s3/smbd: If we fail to close file_handle ensure we should reset the fd

if fsp_flags.fstat_before_close == true then close_file_smb will call
vfs_stat which can fail. If it does fail then the fd associated
with the file handle will still be set (and we will hit an assert
is the file handle destructor) when calling file_free.
We need to set fd to -1 to avoid that. To achieve that we capture and
return the vfs_stat_fsp failure status while still processing the rest
of the fd_close logic.

[2024/02/20 09:23:48.454671,  0, pid=9744] ../../source3/smbd/smb2_close.c:226(smbd_smb2_close)
  smbd_smb2_close: close_file[]: NT_STATUS_ACCESS_DENIED
[2024/02/20 09:23:48.454757,  0, pid=9744] ../../source3/smbd/fd_handle.c:40(fd_handle_destructor)
  PANIC: assert failed at ../../source3/smbd/fd_handle.c(40): (fh->fd == -1) || (fh->fd == AT_FDCWD)
[2024/02/20 09:23:48.454781,  0, pid=9744] ../../lib/util/fault.c:178(smb_panic_log)
  ===============================================================
[2024/02/20 09:23:48.454804,  0, pid=9744] ../../lib/util/fault.c:185(smb_panic_log)
  INTERNAL ERROR: assert failed: (fh->fd == -1) || (fh->fd == AT_FDCWD) in smbd (smbd[192.168.10) (client [192.168.100.15]) pid 9744 (4.21.0pre1-DEVELOPERBUILD)
[2024/02/20 09:23:48.454844,  0, pid=9744] ../../lib/util/fault.c:190(smb_panic_log)
  If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
[2024/02/20 09:23:48.454869,  0, pid=9744] ../../lib/util/fault.c:191(smb_panic_log)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Mar 13 10:34:45 UTC 2024 on atb-devel-224

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index ac8b0c6194f69603fd0a397dd699ecb0076d0ada..bd397376d2632d862bc573aaea6963f74ef7c29d 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -943,7 +943,7 @@ NTSTATUS fd_openat(const struct files_struct *dirfsp,
 
 NTSTATUS fd_close(files_struct *fsp)
 {
-       NTSTATUS status;
+       NTSTATUS stat_status = NT_STATUS_OK;
        int ret;
 
        if (fsp == fsp->conn->cwd_fsp) {
@@ -951,10 +951,12 @@ NTSTATUS fd_close(files_struct *fsp)
        }
 
        if (fsp->fsp_flags.fstat_before_close) {
-               status = vfs_stat_fsp(fsp);
-               if (!NT_STATUS_IS_OK(status)) {
-                       return status;
-               }
+               /*
+                * capture status, if failure
+                * continue close processing
+                * and return status
+                */
+               stat_status = vfs_stat_fsp(fsp);
        }
 
        if (fsp->dptr) {
@@ -976,7 +978,7 @@ NTSTATUS fd_close(files_struct *fsp)
        if (ret == -1) {
                return map_nt_error_from_unix(errno);
        }
-       return NT_STATUS_OK;
+       return stat_status;
 }
 
 /****************************************************************************