[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Jun 25 14:15:05 MDT 2015
The branch, master has been updated
via e2c4b89 s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
from c0364fa ctdb: remove useless setting of variable domain_socket_name
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e2c4b8967d33b610f9f076c614352e4b8fc7c558
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jun 17 10:23:30 2015 -0700
s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
Early function exit can mean backup_priv is set but we haven't called
become_root(). *Lots* of work by the reviewers went in to checking this
isn't a security issue.
Found by Codenomicon at the Redmond plugfest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11339
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 25 22:14:58 CEST 2015 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/trans2.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index e518c7b..88c69a9 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2474,6 +2474,7 @@ static void call_trans2findfirst(connection_struct *conn,
struct smbd_server_connection *sconn = req->sconn;
uint32_t ucf_flags = (UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP);
bool backup_priv = false;
+ bool as_root = false;
if (total_params < 13) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -2539,6 +2540,7 @@ close_if_end = %d requires_resume_key = %d backup_priv = %d level = 0x%x, max_da
if (backup_priv) {
become_root();
+ as_root = true;
ntstatus = filename_convert_with_privilege(ctx,
conn,
req,
@@ -2809,7 +2811,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
}
out:
- if (backup_priv) {
+ if (as_root) {
unbecome_root();
}
@@ -2863,6 +2865,7 @@ static void call_trans2findnext(connection_struct *conn,
struct dptr_struct *dirptr;
struct smbd_server_connection *sconn = req->sconn;
bool backup_priv = false;
+ bool as_root = false;
if (total_params < 13) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -3036,6 +3039,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
if (backup_priv) {
become_root();
+ as_root = true;
}
/*
@@ -3137,7 +3141,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
dptr_close(sconn, &dptr_num); /* This frees up the saved mask */
}
- if (backup_priv) {
+ if (as_root) {
unbecome_root();
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list