+++ /dev/null
-From a398754c9bb1639f762979765de6c540c714b5cb Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 20 Mar 2017 11:32:19 -0700
-Subject: [PATCH 01/15] CVE-2017-2619: s3/smbd: re-open directory after
- dptr_CloseDir()
-
-dptr_CloseDir() will close and invalidate the fsp's file descriptor, we
-have to reopen it.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Ralph Bohme <slow@samba.org>
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/open.c | 2 +-
- source3/smbd/proto.h | 2 ++
- source3/smbd/smb2_find.c | 17 +++++++++++++++++
- 3 files changed, 20 insertions(+), 1 deletion(-)
-
-diff --git a/source3/smbd/open.c b/source3/smbd/open.c
-index 441b8cd4362..35eee0a1485 100644
---- a/source3/smbd/open.c
-+++ b/source3/smbd/open.c
-@@ -197,7 +197,7 @@ static NTSTATUS check_base_file_access(struct connection_struct *conn,
- fd support routines - attempt to do a dos_open.
- ****************************************************************************/
-
--static NTSTATUS fd_open(struct connection_struct *conn,
-+NTSTATUS fd_open(struct connection_struct *conn,
- files_struct *fsp,
- int flags,
- mode_t mode)
-diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
-index f5fad2bbb50..594edfa1e98 100644
---- a/source3/smbd/proto.h
-+++ b/source3/smbd/proto.h
-@@ -603,6 +603,8 @@ NTSTATUS smb1_file_se_access_check(connection_struct *conn,
- const struct security_token *token,
- uint32_t access_desired,
- uint32_t *access_granted);
-+NTSTATUS fd_open(struct connection_struct *conn, files_struct *fsp,
-+ int flags, mode_t mode);
- NTSTATUS fd_close(files_struct *fsp);
- void change_file_owner_to_parent(connection_struct *conn,
- const char *inherit_from_dir,
-diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c
-index 6fe6545c128..9dd3176497b 100644
---- a/source3/smbd/smb2_find.c
-+++ b/source3/smbd/smb2_find.c
-@@ -24,6 +24,7 @@
- #include "../libcli/smb/smb_common.h"
- #include "trans2.h"
- #include "../lib/util/tevent_ntstatus.h"
-+#include "system/filesys.h"
-
- static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
-@@ -301,7 +302,23 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
- }
-
- if (in_flags & SMB2_CONTINUE_FLAG_REOPEN) {
-+ int flags;
-+
- dptr_CloseDir(fsp);
-+
-+ /*
-+ * dptr_CloseDir() will close and invalidate the fsp's file
-+ * descriptor, we have to reopen it.
-+ */
-+
-+ flags = O_RDONLY;
-+#ifdef O_DIRECTORY
-+ flags |= O_DIRECTORY;
-+#endif
-+ status = fd_open(conn, fsp, flags, 0);
-+ if (tevent_req_nterror(req, status)) {
-+ return tevent_req_post(req, ev);
-+ }
- }
-
- wcard_has_wild = ms_has_wild(in_file_name);
---
-2.13.5
-
-
-From a35fa98b99aa60132eb2c083d6393c28905e2045 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 28 Feb 2017 09:24:07 -0800
-Subject: [PATCH 02/15] s3: vfs: dirsort doesn't handle opendir of "."
- correctly.
-
-Needs to store $cwd path for correct sorting.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12499
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/modules/vfs_dirsort.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/source3/modules/vfs_dirsort.c b/source3/modules/vfs_dirsort.c
-index 66582e67890..dbcf0b16ed3 100644
---- a/source3/modules/vfs_dirsort.c
-+++ b/source3/modules/vfs_dirsort.c
-@@ -153,6 +153,10 @@ static SMB_STRUCT_DIR *dirsort_opendir(vfs_handle_struct *handle,
- return NULL;
- }
-
-+ if (ISDOT(data->smb_fname->base_name)) {
-+ data->smb_fname->base_name = vfs_GetWd(data, handle->conn);
-+ }
-+
- /* Open the underlying directory and count the number of entries */
- data->source_directory = SMB_VFS_NEXT_OPENDIR(handle, fname, mask,
- attr);
---
-2.13.5
-
-
-From 23d2849d724a0f5bdf51dc7d7db438ed9fb4c2a9 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 13 Mar 2017 13:44:42 -0700
-Subject: [PATCH 03/15] s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open()
- store the same path as streams_xattr_recheck().
-
-If the open is changing directories, fsp->fsp_name->base_name
-will be the full path from the share root, whilst
-smb_fname will be relative to the $cwd.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12546
-
-Back-ported from a24ba3e4083200ec9885363efc5769f43183fb6b
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/modules/vfs_streams_xattr.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
-index 731c813f4d7..be46f8dc1e6 100644
---- a/source3/modules/vfs_streams_xattr.c
-+++ b/source3/modules/vfs_streams_xattr.c
-@@ -511,8 +511,15 @@ static int streams_xattr_open(vfs_handle_struct *handle,
-
- sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
- xattr_name);
-+ /*
-+ * sio->base needs to be a copy of fsp->fsp_name->base_name,
-+ * making it identical to streams_xattr_recheck(). If the
-+ * open is changing directories, fsp->fsp_name->base_name
-+ * will be the full path from the share root, whilst
-+ * smb_fname will be relative to the $cwd.
-+ */
- sio->base = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
-- smb_fname->base_name);
-+ fsp->fsp_name->base_name);
- sio->fsp_name_ptr = fsp->fsp_name;
- sio->handle = handle;
- sio->fsp = fsp;
---
-2.13.5
-
-
-From 91935aaf77c70e3e2436af1d6e4a538d29fd4276 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 13 Mar 2017 13:54:04 -0700
-Subject: [PATCH 04/15] vfs_streams_xattr: use fsp, not base_fsp
-
-The base_fsp's fd is always -1 as it's closed after being openend in
-create_file_unixpath().
-
-Additionally in streams_xattr_open force using of SMB_VFS_FSETXATTR() by
-sticking the just created fd into the fsp (and removing it afterwards).
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12591
-
-Back-ported from 021189e32ba507832b5e821e5cda8a2889225955.
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/modules/vfs_streams_xattr.c | 205 +++++++++++++++++-------------------
- 1 file changed, 99 insertions(+), 106 deletions(-)
-
-diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
-index be46f8dc1e6..a4ab84bba71 100644
---- a/source3/modules/vfs_streams_xattr.c
-+++ b/source3/modules/vfs_streams_xattr.c
-@@ -229,7 +229,7 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp,
- return -1;
- }
-
-- sbuf->st_ex_size = get_xattr_size(handle->conn, fsp->base_fsp,
-+ sbuf->st_ex_size = get_xattr_size(handle->conn, fsp,
- io->base, io->xattr_name);
- if (sbuf->st_ex_size == -1) {
- return -1;
-@@ -364,6 +364,7 @@ static int streams_xattr_open(vfs_handle_struct *handle,
- char *xattr_name = NULL;
- int baseflags;
- int hostfd = -1;
-+ int ret;
-
- DEBUG(10, ("streams_xattr_open called for %s\n",
- smb_fname_str_dbg(smb_fname)));
-@@ -375,133 +376,125 @@ static int streams_xattr_open(vfs_handle_struct *handle,
- /* If the default stream is requested, just open the base file. */
- if (is_ntfs_default_stream_smb_fname(smb_fname)) {
- char *tmp_stream_name;
-- int ret;
-
- tmp_stream_name = smb_fname->stream_name;
- smb_fname->stream_name = NULL;
-
- ret = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
-
-- smb_fname->stream_name = tmp_stream_name;
--
-- return ret;
-- }
-+ smb_fname->stream_name = tmp_stream_name;
-
-- status = streams_xattr_get_name(talloc_tos(), smb_fname->stream_name,
-- &xattr_name);
-- if (!NT_STATUS_IS_OK(status)) {
-- errno = map_errno_from_nt_status(status);
-- goto fail;
-- }
-+ return ret;
-+ }
-
-- /* Create an smb_filename with stream_name == NULL. */
-- status = create_synthetic_smb_fname(talloc_tos(),
-- smb_fname->base_name,
-- NULL, NULL,
-- &smb_fname_base);
-- if (!NT_STATUS_IS_OK(status)) {
-- errno = map_errno_from_nt_status(status);
-- goto fail;
-- }
-+ status = streams_xattr_get_name(talloc_tos(), smb_fname->stream_name,
-+ &xattr_name);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ errno = map_errno_from_nt_status(status);
-+ goto fail;
-+ }
-
-- /*
-- * We use baseflags to turn off nasty side-effects when opening the
-- * underlying file.
-- */
-- baseflags = flags;
-- baseflags &= ~O_TRUNC;
-- baseflags &= ~O_EXCL;
-- baseflags &= ~O_CREAT;
-+ /* Create an smb_filename with stream_name == NULL. */
-+ status = create_synthetic_smb_fname(talloc_tos(),
-+ smb_fname->base_name,
-+ NULL, NULL,
-+ &smb_fname_base);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ errno = map_errno_from_nt_status(status);
-+ goto fail;
-+ }
-
-- hostfd = SMB_VFS_OPEN(handle->conn, smb_fname_base, fsp,
-- baseflags, mode);
-+ /*
-+ * We use baseflags to turn off nasty side-effects when opening the
-+ * underlying file.
-+ */
-+ baseflags = flags;
-+ baseflags &= ~O_TRUNC;
-+ baseflags &= ~O_EXCL;
-+ baseflags &= ~O_CREAT;
-
-- TALLOC_FREE(smb_fname_base);
-+ hostfd = SMB_VFS_OPEN(handle->conn, smb_fname_base, fsp,
-+ baseflags, mode);
-
-- /* It is legit to open a stream on a directory, but the base
-- * fd has to be read-only.
-- */
-- if ((hostfd == -1) && (errno == EISDIR)) {
-- baseflags &= ~O_ACCMODE;
-- baseflags |= O_RDONLY;
-- hostfd = SMB_VFS_OPEN(handle->conn, smb_fname, fsp, baseflags,
-- mode);
-- }
-+ TALLOC_FREE(smb_fname_base);
-
-- if (hostfd == -1) {
-- goto fail;
-- }
-+ /* It is legit to open a stream on a directory, but the base
-+ * fd has to be read-only.
-+ */
-+ if ((hostfd == -1) && (errno == EISDIR)) {
-+ baseflags &= ~O_ACCMODE;
-+ baseflags |= O_RDONLY;
-+ hostfd = SMB_VFS_OPEN(handle->conn, smb_fname, fsp, baseflags,
-+ mode);
-+ }
-
-- status = get_ea_value(talloc_tos(), handle->conn, NULL,
-- smb_fname->base_name, xattr_name, &ea);
-+ if (hostfd == -1) {
-+ goto fail;
-+ }
-
-- DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status)));
-+ status = get_ea_value(talloc_tos(), handle->conn, NULL,
-+ smb_fname->base_name, xattr_name, &ea);
-
-- if (!NT_STATUS_IS_OK(status)
-- && !NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
-- /*
-- * The base file is not there. This is an error even if we got
-- * O_CREAT, the higher levels should have created the base
-- * file for us.
-- */
-- DEBUG(10, ("streams_xattr_open: base file %s not around, "
-- "returning ENOENT\n", smb_fname->base_name));
-- errno = ENOENT;
-- goto fail;
-- }
-+ DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status)));
-
-- if (!NT_STATUS_IS_OK(status)) {
-- /*
-- * The attribute does not exist
-- */
-+ if (!NT_STATUS_IS_OK(status)
-+ && !NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
-+ /*
-+ * The base file is not there. This is an error even if we got
-+ * O_CREAT, the higher levels should have created the base
-+ * file for us.
-+ */
-+ DEBUG(10, ("streams_xattr_open: base file %s not around, "
-+ "returning ENOENT\n", smb_fname->base_name));
-+ errno = ENOENT;
-+ goto fail;
-+ }
-
-- if (flags & O_CREAT) {
-+ if (!NT_STATUS_IS_OK(status)) {
- /*
-- * Darn, xattrs need at least 1 byte
-+ * The attribute does not exist
- */
-- char null = '\0';
-
-- DEBUG(10, ("creating attribute %s on file %s\n",
-- xattr_name, smb_fname->base_name));
-+ if (flags & O_CREAT) {
-+ /*
-+ * Darn, xattrs need at least 1 byte
-+ */
-+ char null = '\0';
-+
-+ DEBUG(10, ("creating attribute %s on file %s\n",
-+ xattr_name, smb_fname->base_name));
-+
-+ fsp->fh->fd = hostfd;
-+ ret = SMB_VFS_FSETXATTR(fsp, xattr_name,
-+ &null, sizeof(null),
-+ flags & O_EXCL ? XATTR_CREATE : 0);
-+ fsp->fh->fd = -1;
-+ if (ret != 0) {
-+ goto fail;
-+ }
-+ }
-+ }
-
-+ if (flags & O_TRUNC) {
-+ char null = '\0';
- if (fsp->base_fsp->fh->fd != -1) {
-- if (SMB_VFS_FSETXATTR(
-- fsp->base_fsp, xattr_name,
-- &null, sizeof(null),
-- flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
-+ if (SMB_VFS_FSETXATTR(
-+ fsp->base_fsp, xattr_name,
-+ &null, sizeof(null),
-+ flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
- goto fail;
- }
- } else {
-- if (SMB_VFS_SETXATTR(
-- handle->conn, smb_fname->base_name,
-- xattr_name, &null, sizeof(null),
-- flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
-+ if (SMB_VFS_SETXATTR(
-+ handle->conn, smb_fname->base_name,
-+ xattr_name, &null, sizeof(null),
-+ flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
- goto fail;
- }
- }
- }
-- }
--
-- if (flags & O_TRUNC) {
-- char null = '\0';
-- if (fsp->base_fsp->fh->fd != -1) {
-- if (SMB_VFS_FSETXATTR(
-- fsp->base_fsp, xattr_name,
-- &null, sizeof(null),
-- flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
-- goto fail;
-- }
-- } else {
-- if (SMB_VFS_SETXATTR(
-- handle->conn, smb_fname->base_name,
-- xattr_name, &null, sizeof(null),
-- flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
-- goto fail;
-- }
-- }
-- }
-
-- sio = (struct stream_io *)VFS_ADD_FSP_EXTENSION(handle, fsp,
-+ sio = (struct stream_io *)VFS_ADD_FSP_EXTENSION(handle, fsp,
- struct stream_io,
- NULL);
- if (sio == NULL) {
-@@ -868,7 +861,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
- return -1;
- }
-
-- status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp,
-+ status = get_ea_value(talloc_tos(), handle->conn, fsp,
- sio->base, sio->xattr_name, &ea);
- if (!NT_STATUS_IS_OK(status)) {
- return -1;
-@@ -892,13 +885,13 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
-
- memcpy(ea.value.data + offset, data, n);
-
-- if (fsp->base_fsp->fh->fd != -1) {
-- ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
-+ if (fsp->fh->fd != -1) {
-+ ret = SMB_VFS_FSETXATTR(fsp,
- sio->xattr_name,
- ea.value.data, ea.value.length, 0);
- } else {
- ret = SMB_VFS_SETXATTR(fsp->conn,
-- fsp->base_fsp->fsp_name->base_name,
-+ fsp->fsp_name->base_name,
- sio->xattr_name,
- ea.value.data, ea.value.length, 0);
- }
-@@ -932,7 +925,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle,
- return -1;
- }
-
-- status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp,
-+ status = get_ea_value(talloc_tos(), handle->conn, fsp,
- sio->base, sio->xattr_name, &ea);
- if (!NT_STATUS_IS_OK(status)) {
- return -1;
-@@ -977,7 +970,7 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle,
- return -1;
- }
-
-- status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp,
-+ status = get_ea_value(talloc_tos(), handle->conn, fsp,
- sio->base, sio->xattr_name, &ea);
- if (!NT_STATUS_IS_OK(status)) {
- return -1;
-@@ -1002,13 +995,13 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle,
- ea.value.length = offset + 1;
- ea.value.data[offset] = 0;
-
-- if (fsp->base_fsp->fh->fd != -1) {
-- ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
-+ if (fsp->fh->fd != -1) {
-+ ret = SMB_VFS_FSETXATTR(fsp,
- sio->xattr_name,
- ea.value.data, ea.value.length, 0);
- } else {
- ret = SMB_VFS_SETXATTR(fsp->conn,
-- fsp->base_fsp->fsp_name->base_name,
-+ fsp->fsp_name->base_name,
- sio->xattr_name,
- ea.value.data, ea.value.length, 0);
- }
---
-2.13.5
-
-
-From 3f3c731faaa59f4d3ce7e49c12795c40e048d29f Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 19 Dec 2016 11:55:56 -0800
-Subject: [PATCH 05/15] s3: smbd: Create wrapper function for OpenDir in
- preparation for making robust.
-
-CVE-2017-2619
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/dir.c | 15 ++++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index 18ecf066824..ebe2641f813 100644
---- a/source3/smbd/dir.c
-+++ b/source3/smbd/dir.c
-@@ -1367,7 +1367,8 @@ static int smb_Dir_destructor(struct smb_Dir *dirp)
- Open a directory.
- ********************************************************************/
-
--struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
-+static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
-+ connection_struct *conn,
- const char *name,
- const char *mask,
- uint32 attr)
-@@ -1407,6 +1408,18 @@ struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
- return NULL;
- }
-
-+struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
-+ const char *name,
-+ const char *mask,
-+ uint32_t attr)
-+{
-+ return OpenDir_internal(mem_ctx,
-+ conn,
-+ name,
-+ mask,
-+ attr);
-+}
-+
- /*******************************************************************
- Open a directory from an fsp.
- ********************************************************************/
---
-2.13.5
-
-
-From 7efeb067c1586e0f1cfbb775b1efcb3b92005140 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 19 Dec 2016 16:25:26 -0800
-Subject: [PATCH 06/15] s3: smbd: Opendir_internal() early return if
- SMB_VFS_OPENDIR failed.
-
-CVE-2017-2619
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/dir.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index ebe2641f813..65327dd0dd1 100644
---- a/source3/smbd/dir.c
-+++ b/source3/smbd/dir.c
-@@ -1380,6 +1380,13 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
- return NULL;
- }
-
-+ dirp->dir = SMB_VFS_OPENDIR(conn, name, mask, attr);
-+ if (!dirp->dir) {
-+ DEBUG(5,("OpenDir: Can't open %s. %s\n", name,
-+ strerror(errno) ));
-+ goto fail;
-+ }
-+
- dirp->conn = conn;
- dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn));
-
-@@ -1394,13 +1401,6 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
- }
- talloc_set_destructor(dirp, smb_Dir_destructor);
-
-- dirp->dir = SMB_VFS_OPENDIR(conn, dirp->dir_path, mask, attr);
-- if (!dirp->dir) {
-- DEBUG(5,("OpenDir: Can't open %s. %s\n", dirp->dir_path,
-- strerror(errno) ));
-- goto fail;
-- }
--
- return dirp;
-
- fail:
---
-2.13.5
-
-
-From 49d22a0c51ef1f78f0488a7c35131887704e987b Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 19 Dec 2016 16:35:00 -0800
-Subject: [PATCH 07/15] s3: smbd: Create and use open_dir_safely(). Use from
- OpenDir().
-
-Hardens OpenDir against TOC/TOU races.
-
-CVE-2017-2619
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/dir.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++------
- 1 file changed, 59 insertions(+), 7 deletions(-)
-
-diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index 65327dd0dd1..2d168c3ba9f 100644
---- a/source3/smbd/dir.c
-+++ b/source3/smbd/dir.c
-@@ -1390,12 +1390,6 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
- dirp->conn = conn;
- dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn));
-
-- dirp->dir_path = talloc_strdup(dirp, name);
-- if (!dirp->dir_path) {
-- errno = ENOMEM;
-- goto fail;
-- }
--
- if (sconn && !sconn->using_smb2) {
- sconn->searches.dirhandles_open++;
- }
-@@ -1408,12 +1402,70 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
- return NULL;
- }
-
-+/****************************************************************************
-+ Open a directory handle by pathname, ensuring it's under the share path.
-+****************************************************************************/
-+
-+static struct smb_Dir *open_dir_safely(TALLOC_CTX *ctx,
-+ connection_struct *conn,
-+ const char *name,
-+ const char *wcard,
-+ uint32_t attr)
-+{
-+ struct smb_Dir *dir_hnd = NULL;
-+ char *saved_dir = vfs_GetWd(ctx, conn);
-+ NTSTATUS status;
-+
-+ if (saved_dir == NULL) {
-+ return NULL;
-+ }
-+
-+ if (vfs_ChDir(conn, name) == -1) {
-+ goto out;
-+ }
-+
-+ /*
-+ * Now the directory is pinned, use
-+ * REALPATH to ensure we can access it.
-+ */
-+ status = check_name(conn, ".");
-+ if (!NT_STATUS_IS_OK(status)) {
-+ goto out;
-+ }
-+
-+ dir_hnd = OpenDir_internal(ctx,
-+ conn,
-+ ".",
-+ wcard,
-+ attr);
-+
-+ if (dir_hnd == NULL) {
-+ goto out;
-+ }
-+
-+ /*
-+ * OpenDir_internal only gets "." as the dir name.
-+ * Store the real dir name here.
-+ */
-+
-+ dir_hnd->dir_path = talloc_strdup(dir_hnd, name);
-+ if (!dir_hnd->dir_path) {
-+ errno = ENOMEM;
-+ }
-+
-+ out:
-+
-+ vfs_ChDir(conn, saved_dir);
-+ TALLOC_FREE(saved_dir);
-+ return dir_hnd;
-+}
-+
- struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
- const char *name,
- const char *mask,
- uint32_t attr)
- {
-- return OpenDir_internal(mem_ctx,
-+ return open_dir_safely(mem_ctx,
- conn,
- name,
- mask,
---
-2.13.5
-
-
-From 6426ae1f9ef53158a6fbe1912dfec40d834115fe Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 19 Dec 2016 12:13:20 -0800
-Subject: [PATCH 08/15] s3: smbd: OpenDir_fsp() use early returns.
-
-CVE-2017-2619
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/dir.c | 34 +++++++++++++++++++++-------------
- 1 file changed, 21 insertions(+), 13 deletions(-)
-
-diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index 2d168c3ba9f..6aed4a6da46 100644
---- a/source3/smbd/dir.c
-+++ b/source3/smbd/dir.c
-@@ -1485,7 +1485,17 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
- struct smbd_server_connection *sconn = conn->sconn;
-
- if (!dirp) {
-- return NULL;
-+ goto fail;
-+ }
-+
-+ if (!fsp->is_directory) {
-+ errno = EBADF;
-+ goto fail;
-+ }
-+
-+ if (fsp->fh->fd == -1) {
-+ errno = EBADF;
-+ goto fail;
- }
-
- dirp->conn = conn;
-@@ -1502,18 +1512,16 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
- }
- talloc_set_destructor(dirp, smb_Dir_destructor);
-
-- if (fsp->is_directory && fsp->fh->fd != -1) {
-- dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr);
-- if (dirp->dir != NULL) {
-- dirp->fsp = fsp;
-- } else {
-- DEBUG(10,("OpenDir_fsp: SMB_VFS_FDOPENDIR on %s returned "
-- "NULL (%s)\n",
-- dirp->dir_path,
-- strerror(errno)));
-- if (errno != ENOSYS) {
-- return NULL;
-- }
-+ dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr);
-+ if (dirp->dir != NULL) {
-+ dirp->fsp = fsp;
-+ } else {
-+ DEBUG(10,("OpenDir_fsp: SMB_VFS_FDOPENDIR on %s returned "
-+ "NULL (%s)\n",
-+ dirp->dir_path,
-+ strerror(errno)));
-+ if (errno != ENOSYS) {
-+ return NULL;
- }
- }
-
---
-2.13.5
-
-
-From f6581858ce665b880c5fea465ec61b1b0c504d89 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 19 Dec 2016 12:15:59 -0800
-Subject: [PATCH 09/15] s3: smbd: OpenDir_fsp() - Fix memory leak on error.
-
-CVE-2017-2619
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/dir.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index 6aed4a6da46..efd1a73aab6 100644
---- a/source3/smbd/dir.c
-+++ b/source3/smbd/dir.c
-@@ -1521,7 +1521,7 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
- dirp->dir_path,
- strerror(errno)));
- if (errno != ENOSYS) {
-- return NULL;
-+ goto fail;
- }
- }
-
---
-2.13.5
-
-
-From bacba6987e58d44886d04b1dd5e36f7781dcd9b0 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 19 Dec 2016 12:32:07 -0800
-Subject: [PATCH 10/15] s3: smbd: Move the reference counting and destructor
- setup to just before retuning success.
-
-CVE-2017-2619
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/dir.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index efd1a73aab6..5eca128c033 100644
---- a/source3/smbd/dir.c
-+++ b/source3/smbd/dir.c
-@@ -1507,11 +1507,6 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
- goto fail;
- }
-
-- if (sconn && !sconn->using_smb2) {
-- sconn->searches.dirhandles_open++;
-- }
-- talloc_set_destructor(dirp, smb_Dir_destructor);
--
- dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr);
- if (dirp->dir != NULL) {
- dirp->fsp = fsp;
-@@ -1536,6 +1531,11 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
- goto fail;
- }
-
-+ if (sconn && !sconn->using_smb2) {
-+ sconn->searches.dirhandles_open++;
-+ }
-+ talloc_set_destructor(dirp, smb_Dir_destructor);
-+
- return dirp;
-
- fail:
---
-2.13.5
-
-
-From 34b3d05b55f5c40de76ba65d6b028818518a519f Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 19 Dec 2016 12:35:32 -0800
-Subject: [PATCH 11/15] s3: smbd: Correctly fallback to open_dir_safely if
- FDOPENDIR not supported on system.
-
-CVE-2017-2619
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/dir.c | 15 +++++++--------
- 1 file changed, 7 insertions(+), 8 deletions(-)
-
-diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index 5eca128c033..7690cb18c1a 100644
---- a/source3/smbd/dir.c
-+++ b/source3/smbd/dir.c
-@@ -1521,14 +1521,13 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
- }
-
- if (dirp->dir == NULL) {
-- /* FDOPENDIR didn't work. Use OPENDIR instead. */
-- dirp->dir = SMB_VFS_OPENDIR(conn, dirp->dir_path, mask, attr);
-- }
--
-- if (!dirp->dir) {
-- DEBUG(5,("OpenDir_fsp: Can't open %s. %s\n", dirp->dir_path,
-- strerror(errno) ));
-- goto fail;
-+ /* FDOPENDIR is not supported. Use OPENDIR instead. */
-+ TALLOC_FREE(dirp);
-+ return open_dir_safely(mem_ctx,
-+ conn,
-+ fsp->fsp_name->base_name,
-+ mask,
-+ attr);
- }
-
- if (sconn && !sconn->using_smb2) {
---
-2.13.5
-
-
-From 84bc8b232a4495bff270b7800833ef6785937576 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Thu, 15 Dec 2016 12:52:13 -0800
-Subject: [PATCH 12/15] s3: smbd: Remove O_NOFOLLOW guards. We insist on
- O_NOFOLLOW existing.
-
-CVE-2017-2619
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/open.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/source3/smbd/open.c b/source3/smbd/open.c
-index 35eee0a1485..8417f8aca4a 100644
---- a/source3/smbd/open.c
-+++ b/source3/smbd/open.c
-@@ -205,8 +205,7 @@ NTSTATUS fd_open(struct connection_struct *conn,
- struct smb_filename *smb_fname = fsp->fsp_name;
- NTSTATUS status = NT_STATUS_OK;
-
--#ifdef O_NOFOLLOW
-- /*
-+ /*
- * Never follow symlinks on a POSIX client. The
- * client should be doing this.
- */
-@@ -214,7 +213,6 @@ NTSTATUS fd_open(struct connection_struct *conn,
- if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
- flags |= O_NOFOLLOW;
- }
--#endif
-
- fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
- if (fsp->fh->fd == -1) {
---
-2.13.5
-
-
-From af0c5a266ae65ad2a638fe48a7ad7d77417f97d7 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Thu, 15 Dec 2016 12:56:08 -0800
-Subject: [PATCH 13/15] s3: smbd: Move special handling of symlink errno's into
- a utility function.
-
-CVE-2017-2619
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/open.c | 30 ++++++++++++++++++++++++++++--
- 1 file changed, 28 insertions(+), 2 deletions(-)
-
-diff --git a/source3/smbd/open.c b/source3/smbd/open.c
-index 8417f8aca4a..e727e89e9d8 100644
---- a/source3/smbd/open.c
-+++ b/source3/smbd/open.c
-@@ -194,6 +194,31 @@ static NTSTATUS check_base_file_access(struct connection_struct *conn,
- }
-
- /****************************************************************************
-+ Handle differing symlink errno's
-+****************************************************************************/
-+
-+static int link_errno_convert(int err)
-+{
-+#if defined(ENOTSUP) && defined(OSF1)
-+ /* handle special Tru64 errno */
-+ if (err == ENOTSUP) {
-+ err = ELOOP;
-+ }
-+#endif /* ENOTSUP */
-+#ifdef EFTYPE
-+ /* fix broken NetBSD errno */
-+ if (err == EFTYPE) {
-+ err = ELOOP;
-+ }
-+#endif /* EFTYPE */
-+ /* fix broken FreeBSD errno */
-+ if (err == EMLINK) {
-+ err = ELOOP;
-+ }
-+ return err;
-+}
-+
-+/****************************************************************************
- fd support routines - attempt to do a dos_open.
- ****************************************************************************/
-
-@@ -216,8 +241,9 @@ NTSTATUS fd_open(struct connection_struct *conn,
-
- fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
- if (fsp->fh->fd == -1) {
-- status = map_nt_error_from_unix(errno);
-- if (errno == EMFILE) {
-+ int posix_errno = link_errno_convert(errno);
-+ status = map_nt_error_from_unix(posix_errno);
-+ if (posix_errno == EMFILE) {
- static time_t last_warned = 0L;
-
- if (time((time_t *) NULL) > last_warned) {
---
-2.13.5
-
-
-From c3bc4ff0367d7a3ebfd64db6defddea0bc3a5f4a Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Thu, 15 Dec 2016 13:04:46 -0800
-Subject: [PATCH 14/15] s3: smbd: Add the core functions to prevent symlink
- open races.
-
-CVE-2017-2619
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/open.c | 242 ++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 242 insertions(+)
-
-diff --git a/source3/smbd/open.c b/source3/smbd/open.c
-index e727e89e9d8..0998adc416a 100644
---- a/source3/smbd/open.c
-+++ b/source3/smbd/open.c
-@@ -218,6 +218,248 @@ static int link_errno_convert(int err)
- return err;
- }
-
-+static int non_widelink_open(struct connection_struct *conn,
-+ const char *conn_rootdir,
-+ files_struct *fsp,
-+ struct smb_filename *smb_fname,
-+ int flags,
-+ mode_t mode,
-+ unsigned int link_depth);
-+
-+/****************************************************************************
-+ Follow a symlink in userspace.
-+****************************************************************************/
-+
-+static int process_symlink_open(struct connection_struct *conn,
-+ const char *conn_rootdir,
-+ files_struct *fsp,
-+ struct smb_filename *smb_fname,
-+ int flags,
-+ mode_t mode,
-+ unsigned int link_depth)
-+{
-+ int fd = -1;
-+ char *link_target = NULL;
-+ int link_len = -1;
-+ char *oldwd = NULL;
-+ size_t rootdir_len = 0;
-+ char *resolved_name = NULL;
-+ bool matched = false;
-+ int saved_errno = 0;
-+
-+ /*
-+ * Ensure we don't get stuck in a symlink loop.
-+ */
-+ link_depth++;
-+ if (link_depth >= 20) {
-+ errno = ELOOP;
-+ goto out;
-+ }
-+
-+ /* Allocate space for the link target. */
-+ link_target = talloc_array(talloc_tos(), char, PATH_MAX);
-+ if (link_target == NULL) {
-+ errno = ENOMEM;
-+ goto out;
-+ }
-+
-+ /* Read the link target. */
-+ link_len = SMB_VFS_READLINK(conn,
-+ smb_fname->base_name,
-+ link_target,
-+ PATH_MAX - 1);
-+ if (link_len == -1) {
-+ goto out;
-+ }
-+
-+ /* Ensure it's at least null terminated. */
-+ link_target[link_len] = '\0';
-+
-+ /* Convert to an absolute path. */
-+ resolved_name = SMB_VFS_REALPATH(conn, link_target);
-+ if (resolved_name == NULL) {
-+ goto out;
-+ }
-+
-+ /*
-+ * We know conn_rootdir starts with '/' and
-+ * does not end in '/'. FIXME ! Should we
-+ * smb_assert this ?
-+ */
-+ rootdir_len = strlen(conn_rootdir);
-+
-+ matched = (strncmp(conn_rootdir, resolved_name, rootdir_len) == 0);
-+ if (!matched) {
-+ errno = EACCES;
-+ goto out;
-+ }
-+
-+ /*
-+ * Turn into a path relative to the share root.
-+ */
-+ if (resolved_name[rootdir_len] == '\0') {
-+ /* Link to the root of the share. */
-+ smb_fname->base_name = talloc_strdup(talloc_tos(), ".");
-+ if (smb_fname->base_name == NULL) {
-+ errno = ENOMEM;
-+ goto out;
-+ }
-+ } else if (resolved_name[rootdir_len] == '/') {
-+ smb_fname->base_name = &resolved_name[rootdir_len+1];
-+ } else {
-+ errno = EACCES;
-+ goto out;
-+ }
-+
-+ oldwd = vfs_GetWd(talloc_tos(), conn);
-+ if (oldwd == NULL) {
-+ goto out;
-+ }
-+
-+ /* Ensure we operate from the root of the share. */
-+ if (vfs_ChDir(conn, conn_rootdir) == -1) {
-+ goto out;
-+ }
-+
-+ /* And do it all again.. */
-+ fd = non_widelink_open(conn,
-+ conn_rootdir,
-+ fsp,
-+ smb_fname,
-+ flags,
-+ mode,
-+ link_depth);
-+ if (fd == -1) {
-+ saved_errno = errno;
-+ }
-+
-+ out:
-+
-+ SAFE_FREE(resolved_name);
-+ TALLOC_FREE(link_target);
-+ if (oldwd != NULL) {
-+ int ret = vfs_ChDir(conn, oldwd);
-+ if (ret == -1) {
-+ smb_panic("unable to get back to old directory\n");
-+ }
-+ TALLOC_FREE(oldwd);
-+ }
-+ if (saved_errno != 0) {
-+ errno = saved_errno;
-+ }
-+ return fd;
-+}
-+
-+/****************************************************************************
-+ Non-widelink open.
-+****************************************************************************/
-+
-+static int non_widelink_open(struct connection_struct *conn,
-+ const char *conn_rootdir,
-+ files_struct *fsp,
-+ struct smb_filename *smb_fname,
-+ int flags,
-+ mode_t mode,
-+ unsigned int link_depth)
-+{
-+ NTSTATUS status;
-+ int fd = -1;
-+ struct smb_filename *smb_fname_rel = NULL;
-+ int saved_errno = 0;
-+ char *oldwd = NULL;
-+ char *parent_dir = NULL;
-+ const char *final_component = NULL;
-+
-+ if (!parent_dirname(talloc_tos(),
-+ smb_fname->base_name,
-+ &parent_dir,
-+ &final_component)) {
-+ goto out;
-+ }
-+
-+ oldwd = vfs_GetWd(talloc_tos(), conn);
-+ if (oldwd == NULL) {
-+ goto out;
-+ }
-+
-+ /* Pin parent directory in place. */
-+ if (vfs_ChDir(conn, parent_dir) == -1) {
-+ goto out;
-+ }
-+
-+ /* Ensure the relative path is below the share. */
-+ status = check_reduced_name(conn, final_component);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ saved_errno = map_errno_from_nt_status(status);
-+ goto out;
-+ }
-+
-+ status = create_synthetic_smb_fname(talloc_tos(),
-+ final_component,
-+ smb_fname->stream_name,
-+ &smb_fname->st,
-+ &smb_fname_rel);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ saved_errno = map_errno_from_nt_status(status);
-+ goto out;
-+ }
-+
-+ flags |= O_NOFOLLOW;
-+
-+ {
-+ struct smb_filename *tmp_name = fsp->fsp_name;
-+ fsp->fsp_name = smb_fname_rel;
-+ fd = SMB_VFS_OPEN(conn, smb_fname_rel, fsp, flags, mode);
-+ fsp->fsp_name = tmp_name;
-+ }
-+
-+ if (fd == -1) {
-+ saved_errno = link_errno_convert(errno);
-+ if (saved_errno == ELOOP) {
-+ if (fsp->posix_open) {
-+ /* Never follow symlinks on posix open. */
-+ goto out;
-+ }
-+ if (!lp_symlinks(SNUM(conn))) {
-+ /* Explicitly no symlinks. */
-+ goto out;
-+ }
-+ /*
-+ * We have a symlink. Follow in userspace
-+ * to ensure it's under the share definition.
-+ */
-+ fd = process_symlink_open(conn,
-+ conn_rootdir,
-+ fsp,
-+ smb_fname_rel,
-+ flags,
-+ mode,
-+ link_depth);
-+ if (fd == -1) {
-+ saved_errno =
-+ link_errno_convert(errno);
-+ }
-+ }
-+ }
-+
-+ out:
-+
-+ TALLOC_FREE(parent_dir);
-+ TALLOC_FREE(smb_fname_rel);
-+
-+ if (oldwd != NULL) {
-+ int ret = vfs_ChDir(conn, oldwd);
-+ if (ret == -1) {
-+ smb_panic("unable to get back to old directory\n");
-+ }
-+ TALLOC_FREE(oldwd);
-+ }
-+ if (saved_errno != 0) {
-+ errno = saved_errno;
-+ }
-+ return fd;
-+}
-+
- /****************************************************************************
- fd support routines - attempt to do a dos_open.
- ****************************************************************************/
---
-2.13.5
-
-
-From 6a88d1cf3deb54a784f50c8eba3b9a24a65c1b34 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Thu, 15 Dec 2016 13:06:31 -0800
-Subject: [PATCH 15/15] s3: smbd: Use the new non_widelink_open() function.
-
-CVE-2017-2619
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/open.c | 23 ++++++++++++++++++++++-
- 1 file changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/source3/smbd/open.c b/source3/smbd/open.c
-index 0998adc416a..65ca14ec8b8 100644
---- a/source3/smbd/open.c
-+++ b/source3/smbd/open.c
-@@ -481,7 +481,28 @@ NTSTATUS fd_open(struct connection_struct *conn,
- flags |= O_NOFOLLOW;
- }
-
-- fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
-+ /* Ensure path is below share definition. */
-+ if (!lp_widelinks(SNUM(conn))) {
-+ const char *conn_rootdir = SMB_VFS_CONNECTPATH(conn,
-+ smb_fname->base_name);
-+ if (conn_rootdir == NULL) {
-+ return NT_STATUS_NO_MEMORY;
-+ }
-+ /*
-+ * Only follow symlinks within a share
-+ * definition.
-+ */
-+ fsp->fh->fd = non_widelink_open(conn,
-+ conn_rootdir,
-+ fsp,
-+ smb_fname,
-+ flags,
-+ mode,
-+ 0);
-+ } else {
-+ fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
-+ }
-+
- if (fsp->fh->fd == -1) {
- int posix_errno = link_errno_convert(errno);
- status = map_nt_error_from_unix(posix_errno);
---
-2.13.5
-
projects / ipfire-2.x.git / blobdiff