 
 struct cleanup_disconnected_state {
+       struct file_id fid;
        struct share_mode_lock *lck;
        uint64_t open_persistent_id;
        size_t num_disconnected;
@@ -479,8 +480,7 @@ static bool cleanup_disconnected_lease(struct share_mode_entry *e,
        struct cleanup_disconnected_state *state = private_data;
        NTSTATUS status;
 
-       status = leases_db_del(
-               &e->client_guid, &e->lease_key, &state->lck->data->id);
+       status = leases_db_del(&e->client_guid, &e->lease_key, &state->fid);
 
        if (!NT_STATUS_IS_OK(status)) {
                DBG_DEBUG("leases_db_del failed: %s\n",
@@ -506,7 +506,7 @@ static bool share_mode_find_connected_fn(
                struct server_id_buf tmp2;
                DBG_INFO("file (file-id='%s', servicepath='%s', name='%s') "
                         "is used by server %s ==> do not cleanup\n",
-                        file_id_str_buf(d->id, &tmp1),
+                        file_id_str_buf(state->fid, &tmp1),
                         d->servicepath,
                         name,
                         server_id_str_buf(e->pid, &tmp2));
@@ -522,7 +522,7 @@ static bool share_mode_find_connected_fn(
                         "(file-id='%s', servicepath='%s', name='%s') "
                         "has share_file_id %"PRIu64" but expected "
                         "%"PRIu64"==> do not cleanup\n",
-                        file_id_str_buf(d->id, &tmp),
+                        file_id_str_buf(state->fid, &tmp),
                         d->servicepath,
                         name,
                         e->share_file_id,
@@ -554,7 +554,7 @@ static bool cleanup_disconnected_share_mode_entry_fn(
                struct server_id_buf tmp2;
                DBG_ERR("file (file-id='%s', servicepath='%s', name='%s') "
                        "is used by server %s ==> internal error\n",
-                       file_id_str_buf(d->id, &tmp1),
+                       file_id_str_buf(state->fid, &tmp1),
                        d->servicepath,
                        name,
                        server_id_str_buf(e->pid, &tmp2));
@@ -574,6 +574,7 @@ static bool share_mode_cleanup_disconnected(
        struct file_id fid, uint64_t open_persistent_id)
 {
        struct cleanup_disconnected_state state = {
+               .fid = fid,
                .open_persistent_id = open_persistent_id
        };
        struct share_mode_data *data;