sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code
samba-mirror/source3/smbd
History
Ralph Boehme b70f4f8681 CVE-2023-4091: smbd: use open_access_mask for access check in open_file() 
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-10-10 14:49:39 +00:00
..
notifyd
s3:notifyd: Use lpcfg_set_cmdline()
2023-09-14 21:35:29 +00:00
avahi_register.c
blocking.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
close.c
s3: smbd: Ensure we remove any pending aio values for named pipes on forced shutdown.
2023-09-20 02:43:18 +00:00
conn_idle.c
s3:rpc_server: Activate samba-dcerpcd
2021-12-10 14:02:30 +00:00
conn_msg.c
conn.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
connection.c
dfree.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
dir.c
libsmb: Move symlink_reparse_buffer_parse() to reparse.c
2023-08-10 13:40:31 +00:00
dmapi.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
dnsregister.c
dosmode.c
s3:smbd Remove unnecessary newlines from logging messages
2023-08-08 04:39:38 +00:00
durable.c
smbd: Pass vfs_open_how through fd_openat
2022-08-06 01:43:50 +00:00
error.c
s3: smbd: Rename reply_outbuf() -> reply_smb1_outbuf().
2022-04-07 17:37:30 +00:00
fake_file.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
fd_handle.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
fd_handle.h
smbd: fd_handle.h does not need includes.h
2022-04-26 21:41:29 +00:00
file_access.c
s3:smbd: Add missing newlines to logging messages
2023-08-08 04:39:38 +00:00
fileio.c
smbd: use fdos_mode() in mark_file_modified()
2020-12-16 09:08:31 +00:00
filename.c
smbd: Fix BZ15481
2023-09-20 22:42:48 +00:00
files.c
libsmb: Move symlink_reparse_buffer_parse() to reparse.c
2023-08-10 13:40:31 +00:00
globals.c
smbd: Slightly simplify set_current_case_sensitive()
2022-12-14 22:54:29 +00:00
globals.h
smb2_server: move struct msghdr to smbd_smb2_send_queue
2023-09-06 20:31:04 +00:00
mangle_hash2.c
s3:smbd: Add missing newlines to logging messages
2023-08-08 04:39:38 +00:00
mangle_hash.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
mangle.c
msdfs.c
s3:smbd: Add missing newlines to logging messages
2023-08-08 04:39:38 +00:00
notify_fam.c
notify_inotify.c
smbd: Align two integer types
2020-11-04 18:55:39 +00:00
notify_msg.c
notifyd: Factor out notify_walk() into its own file
2020-10-24 05:57:31 +00:00
notify.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
ntquotas.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
open.c
CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
2023-10-10 14:49:39 +00:00
oplock_linux.c
s3:smbd: Add missing newlines to logging messages
2023-08-08 04:39:38 +00:00
password.c
posix_acls.c
s3:smbd: Fix code spelling
2023-09-11 02:42:41 +00:00
proto.h
smbd: Remove unused marshalling of smb3posix file information
2023-10-04 20:31:36 +00:00
pysmbd.c
pysmbd: Fix typo in error message
2023-04-12 13:52:31 +00:00
quotas.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
scavenger.c
s3:smbd: Add missing newlines to logging messages
2023-08-08 04:39:38 +00:00
scavenger.h
seal.c
sec_ctx.c
libcli/security: Rename dup_nt_token() -> security_token_duplicate()
2023-09-26 23:45:36 +00:00
server_exit.c
smbd: remove process shortname arg from reinit_after_fork()
2022-12-14 01:38:29 +00:00
server_reload.c
smbd: Remove source3/smbd/statcache.c
2022-12-14 22:54:29 +00:00
server.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
session.c
share_access.c
Revert "s3:smbd: Remove NIS support"
2022-06-09 21:45:28 +00:00
smb1_aio.c
smbd: Remove unused "pcd" arg from smb1_srv_send()
2023-06-05 17:17:35 +00:00
smb1_aio.h
smbd: Move schedule_aio_write_and_X to smb1_aio.c
2022-04-07 17:37:29 +00:00
smb1_ipc.c
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
2023-08-14 15:55:43 +00:00
smb1_ipc.h
smbd: Move ipc.c -> smb1_ipc.c
2022-04-07 17:37:29 +00:00
smb1_lanman.c
s3:smbd: Add missing newlines to logging messages
2023-08-08 04:39:38 +00:00
smb1_lanman.h
smbd: Move lanman.c -> smb1_lanman.c
2022-04-07 17:37:29 +00:00
smb1_message.c
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
2023-08-14 15:55:43 +00:00
smb1_message.h
smbd: Move message.c -> smb1_message.c
2022-04-07 17:37:29 +00:00
smb1_negprot.c
s3:smbd: Add missing newlines to logging messages
2023-08-08 04:39:38 +00:00
smb1_negprot.h
smbd: Move negprot.c -> smb1_negprot.c
2022-04-07 17:37:29 +00:00
smb1_nttrans.c
s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters.
2023-09-19 19:51:47 +00:00
smb1_nttrans.h
smbd: Remove duplicate read_nttrans_ea_list function prototype
2022-04-07 17:37:30 +00:00
smb1_oplock.c
smbd: Remove unused "pcd" arg from smb1_srv_send()
2023-06-05 17:17:35 +00:00
smb1_oplock.h
smbd: Move send_break_message_smb1 to smb1_oplock.c
2022-04-07 17:37:29 +00:00
smb1_pipes.c
smbd: Remove unused "pcd" arg from smb1_srv_send()
2023-06-05 17:17:35 +00:00
smb1_pipes.h
smbd: Move reply_pipe_write to smb1_pipes.c
2022-04-07 17:37:30 +00:00
smb1_process.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smb1_process.h
smbd: Remove unused "deferred_pcd" from process_smb1()
2023-06-05 17:17:35 +00:00
smb1_reply.c
s3: smbd: Now we have shown dst_dirfsp is always NULL, remove the parameter from rename_internals().
2023-09-19 18:59:34 +00:00
smb1_reply.h
s3: smbd: Move reply_findnclose() from trans2.c to smb1_reply.c
2022-04-07 17:37:30 +00:00
smb1_service.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smb1_service.h
smbd: Move make_connection to smb1_service.c
2022-04-07 17:37:29 +00:00
smb1_sesssetup.c
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
2023-08-14 15:55:43 +00:00
smb1_sesssetup.h
smbd: Move sesssetup.c -> smb1_sesssetup.c
2022-04-07 17:37:29 +00:00
smb1_signing.c
CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing()
2023-07-21 12:05:35 +00:00
smb1_signing.h
CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing()
2023-07-21 12:05:35 +00:00
smb1_trans2.c
s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters.
2023-09-19 19:51:47 +00:00
smb1_trans2.h
smbd: Move handling smb_set_posix_lock() to smb1_trans2.c
2023-01-04 08:54:32 +00:00
smb1_utils.c
smbd: Move message_push_string() to smb1_utils.c
2022-06-06 19:22:28 +00:00
smb1_utils.h
smbd: Move message_push_string() to smb1_utils.c
2022-06-06 19:22:28 +00:00
smb2_aio.c
s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist.
2023-09-20 01:49:34 +00:00
smb2_break.c
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
2023-03-31 20:22:38 +00:00
smb2_close.c
smbd: don't leak the fsp if close_file_smb() fails
2023-07-10 21:32:32 +00:00
smb2_create.c
smbd: Use smb3posix marshalling in smbd_smb2_create_after_exec()
2023-10-04 20:31:36 +00:00
smb2_flush.c
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
2023-03-31 20:22:38 +00:00
smb2_getinfo.c
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
2023-03-31 20:22:38 +00:00
smb2_glue.c
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
2023-03-31 20:22:38 +00:00
smb2_ioctl_dfs.c
smb2_ioctl_filesys.c
smbd: Save a few lines by using tevent_req_nterror()'s retval
2022-09-07 18:40:28 +00:00
smb2_ioctl_named_pipe.c
smb2_ioctl_network_fs.c
vfs: Add flags and xferlen args to SMB_VFS_OFFLOAD_READ_RECV
2021-10-08 19:28:32 +00:00
smb2_ioctl_private.h
s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file.
2021-08-11 19:16:29 +00:00
smb2_ioctl_smbtorture.c
s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
2021-08-11 19:16:29 +00:00
smb2_ioctl.c
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
2023-03-31 20:22:38 +00:00
smb2_ipc.c
smbd: Move nt_status_np_pipe to smb2_ipc.c
2022-04-07 17:37:29 +00:00
smb2_keepalive.c
smb2_lock.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smb2_negprot.c
conf: Remove "smb3 unix extensions" parameter
2023-09-21 17:43:23 +00:00
smb2_notify.c
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
2023-03-31 20:22:38 +00:00
smb2_nttrans.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smb2_oplock.c
s3:smbd: remove static from release_file_oplock()
2022-09-20 00:34:35 +00:00
smb2_pipes.c
smbd: Use security_token_count_flag_sids() in open_np_file()
2023-05-16 10:53:40 +00:00
smb2_posix.c
smbd: Remove unused marshalling of smb3posix file information
2023-10-04 20:31:36 +00:00
smb2_process.c
s3: smbd: Ensure init_smb1_request() zeros out what the incoming pointer points to.
2023-08-15 12:06:36 +00:00
smb2_query_directory.c
s3:smbd: Initialize ‘tm’ structure
2023-09-27 02:43:28 +00:00
smb2_read.c
s3: smbd: named pipe reads are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
2023-09-20 01:49:34 +00:00
smb2_reply.c
s3: smbd: Now we have shown dst_dirfsp is always NULL, remove the parameter from rename_internals().
2023-09-19 18:59:34 +00:00
smb2_server.c
s3:smbd: Fix building with FORTIFY_SOURCE=2
2023-10-01 22:45:38 +00:00
smb2_service.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smb2_sesssetup.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smb2_setinfo.c
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
2023-03-31 20:22:38 +00:00
smb2_signing.c
CVE-2023-3347: smbd: fix "server signing = mandatory"
2023-07-21 13:03:09 +00:00
smb2_tcon.c
smbXsrv_tcon: avoid storing temporary (invalid!) records.
2023-04-12 12:48:35 +00:00
smb2_trans2.c
smbd: Use Use smb3posix marshalling in in smbd_do_qfilepathinfo()
2023-10-04 20:31:36 +00:00
smb2_write.c
s3: smbd: named pipe writes are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
2023-09-20 01:49:34 +00:00
smbd_cleanupd.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smbd_cleanupd.h
smbd.h
smbd: Hide the SMB1 posix symlink behaviour behind UCF_LCOMP_LNK_OK
2022-12-22 19:50:34 +00:00
smbXsrv_client.c
s3:smbd: fix multichannel connection passing race
2023-08-08 13:59:58 +00:00
smbXsrv_open.c
s3:smbd: Add missing space to warning message
2023-08-08 04:39:38 +00:00
smbXsrv_open.h
smbd: Remove smbXsrv_open_global0->db_rec
2023-02-13 10:49:43 +00:00
smbXsrv_session.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smbXsrv_tcon.c
smbd: Fix DBG macro
2023-08-14 19:53:37 +00:00
smbXsrv_version.c
srvstr.c
smbd: Move message_push_string() to smb1_utils.c
2022-06-06 19:22:28 +00:00
statvfs.c
smbd: Fix the build on FreeBSD
2022-08-04 20:44:32 +00:00
uid.c
source3: move lib/substitute.c functions out of proto.h
2021-11-11 13:49:32 +00:00
utmp.c
vfs.c
smbd: make vfs_stat_fsp() a no-op on fake file-handles
2023-09-12 17:08:17 +00:00