From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Feb 2016 15:19:56 +0000 (+0100)
Subject: smbd: Simplify chroot option in smbd
X-Git-Tag: tevent-0.9.27~16
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=92afa1b165841356d6a3fb2ac44d9a5460bffea5;p=thirdparty%2Fsamba.git

smbd: Simplify chroot option in smbd

rpmlint has a check for this and prefers to call chdir() before
chroot(). If not it will complain with
missing-call-to-chdir-with-chroot. The old code equivalent secure. See

    http://unixwiz.net/techtips/chroot-practices.html

This removes several unneeded talloc_tos() calls.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 13 03:50:54 CET 2016 on sn-devel-144
---

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 25c6d0539bc..34939f088f8 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -3903,6 +3903,8 @@ void smbd_process(struct tevent_context *ev_ctx,
 	NTSTATUS status;
 	struct timeval tv = timeval_current();
 	NTTIME now = timeval_to_nttime(&tv);
+	char *chroot_dir = NULL;
+	int rc;
 
 	status = smbXsrv_client_create(ev_ctx, ev_ctx, msg_ctx, now, &client);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -4024,17 +4026,22 @@ void smbd_process(struct tevent_context *ev_ctx,
 		exit_server("Could not open account policy tdb.\n");
 	}
 
-	if (*lp_root_directory(talloc_tos())) {
-		if (chroot(lp_root_directory(talloc_tos())) != 0) {
-			DEBUG(0,("Failed to change root to %s\n",
-				 lp_root_directory(talloc_tos())));
-			exit_server("Failed to chroot()");
+	chroot_dir = lp_root_directory(talloc_tos());
+	if (chroot_dir[0] != '\0') {
+		rc = chdir(chroot_dir);
+		if (rc != 0) {
+			DBG_ERR("Failed to chdir to %s\n", chroot_dir);
+			exit_server("Failed to chdir()");
 		}
-		if (chdir("/") == -1) {
-			DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_root_directory(talloc_tos())));
+
+		rc = chroot(chroot_dir);
+		if (rc != 0) {
+			DBG_ERR("Failed to change root to %s\n", chroot_dir);
 			exit_server("Failed to chroot()");
 		}
-		DEBUG(0,("Changed root to %s\n", lp_root_directory(talloc_tos())));
+		DBG_WARNING("Changed root to %s\n", chroot_dir);
+
+		TALLOC_FREE(chroot_dir);
 	}
 
 	if (!file_init(sconn)) {