[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Mon Oct 29 09:27:02 MDT 2012
The branch, master has been updated
via 3a4b755 Fix bug #9329 - Directory listing with SeBackup can crash smbd.
from 334044f packaging: Move smbprint to a comman location.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3a4b755ce5b4be1981d12d5b6f3eb563ef079707
Author: Jeremy Allison <jra at samba.org>
Date: Thu Oct 25 17:07:29 2012 -0700
Fix bug #9329 - Directory listing with SeBackup can crash smbd.
When we do a become_root()/unbecome_root() pair to temporarily
raise privilege, this NULLs out the NT token. If we're within
a become_root()/unbecome_root() pair then return the previous
token on the stack as our NT token. This is what we should be
using to check against NT ACLs in the file server. This copes
with security context changing when removing a file on close
under the context of another user (when 2 users have a file
open, one sets delete on close and then the other user has
to actually do the delete).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Mon Oct 29 16:26:20 CET 2012 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/proto.h | 1 +
source3/smbd/sec_ctx.c | 25 +++++++++++++++++++++++++
source3/smbd/uid.c | 12 +++++++++++-
3 files changed, 37 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index d218184..c80ef14 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -952,6 +952,7 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, const struct
void set_root_sec_ctx(void);
bool pop_sec_ctx(void);
void init_sec_ctx(void);
+const struct security_token *sec_ctx_active_token(void);
/* The following definitions come from smbd/server.c */
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
index 83674a2..d474219 100644
--- a/source3/smbd/sec_ctx.c
+++ b/source3/smbd/sec_ctx.c
@@ -466,3 +466,28 @@ void init_sec_ctx(void)
current_user.vuid = UID_FIELD_INVALID;
current_user.nt_user_token = NULL;
}
+
+/*************************************************************
+ Called when we're inside a become_root() temporary escalation
+ of privileges and the nt_user_token is NULL. Return the last
+ active token on the context stack. We know there is at least
+ one valid non-NULL token on the stack so panic if we underflow.
+*************************************************************/
+
+const struct security_token *sec_ctx_active_token(void)
+{
+ int stack_index = sec_ctx_stack_ndx;
+ struct sec_ctx *ctx_p = &sec_ctx_stack[stack_index];
+
+ while (ctx_p->token == NULL) {
+ stack_index--;
+ if (stack_index < 0) {
+ DEBUG(0, ("Security context active token "
+ "stack underflow!\n"));
+ smb_panic("Security context active token "
+ "stack underflow!");
+ }
+ ctx_p = &sec_ctx_stack[stack_index];
+ }
+ return ctx_p->token;
+}
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index eac5d9d..30c7154 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -533,9 +533,19 @@ const struct security_unix_token *get_current_utok(connection_struct *conn)
return ¤t_user.ut;
}
+/****************************************************************************
+ Return the Windows token we are running effectively as on this connection.
+ If this is currently a NULL token as we're inside become_root() - a temporary
+ UNIX security override, then we search up the stack for the previous active
+ token.
+****************************************************************************/
+
const struct security_token *get_current_nttok(connection_struct *conn)
{
- return current_user.nt_user_token;
+ if (current_user.nt_user_token) {
+ return current_user.nt_user_token;
+ }
+ return sec_ctx_active_token();
}
uint64_t get_current_vuid(connection_struct *conn)
--
Samba Shared Repository
More information about the samba-cvs
mailing list