[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Thu Jun 25 14:15:05 MDT 2015


The branch, master has been updated
       via  e2c4b89 s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
      from  c0364fa ctdb: remove useless setting of variable domain_socket_name

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit e2c4b8967d33b610f9f076c614352e4b8fc7c558
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Jun 17 10:23:30 2015 -0700

    s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
    
    Early function exit can mean backup_priv is set but we haven't called
    become_root(). *Lots* of work by the reviewers went in to checking this
    isn't a security issue.
    
    Found by Codenomicon at the Redmond plugfest.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11339
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Thu Jun 25 22:14:58 CEST 2015 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/trans2.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index e518c7b..88c69a9 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2474,6 +2474,7 @@ static void call_trans2findfirst(connection_struct *conn,
 	struct smbd_server_connection *sconn = req->sconn;
 	uint32_t ucf_flags = (UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP);
 	bool backup_priv = false;
+	bool as_root = false;
 
 	if (total_params < 13) {
 		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -2539,6 +2540,7 @@ close_if_end = %d requires_resume_key = %d backup_priv = %d level = 0x%x, max_da
 
 	if (backup_priv) {
 		become_root();
+		as_root = true;
 		ntstatus = filename_convert_with_privilege(ctx,
 				conn,
 				req,
@@ -2809,7 +2811,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
 	}
  out:
 
-	if (backup_priv) {
+	if (as_root) {
 		unbecome_root();
 	}
 
@@ -2863,6 +2865,7 @@ static void call_trans2findnext(connection_struct *conn,
 	struct dptr_struct *dirptr;
 	struct smbd_server_connection *sconn = req->sconn;
 	bool backup_priv = false; 
+	bool as_root = false;
 
 	if (total_params < 13) {
 		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -3036,6 +3039,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
 
 	if (backup_priv) {
 		become_root();
+		as_root = true;
 	}
 
 	/*
@@ -3137,7 +3141,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
 		dptr_close(sconn, &dptr_num); /* This frees up the saved mask */
 	}
 
-	if (backup_priv) {
+	if (as_root) {
 		unbecome_root();
 	}
 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list