s3: smbd: Fix delete-on-close after smb2_find

Both dptr_create() and can_delete_directory_fsp() are calling OpenDir_fsp()
to get a directory handle. This causes an issue when delete-on-close is
set after smb2_find because both directory handle instances share the same
underlying file descriptor. In addition the SMB_ASSERT() in destructor
smb_Dir_destructor() gets triggered.

To avoid this use OpenDir() instead of OpenDir_fsp().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13118

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index cb54be4de76a62e510671bca5dfa720ac12f62a8..19e2964011869b1712f18fa8e410d51053026b51 100644 (file)
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -2128,9 +2128,9 @@ NTSTATUS can_delete_directory_fsp(files_struct *fsp)
        char *talloced = NULL;
        SMB_STRUCT_STAT st;
        struct connection_struct *conn = fsp->conn;
-       struct smb_Dir *dir_hnd = OpenDir_fsp(talloc_tos(),
+       struct smb_Dir *dir_hnd = OpenDir(talloc_tos(),
                                        conn,
-                                       fsp,
+                                       fsp->fsp_name,
                                        NULL,
                                        0);