From: Jeremy Allison Date: Thu, 7 Oct 2021 21:11:25 +0000 (-0700) Subject: s3: smbd: Ensure when we change security context we delete any $cwd cache. X-Git-Tag: ldb-2.5.0~494 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4fe965836243928ac33eb95a67d3e889fdc15861;p=thirdparty%2Fsamba.git s3: smbd: Ensure when we change security context we delete any $cwd cache. This will ensure we *always* call into the VFS_SMB_CHDIR backends on security context switch. The $cwd was an optimization that was only looking at the raw filesystem path. We could delete it completely but that is a patch for another day. Remove knownfail on regression test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682 RN: vfs_shadow_copy2: core dump in make_relative_path Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Oct 8 21:28:04 UTC 2021 on sn-devel-184 --- diff --git a/selftest/knownfail.d/chdir-cache b/selftest/knownfail.d/chdir-cache deleted file mode 100644 index 571701dcb14..00000000000 --- a/selftest/knownfail.d/chdir-cache +++ /dev/null @@ -1 +0,0 @@ -^samba3.blackbox.chdir-cache.* diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index d6fd11cd4a3..4ccda709528 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -360,6 +360,14 @@ static void set_sec_ctx_internal(uid_t uid, gid_t gid, current_user.ut.ngroups = ngroups; current_user.ut.groups = groups; current_user.nt_user_token = ctx_p->token; + + /* + * Delete any ChDir cache. We can't assume + * the new uid has access to current working + * directory. + * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682 + */ + SAFE_FREE(LastDir); } void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, const struct security_token *token)