For now they just add debugging, but that will change shortly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
for (i=0; i< VUID_CACHE_SIZE; i++) {
struct vuid_cache_entry *ent = &conn->vuid_cache->array[i];
ent->vuid = UID_FIELD_INVALID;
- ent->user_ev_ctx = NULL;
+ TALLOC_FREE(ent->user_ev_ctx);
TALLOC_FREE(ent->session_info);
ent->read_only = false;
ent->share_access = 0;
if (conn->user_ev_ctx == ent->user_ev_ctx) {
conn->user_ev_ctx = NULL;
}
- ent->user_ev_ctx = NULL;
+ TALLOC_FREE(ent->user_ev_ctx);
/*
* We need to keep conn->session_info around
return NT_STATUS_NO_MEMORY;
}
- sconn->root_ev_ctx = sconn->raw_ev_ctx;
- sconn->guest_ev_ctx = sconn->raw_ev_ctx;
+ sconn->root_ev_ctx = smbd_impersonate_root_create(sconn->raw_ev_ctx);
+ if (sconn->root_ev_ctx == NULL) {
+ TALLOC_FREE(sconn);
+ return NT_STATUS_NO_MEMORY;
+ }
+ sconn->guest_ev_ctx = smbd_impersonate_guest_create(sconn->raw_ev_ctx);
+ if (sconn->guest_ev_ctx == NULL) {
+ TALLOC_FREE(sconn);
+ return NT_STATUS_NO_MEMORY;
+ }
+
sconn->msg_ctx = msg;
conn = conn_new(sconn);
vfs_user = get_current_username();
}
- conn->user_ev_ctx = sconn->raw_ev_ctx;
+ /*
+ * The impersonation has to be done by the caller
+ * of create_conn_struct_tos[_cwd]().
+ *
+ * Note: the context can't be changed anyway
+ * as we're using our own tevent_context
+ * and not a global one were other requests
+ * could change the current unix token.
+ *
+ * We just use a wrapper tevent_context in order
+ * to avoid crashes because TALLOC_FREE(conn->user_ev_ctx)
+ * would also remove sconn->raw_ev_ctx.
+ */
+ conn->user_ev_ctx = smbd_impersonate_debug_create(sconn->raw_ev_ctx,
+ "FAKE impersonation",
+ DBGLVL_DEBUG);
+ if (conn->user_ev_ctx == NULL) {
+ TALLOC_FREE(conn);
+ return NT_STATUS_NO_MEMORY;
+ }
set_conn_connectpath(conn, connpath);
.ev = ev_ctx,
.frame = talloc_stackframe(),
};
+ struct tevent_context *root_ev_ctx = NULL;
+ struct tevent_context *guest_ev_ctx = NULL;
struct smbXsrv_client *client = NULL;
struct smbd_server_connection *sconn = NULL;
struct smbXsrv_connection *xconn = NULL;
char *chroot_dir = NULL;
int rc;
+ root_ev_ctx = smbd_impersonate_root_create(ev_ctx);
+ if (root_ev_ctx == NULL) {
+ DEBUG(0,("smbd_impersonate_root_create() failed\n"));
+ exit_server_cleanly("smbd_impersonate_root_create().\n");
+ }
+
+ guest_ev_ctx = smbd_impersonate_guest_create(ev_ctx);
+ if (guest_ev_ctx == NULL) {
+ DEBUG(0,("smbd_impersonate_guest_create() failed\n"));
+ exit_server_cleanly("smbd_impersonate_guest_create().\n");
+ }
+
status = smbXsrv_client_create(ev_ctx, ev_ctx, msg_ctx, now, &client);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("smbXsrv_client_create(): %s\n", nt_errstr(status));
sconn->client = client;
sconn->raw_ev_ctx = ev_ctx;
- sconn->root_ev_ctx = ev_ctx;
- sconn->guest_ev_ctx = ev_ctx;
+ sconn->root_ev_ctx = root_ev_ctx;
+ sconn->guest_ev_ctx = guest_ev_ctx;
sconn->msg_ctx = msg_ctx;
ret = pthreadpool_tevent_init(sconn, lp_aio_max_threads(),
}
}
/* Not used, safe to free. */
- conn->user_ev_ctx = NULL;
+ TALLOC_FREE(conn->user_ev_ctx);
TALLOC_FREE(conn->session_info);
}
ent->session_info->unix_token->uid = sec_initial_uid();
}
- ent->user_ev_ctx = conn->sconn->raw_ev_ctx;
+ if (vuid == UID_FIELD_INVALID) {
+ ent->user_ev_ctx = smbd_impersonate_conn_sess_create(
+ conn->sconn->raw_ev_ctx, conn, ent->session_info);
+ if (ent->user_ev_ctx == NULL) {
+ TALLOC_FREE(ent->session_info);
+ ent->vuid = UID_FIELD_INVALID;
+ return false;
+ }
+ } else {
+ ent->user_ev_ctx = smbd_impersonate_conn_vuid_create(
+ conn->sconn->raw_ev_ctx, conn, vuid);
+ if (ent->user_ev_ctx == NULL) {
+ TALLOC_FREE(ent->session_info);
+ ent->vuid = UID_FIELD_INVALID;
+ return false;
+ }
+ }
/*
* It's actually OK to call check_user_ok() with