s3: smbd: have_file_open_below() fails to enumerate open files below an open director...

There are three issues:

1). The memcmp checking that the open file path has the open
directory path as its parent compares using the wrong length
(it uses the full open file path which will never compare as
the same).

2). The files_below_forall() function doesn't fill in the
callback function or callback data when calling share_mode_forall(),
leading to a crash (which we never saw, as the previous issue (1)
meant the callback function would never be invoked).

3). When invoking the callback function from files_below_forall_fn()
we were passing in the wrong private_data pointer (needs to be
the one from the state, not the private_data passed into
files_below_forall_fn()).

Found when running the torture test smb2.rename.rename_dir_openfile
when fixing bug #11065.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11615

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Nov 24 19:36:20 CET 2015 on sn-devel-104

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 09723404e11f4a4382584b5acb916e19cf0c492b..2ab37680b58a546820a0c5c93f08663eaedccee8 100644 (file)
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1912,14 +1912,14 @@ static int files_below_forall_fn(struct file_id fid,
                return 0;
        }
 
-       if (memcmp(state->dirpath, fullpath, len) != 0) {
+       if (memcmp(state->dirpath, fullpath, state->dirpath_len) != 0) {
                /*
                 * Not a parent
                 */
                return 0;
        }
 
-       return state->fn(fid, data, private_data);
+       return state->fn(fid, data, state->private_data);
 }
 
 static int files_below_forall(connection_struct *conn,
@@ -1929,7 +1929,10 @@ static int files_below_forall(connection_struct *conn,
                                        void *private_data),
                              void *private_data)
 {
-       struct files_below_forall_state state = {};
+       struct files_below_forall_state state = {
+                       .fn = fn,
+                       .private_data = private_data,
+       };
        int ret;
        char tmpbuf[PATH_MAX];
        char *to_free;
@@ -1963,7 +1966,9 @@ static int have_file_open_below_fn(struct file_id fid,
 static bool have_file_open_below(connection_struct *conn,
                                 const struct smb_filename *name)
 {
-       struct have_file_open_below_state state = {};
+       struct have_file_open_below_state state = {
+               .found_one = false,
+       };
        int ret;
 
        if (!VALID_STAT(name->st)) {