s3-printing: vfs_connect prior to driver/dfs IO

samba3.posix_s3.rpc.spoolss.driver fails with the xattr_tdb vfs module
loaded as a part of make test. The (now checked) create_directory() call
in move_driver_to_download_area() fails, uncovering another bug in the
printer driver upload code path.

move_driver_to_download_area() creates a new conn_struct for
manipulating files in [print$]. The VFS layer is plumbed through with
the call to create_conn_struct(), however SMB_VFS_CONNECT() is never
called. Many vfs modules expect state stored at connect time with
SMB_VFS_HANDLE_SET_DATA() to be available on any IO operation and fail
if this is not the case.

This fix adds a call to SMB_VFS_CONNECT() in create_conn_struct() prior
to IO.

https://bugzilla.samba.org/show_bug.cgi?id=7976

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Mar  2 01:16:30 CET 2011 on sn-devel-104

diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 3b805f4f55457628043025c185e72ecb8024ead0..d77320cf020626d1a2943fca23f387428d29ac84 100644 (file)
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -726,6 +726,7 @@ static uint32 get_correct_cversion(struct pipes_struct *p,
        }
        if (conn != NULL) {
                vfs_ChDir(conn, oldcwd);
+               SMB_VFS_DISCONNECT(conn);
                conn_free(conn);
        }
        if (!NT_STATUS_IS_OK(*perr)) {
@@ -1130,6 +1131,7 @@ WERROR move_driver_to_download_area(struct pipes_struct *p,
 
        if (conn != NULL) {
                vfs_ChDir(conn, oldcwd);
+               SMB_VFS_DISCONNECT(conn);
                conn_free(conn);
        }
 
@@ -1968,6 +1970,7 @@ bool delete_driver_files(const struct auth_serversupplied_info *session_info,
  err_out:
        if (conn != NULL) {
                vfs_ChDir(conn, oldcwd);
+               SMB_VFS_DISCONNECT(conn);
                conn_free(conn);
        }
        return ret;

diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 31df4886bbe8f63a0f42f32f2aa377c29c9905a2..40687a0e4ef892ce82d726e6cc62a6e532149b42 100644 (file)
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -2231,6 +2231,7 @@ error_exit:
        }
 
        if (conn) {
+               SMB_VFS_DISCONNECT(conn);
                conn_free(conn);
        }
 
@@ -2374,6 +2375,7 @@ error_exit:
        }
 
        if (conn) {
+               SMB_VFS_DISCONNECT(conn);
                conn_free(conn);
        }
 

diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 07b09330313caab837c7a201de8aa60f7f5ba605..c11e66e3b8713d387fe49e38ec7244f400ba5e1c 100644 (file)
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -212,7 +212,7 @@ static NTSTATUS parse_dfs_path(connection_struct *conn,
 
 /********************************************************
  Fake up a connection struct for the VFS layer.
- Note this CHANGES CWD !!!! JRA.
+ Note: this performs a vfs connect and CHANGES CWD !!!! JRA.
 *********************************************************/
 
 NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
@@ -225,6 +225,7 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
        connection_struct *conn;
        char *connpath;
        char *oldcwd;
+       const char *vfs_user;
 
        conn = TALLOC_ZERO_P(ctx, connection_struct);
        if (conn == NULL) {
@@ -265,6 +266,10 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
                        TALLOC_FREE(conn);
                        return NT_STATUS_NO_MEMORY;
                }
+               vfs_user = conn->session_info->unix_name;
+       } else {
+               /* use current authenticated user in absence of session_info */
+               vfs_user = get_current_username();
        }
 
        set_conn_connectpath(conn, connpath);
@@ -276,6 +281,13 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
                return status;
        }
 
+       /* this must be the first filesystem operation that we do */
+       if (SMB_VFS_CONNECT(conn, lp_servicename(snum), vfs_user) < 0) {
+               DEBUG(0,("VFS connect failed!\n"));
+               conn_free(conn);
+               return NT_STATUS_UNSUCCESSFUL;
+       }
+
        conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn, &conn->ts_res);
 
        /*
@@ -937,10 +949,7 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx,
        if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
                DEBUG(3,("get_referred_path: No valid referrals for path %s\n",
                        dfs_path));
-               vfs_ChDir(conn, oldpath);
-               conn_free(conn);
-               TALLOC_FREE(pdp);
-               return status;
+               goto err_exit;
        }
 
        /* We know this is a valid dfs link. Parse the targetpath. */
@@ -949,16 +958,17 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx,
                                &jucn->referral_count)) {
                DEBUG(3,("get_referred_path: failed to parse symlink "
                        "target %s\n", targetpath ));
-               vfs_ChDir(conn, oldpath);
-               conn_free(conn);
-               TALLOC_FREE(pdp);
-               return NT_STATUS_NOT_FOUND;
+               status = NT_STATUS_NOT_FOUND;
+               goto err_exit;
        }
 
+       status = NT_STATUS_OK;
+ err_exit:
        vfs_ChDir(conn, oldpath);
+       SMB_VFS_DISCONNECT(conn);
        conn_free(conn);
        TALLOC_FREE(pdp);
-       return NT_STATUS_OK;
+       return status;
 }
 
 static int setup_ver2_dfs_referral(const char *pathname,
@@ -1373,6 +1383,7 @@ static bool junction_to_local_path(const struct junction_map *jucn,
                        jucn->volume_name);
        if (!*pp_path_out) {
                vfs_ChDir(*conn_out, *oldpath);
+               SMB_VFS_DISCONNECT(*conn_out);
                conn_free(*conn_out);
                return False;
        }
@@ -1461,6 +1472,7 @@ bool create_msdfs_link(const struct junction_map *jucn)
 
 out:
        vfs_ChDir(conn, cwd);
+       SMB_VFS_DISCONNECT(conn);
        conn_free(conn);
        return ret;
 }
@@ -1492,6 +1504,7 @@ bool remove_msdfs_link(const struct junction_map *jucn)
 
        TALLOC_FREE(smb_fname);
        vfs_ChDir(conn, cwd);
+       SMB_VFS_DISCONNECT(conn);
        conn_free(conn);
        return ret;
 }
@@ -1556,6 +1569,7 @@ static int count_dfs_links(TALLOC_CTX *ctx, int snum)
 
 out:
        vfs_ChDir(conn, cwd);
+       SMB_VFS_DISCONNECT(conn);
        conn_free(conn);
        return cnt;
 }