Revert "smbd: make use of smbd_impersonate_{conn_vuid,conn_sess,root,guest}_create...
authorRalph Boehme <slow@samba.org>
Thu, 27 Dec 2018 10:38:34 +0000 (11:38 +0100)
committerStefan Metzmacher <metze@samba.org>
Fri, 11 Jan 2019 22:11:15 +0000 (23:11 +0100)
This reverts commit 0dcaa0707bad67f7bfaa10ccaf167bfefbe87a0c.

See the discussion in

https://lists.samba.org/archive/samba-technical/2018-December/131731.html

for the reasoning behind this revert.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
source3/modules/vfs_readonly.c
source3/smbd/conn.c
source3/smbd/msdfs.c
source3/smbd/process.c
source3/smbd/uid.c

index e7e1274..570eb7c 100644 (file)
@@ -84,7 +84,7 @@ static int readonly_connect(vfs_handle_struct *handle,
       for (i=0; i< VUID_CACHE_SIZE; i++) {
         struct vuid_cache_entry *ent = &conn->vuid_cache->array[i];
         ent->vuid = UID_FIELD_INVALID;
-        TALLOC_FREE(ent->user_ev_ctx);
+        ent->user_ev_ctx = NULL;
         TALLOC_FREE(ent->session_info);
         ent->read_only = false;
         ent->share_access = 0;
index cfff640..3b9aaac 100644 (file)
@@ -98,7 +98,7 @@ static void conn_clear_vuid_cache(connection_struct *conn, uint64_t vuid)
                        if (conn->user_ev_ctx == ent->user_ev_ctx) {
                                conn->user_ev_ctx = NULL;
                        }
-                       TALLOC_FREE(ent->user_ev_ctx);
+                       ent->user_ev_ctx = NULL;
 
                        /*
                         * We need to keep conn->session_info around
index 5283edb..a577164 100644 (file)
@@ -264,17 +264,8 @@ static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
                return NT_STATUS_NO_MEMORY;
        }
 
-       sconn->root_ev_ctx = smbd_impersonate_root_create(sconn->raw_ev_ctx);
-       if (sconn->root_ev_ctx == NULL) {
-               TALLOC_FREE(sconn);
-               return NT_STATUS_NO_MEMORY;
-       }
-       sconn->guest_ev_ctx = smbd_impersonate_guest_create(sconn->raw_ev_ctx);
-       if (sconn->guest_ev_ctx == NULL) {
-               TALLOC_FREE(sconn);
-               return NT_STATUS_NO_MEMORY;
-       }
-
+       sconn->root_ev_ctx = sconn->raw_ev_ctx;
+       sconn->guest_ev_ctx = sconn->raw_ev_ctx;
        sconn->msg_ctx = msg;
 
        conn = conn_new(sconn);
@@ -328,26 +319,7 @@ static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
                vfs_user = get_current_username();
        }
 
-       /*
-        * The impersonation has to be done by the caller
-        * of create_conn_struct_tos[_cwd]().
-        *
-        * Note: the context can't be changed anyway
-        * as we're using our own tevent_context
-        * and not a global one were other requests
-        * could change the current unix token.
-        *
-        * We just use a wrapper tevent_context in order
-        * to avoid crashes because TALLOC_FREE(conn->user_ev_ctx)
-        * would also remove sconn->raw_ev_ctx.
-        */
-       conn->user_ev_ctx = smbd_impersonate_debug_create(sconn->raw_ev_ctx,
-                                                         "FAKE impersonation",
-                                                         DBGLVL_DEBUG);
-       if (conn->user_ev_ctx == NULL) {
-               TALLOC_FREE(conn);
-               return NT_STATUS_NO_MEMORY;
-       }
+       conn->user_ev_ctx = sconn->raw_ev_ctx;
 
        set_conn_connectpath(conn, connpath);
 
index dc95af1..a3571ee 100644 (file)
@@ -3900,8 +3900,6 @@ void smbd_process(struct tevent_context *ev_ctx,
                .ev = ev_ctx,
                .frame = talloc_stackframe(),
        };
-       struct tevent_context *root_ev_ctx = NULL;
-       struct tevent_context *guest_ev_ctx = NULL;
        struct smbXsrv_client *client = NULL;
        struct smbd_server_connection *sconn = NULL;
        struct smbXsrv_connection *xconn = NULL;
@@ -3914,18 +3912,6 @@ void smbd_process(struct tevent_context *ev_ctx,
        char *chroot_dir = NULL;
        int rc;
 
-       root_ev_ctx = smbd_impersonate_root_create(ev_ctx);
-       if (root_ev_ctx == NULL) {
-               DEBUG(0,("smbd_impersonate_root_create() failed\n"));
-               exit_server_cleanly("smbd_impersonate_root_create().\n");
-       }
-
-       guest_ev_ctx = smbd_impersonate_guest_create(ev_ctx);
-       if (guest_ev_ctx == NULL) {
-               DEBUG(0,("smbd_impersonate_guest_create() failed\n"));
-               exit_server_cleanly("smbd_impersonate_guest_create().\n");
-       }
-
        status = smbXsrv_client_create(ev_ctx, ev_ctx, msg_ctx, now, &client);
        if (!NT_STATUS_IS_OK(status)) {
                DBG_ERR("smbXsrv_client_create(): %s\n", nt_errstr(status));
@@ -3946,8 +3932,8 @@ void smbd_process(struct tevent_context *ev_ctx,
        sconn->client = client;
 
        sconn->raw_ev_ctx = ev_ctx;
-       sconn->root_ev_ctx = root_ev_ctx;
-       sconn->guest_ev_ctx = guest_ev_ctx;
+       sconn->root_ev_ctx = ev_ctx;
+       sconn->guest_ev_ctx = ev_ctx;
        sconn->msg_ctx = msg_ctx;
 
        ret = pthreadpool_tevent_init(sconn, lp_aio_max_threads(),
index e7f0a8f..2ce5366 100644 (file)
@@ -307,7 +307,7 @@ static void free_conn_session_info_if_unused(connection_struct *conn)
                }
        }
        /* Not used, safe to free. */
-       TALLOC_FREE(conn->user_ev_ctx);
+       conn->user_ev_ctx = NULL;
        TALLOC_FREE(conn->session_info);
 }
 
@@ -482,23 +482,7 @@ static bool check_user_ok(connection_struct *conn,
                ent->session_info->unix_token->uid = sec_initial_uid();
        }
 
-       if (vuid == UID_FIELD_INVALID) {
-               ent->user_ev_ctx = smbd_impersonate_conn_sess_create(
-                       conn->sconn->raw_ev_ctx, conn, ent->session_info);
-               if (ent->user_ev_ctx == NULL) {
-                       TALLOC_FREE(ent->session_info);
-                       ent->vuid = UID_FIELD_INVALID;
-                       return false;
-               }
-       } else {
-               ent->user_ev_ctx = smbd_impersonate_conn_vuid_create(
-                       conn->sconn->raw_ev_ctx, conn, vuid);
-               if (ent->user_ev_ctx == NULL) {
-                       TALLOC_FREE(ent->session_info);
-                       ent->vuid = UID_FIELD_INVALID;
-                       return false;
-               }
-       }
+       ent->user_ev_ctx = conn->sconn->raw_ev_ctx;
 
        /*
         * It's actually OK to call check_user_ok() with