s3: Fix bug 7779, crash in expand_msdfs

(cherry picked from commit 82e15a5ee335ac87ab473899b333056a02bf15b3)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index f7bfc2a2c5895ae7482b8d97e5de29f265943b2b..3d06c312eebcd1ddd3b9126ca200c3a076dac0a7 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6465,6 +6465,7 @@ bool is_msdfs_link(connection_struct *conn,
                const char *path,
                SMB_STRUCT_STAT *sbufp);
 NTSTATUS get_referred_path(TALLOC_CTX *ctx,
+                       struct auth_serversupplied_info *server_info,
                        const char *dfs_path,
                        struct junction_map *jucn,
                        int *consumedcntp,

diff --git a/source3/librpc/gen_ndr/ndr_secrets.c b/source3/librpc/gen_ndr/ndr_secrets.c
index f9b61454f68e14928023ee2f92e963a4c336102c..2b182db8108f1801b72f332758d7cc7e69a3a510 100644 (file)
--- a/source3/librpc/gen_ndr/ndr_secrets.c
+++ b/source3/librpc/gen_ndr/ndr_secrets.c
@@ -24,7 +24,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_TRUSTED_DOM_PASS(struct ndr_push *ndr, int n
                        NDR_CHECK(ndr_push_trailer_align(ndr, 4));
                }
                if (ndr_flags & NDR_BUFFERS) {
-                       NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->domain_sid));
                }
                ndr->flags = _flags_save_STRUCT;
        }
@@ -52,7 +51,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_TRUSTED_DOM_PASS(struct ndr_pull *ndr, int n
                        NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
                }
                if (ndr_flags & NDR_BUFFERS) {
-                       NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_BUFFERS, &r->domain_sid));
                }
                ndr->flags = _flags_save_STRUCT;
        }

diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c
index dfa33c25a910040cd19ed4c85329d08a14eabb97..2bfbe5e9139cdaa05eb74c96dac6ae070a497375 100644 (file)
--- a/source3/rpc_server/srv_dfs_nt.c
+++ b/source3/rpc_server/srv_dfs_nt.c
@@ -70,7 +70,7 @@ WERROR _dfs_Add(pipes_struct *p, struct dfs_Add *r)
        }
 
        /* The following call can change the cwd. */
-       status = get_referred_path(ctx, r->in.path, jn,
+       status = get_referred_path(ctx, p->server_info, r->in.path, jn,
                        &consumedcnt, &self_ref);
        if(!NT_STATUS_IS_OK(status)) {
                return ntstatus_to_werror(status);
@@ -136,8 +136,9 @@ WERROR _dfs_Remove(pipes_struct *p, struct dfs_Remove *r)
                        r->in.dfs_entry_path, r->in.servername, r->in.sharename));
        }
 
-       if(!NT_STATUS_IS_OK(get_referred_path(ctx, r->in.dfs_entry_path, jn,
-                               &consumedcnt, &self_ref))) {
+       if(!NT_STATUS_IS_OK(get_referred_path(ctx, p->server_info,
+                                             r->in.dfs_entry_path, jn,
+                                             &consumedcnt, &self_ref))) {
                return WERR_DFS_NO_SUCH_VOL;
        }
 
@@ -358,8 +359,9 @@ WERROR _dfs_GetInfo(pipes_struct *p, struct dfs_GetInfo *r)
        }
 
        /* The following call can change the cwd. */
-       if(!NT_STATUS_IS_OK(get_referred_path(ctx, r->in.dfs_entry_path,
-                                       jn, &consumedcnt, &self_ref)) ||
+       if(!NT_STATUS_IS_OK(get_referred_path(ctx, p->server_info,
+                                             r->in.dfs_entry_path,
+                                             jn, &consumedcnt, &self_ref)) ||
                        consumedcnt < strlen(r->in.dfs_entry_path)) {
                return WERR_DFS_NO_SUCH_VOL;
        }

diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 6dfa88692e2b61eeab31254bf39eef1d27ebef11..6a2f756ab7a62dae60b538c34de2f43de4b3065c 100644 (file)
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -795,6 +795,7 @@ static NTSTATUS self_ref(TALLOC_CTX *ctx,
 **********************************************************************/
 
 NTSTATUS get_referred_path(TALLOC_CTX *ctx,
+                       struct auth_serversupplied_info *server_info,
                        const char *dfs_path,
                        struct junction_map *jucn,
                        int *consumedcntp,
@@ -916,7 +917,7 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx,
        }
 
        status = create_conn_struct(ctx, &conn, snum, lp_pathname(snum),
-                                   NULL, &oldpath);
+                                   server_info, &oldpath);
        if (!NT_STATUS_IS_OK(status)) {
                TALLOC_FREE(pdp);
                return status;
@@ -1221,8 +1222,9 @@ int setup_dfs_referral(connection_struct *orig_conn,
        }
 
        /* The following call can change cwd. */
-       *pstatus = get_referred_path(ctx, pathnamep, junction,
-                       &consumedcnt, &self_referral);
+       *pstatus = get_referred_path(ctx, orig_conn->server_info,
+                                    pathnamep, junction,
+                                    &consumedcnt, &self_referral);
        if (!NT_STATUS_IS_OK(*pstatus)) {
                vfs_ChDir(orig_conn,orig_conn->connectpath);
                talloc_destroy(ctx);