sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-18 06:04:06 +03:00
Code
samba-mirror/source3/smbd
History
Ralph Boehme 53c9e1c9d3 CVE-2023-4091: smbd: use open_access_mask for access check in open_file() 
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-10-08 22:06:00 +02:00
..
notifyd
lib;smbd: Fix the -Os build by initializing variables
2021-08-06 17:22:30 +00:00
avahi_register.c
s3-smbd: use fruit:model string for mDNS registration
2019-01-15 21:27:20 +01:00
blocking.c
s3: smbd: Remove lock_flav argument from smbd_smb1_brl_finish_by_lock().
2022-01-06 15:11:38 +00:00
close.c
s3: smbd: Ensure we remove any pending aio values for named pipes on forced shutdown.
2023-09-20 21:38:55 +00:00
conn_idle.c
s3:rpc_server: Activate samba-dcerpcd
2021-12-10 14:02:30 +00:00
conn_msg.c
smbd: Add close-denied-share message
2020-01-15 21:25:35 +00:00
conn.c
s3/smbd: Use after free when iterating smbd_server_connection->connections
2022-08-17 09:54:06 +00:00
connection.c
s3:param: make "servicename" a substituted option
2019-11-27 10:25:37 +00:00
dfree.c
smbd: Save a few lines with str_list_add_printf()
2022-01-18 20:22:38 +00:00
dir.c
smbd: Simplify is_visible_fsp()
2022-12-12 21:16:33 +00:00
dmapi.c
dnsregister.c
dosmode.c
smbd: Use direct struct initialization, avoid explicit ZERO_STRUCT()
2022-12-15 21:52:34 +00:00
durable.c
smbd: Pass vfs_open_how through fd_openat
2022-08-06 01:43:50 +00:00
error.c
s3: smbd: Rename reply_outbuf() -> reply_smb1_outbuf().
2022-04-07 17:37:30 +00:00
fake_file.c
smbd: Modernize DBG statements in open_fake_file()
2022-08-26 18:54:37 +00:00
fd_handle.c
smbd: Remove NTCREATEX_FLAG_DELETE_ON_CLOSE
2022-06-06 19:22:28 +00:00
fd_handle.h
smbd: fd_handle.h does not need includes.h
2022-04-26 21:41:29 +00:00
file_access.c
smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL()
2022-08-10 15:32:35 +00:00
fileio.c
smbd: use fdos_mode() in mark_file_modified()
2020-12-16 09:08:31 +00:00
filename.c
smbd: Fix BZ15481
2023-09-22 21:07:52 +00:00
files.c
s3: smbd: Tweak openat_pathref_dirfsp_nosymlink() to NULL out fsp->fsp_name after calling fd_close() on intermediate directories, rather than before.
2023-01-13 08:33:47 +00:00
globals.c
smbd: Slightly simplify set_current_case_sensitive()
2022-12-14 22:54:29 +00:00
globals.h
smbXsrv_tcon: avoid storing temporary (invalid!) records.
2023-04-16 15:41:16 +00:00
mangle_hash2.c
smbd: Use ISDOT/ISDOTDOT
2022-02-17 17:13:35 +00:00
mangle_hash.c
smbd: Move fast_string_hash() to mangle_hash.c, the only user
2022-01-05 00:11:37 +00:00
mangle.c
smbdotconf: mark "mangling method" with constant="1"
2019-11-27 10:25:37 +00:00
msdfs.c
Fix spelling mistakes.
2022-09-12 02:29:32 +00:00
notify_fam.c
smbd: Allow passing notify filter from inotify and fam
2016-07-18 15:14:11 +02:00
notify_inotify.c
smbd: Align two integer types
2020-11-04 18:55:39 +00:00
notify_msg.c
notifyd: Factor out notify_walk() into its own file
2020-10-24 05:57:31 +00:00
notify.c
s3: smbd: notify_mid_maps is used by both SMB1 and SMB2.
2022-03-08 22:12:37 +00:00
ntquotas.c
smbd: add twrp arg to synthetic_smb_fname()
2020-05-05 19:18:40 +00:00
open.c
CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
2023-10-08 22:06:00 +02:00
oplock_linux.c
lib;smbd: Fix the -Os build by initializing variables
2021-08-06 17:22:30 +00:00
password.c
smbd: RIP user_struct
2020-01-13 21:09:01 +00:00
perfcount.c
smbdotconf: mark "perfcount module" with substitution="1"
2019-11-27 10:25:36 +00:00
posix_acls.c
posix_acls: Make try_chown and unpack_nt_owners static
2022-12-02 07:00:31 +00:00
proto.h
CVE-2023-3347: smbd: inline smb2_srv_init_signing() code in srv_init_signing()
2023-07-14 15:12:41 +02:00
pysmbd.c
pysmbd: set_nt_acl() can raise FileNotFoundError
2022-09-07 05:01:37 +00:00
quotas.c
quotas: Check group quota for directory when SGID is set
2019-08-14 16:27:43 +00:00
scavenger.c
smbd: call exit_server_cleanly() to avoid panicking
2023-07-06 11:56:19 +00:00
scavenger.h
seal.c
auth: Always supply both the remote and local address to the auth subsystem
2017-03-29 02:37:26 +02:00
sec_ctx.c
sec_ctx.c: Fix -Wunused-function warning on macOS
2021-10-13 01:42:35 +00:00
server_exit.c
smbd: remove process shortname arg from reinit_after_fork()
2022-12-14 01:38:29 +00:00
server_reload.c
smbd: Remove source3/smbd/statcache.c
2022-12-14 22:54:29 +00:00
server.c
smbd: Remove source3/smbd/statcache.c
2022-12-14 22:54:29 +00:00
session.c
s3:smbd: fix SAFE_FREE() vs. TALLOC_FREE() in list_sessions()
2019-03-28 23:09:33 +00:00
share_access.c
Revert "s3:smbd: Remove NIS support"
2022-06-09 21:45:28 +00:00
smb1_aio.c
s3: smbd: Rename construct_reply_common_req() -> construct_smb1_reply_common_req()
2022-04-07 17:37:30 +00:00
smb1_aio.h
smbd: Move schedule_aio_write_and_X to smb1_aio.c
2022-04-07 17:37:29 +00:00
smb1_ipc.c
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
2023-08-16 10:48:14 +00:00
smb1_ipc.h
smbd: Move ipc.c -> smb1_ipc.c
2022-04-07 17:37:29 +00:00
smb1_lanman.c
smbd: Make get_safe_[[SI]VAL|ptr] static to smb1_lanman.c
2023-01-10 00:28:37 +00:00
smb1_lanman.h
smbd: Move lanman.c -> smb1_lanman.c
2022-04-07 17:37:29 +00:00
smb1_message.c
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
2023-08-16 10:48:14 +00:00
smb1_message.h
smbd: Move message.c -> smb1_message.c
2022-04-07 17:37:29 +00:00
smb1_negprot.c
lib: Make substitute.c's "remote_proto" static
2022-12-12 21:16:33 +00:00
smb1_negprot.h
smbd: Move negprot.c -> smb1_negprot.c
2022-04-07 17:37:29 +00:00
smb1_nttrans.c
s3: smbd: Remove the ucf_flags parameter from extract_snapshot_token().
2022-08-05 09:24:30 +00:00
smb1_nttrans.h
smbd: Remove duplicate read_nttrans_ea_list function prototype
2022-04-07 17:37:30 +00:00
smb1_oplock.c
s3: smbd: Rename srv_set_message() -> srv_smb1_set_message().
2022-04-07 17:37:30 +00:00
smb1_oplock.h
smbd: Move send_break_message_smb1 to smb1_oplock.c
2022-04-07 17:37:29 +00:00
smb1_pipes.c
s3: smbd: Rename reply_outbuf() -> reply_smb1_outbuf().
2022-04-07 17:37:30 +00:00
smb1_pipes.h
smbd: Move reply_pipe_write to smb1_pipes.c
2022-04-07 17:37:30 +00:00
smb1_process.c
smbd: Slightly simplify set_current_case_sensitive()
2022-12-14 22:54:29 +00:00
smb1_process.h
smbd: Move valid_smb_header to smb2_process.c
2022-04-07 17:37:30 +00:00
smb1_reply.c
s3: smbd: Add missing 'return;'s in exit paths in reply_exit_done().
2023-08-16 11:49:39 +00:00
smb1_reply.h
s3: smbd: Move reply_findnclose() from trans2.c to smb1_reply.c
2022-04-07 17:37:30 +00:00
smb1_service.c
smbXsrv_tcon: avoid storing temporary (invalid!) records.
2023-04-16 15:41:16 +00:00
smb1_service.h
smbd: Move make_connection to smb1_service.c
2022-04-07 17:37:29 +00:00
smb1_sesssetup.c
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
2023-08-16 10:48:14 +00:00
smb1_sesssetup.h
smbd: Move sesssetup.c -> smb1_sesssetup.c
2022-04-07 17:37:29 +00:00
smb1_signing.c
CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing()
2023-07-14 15:12:41 +02:00
smb1_signing.h
CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing()
2023-07-14 15:12:41 +02:00
smb1_trans2.c
smbd: Fix indentation
2023-01-05 18:00:17 +00:00
smb1_trans2.h
smbd: Move handling smb_set_posix_lock() to smb1_trans2.c
2023-01-04 08:54:32 +00:00
smb1_utils.c
smbd: Move message_push_string() to smb1_utils.c
2022-06-06 19:22:28 +00:00
smb1_utils.h
smbd: Move message_push_string() to smb1_utils.c
2022-06-06 19:22:28 +00:00
smb2_aio.c
s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist.
2023-09-20 20:35:15 +00:00
smb2_break.c
s3:smbd: pass down smbXsrv_client to smbd_smb2_send_{oplock,lease}_break()
2020-07-08 15:54:40 +00:00
smb2_close.c
smbd: don't leak the fsp if close_file_smb() fails
2023-07-19 16:23:17 +00:00
smb2_create.c
s3: smbd: Strip any leading '\\' characters if the SMB2 DFS flag is set.
2023-01-04 07:46:06 +00:00
smb2_flush.c
s3: smbd: Cause SMB2_OP_FLUSH to go synchronous in a compound anywhere but the last operation in the list.
2022-11-17 05:55:42 +00:00
smb2_getinfo.c
smbd: smbd_do_qfilepathinfo() does not need lock_data anymore
2023-01-04 08:54:32 +00:00
smb2_glue.c
s3:smbd: implement FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT
2020-07-08 15:54:40 +00:00
smb2_ioctl_dfs.c
s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
2018-03-22 02:15:13 +01:00
smb2_ioctl_filesys.c
smbd: Save a few lines by using tevent_req_nterror()'s retval
2022-09-07 18:40:28 +00:00
smb2_ioctl_named_pipe.c
Revert "smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing"
2019-01-11 23:11:16 +01:00
smb2_ioctl_network_fs.c
vfs: Add flags and xferlen args to SMB_VFS_OFFLOAD_READ_RECV
2021-10-08 19:28:32 +00:00
smb2_ioctl_private.h
s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file.
2021-08-11 19:16:29 +00:00
smb2_ioctl_smbtorture.c
s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
2021-08-11 19:16:29 +00:00
smb2_ioctl.c
smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done()
2021-12-01 11:04:29 +00:00
smb2_ipc.c
smbd: Move nt_status_np_pipe to smb2_ipc.c
2022-04-07 17:37:29 +00:00
smb2_keepalive.c
s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
2018-03-22 02:15:13 +01:00
smb2_lock.c
s3: smbd: Plumb in POSIX lock requests through SMB2 lock calls if done on a POSIX handle. Currently not allowed.
2022-02-01 16:30:37 +00:00
smb2_negprot.c
CVE-2023-3347: smbd: remove comment in smbd_smb2_request_process_negprot()
2023-07-14 15:12:41 +02:00
smb2_notify.c
smbd: Save a few lines by using tevent_req_nterror()'s retval
2022-09-07 18:40:28 +00:00
smb2_nttrans.c
s3: smbd: Add src_dirfsp and dst_dirfsp parameters to copy_internals().
2022-08-02 19:49:32 +00:00
smb2_oplock.c
s3:smbd: remove static from release_file_oplock()
2022-09-20 00:34:35 +00:00
smb2_pipes.c
smbd: Use security_token_count_flag_sids() in open_np_file()
2023-05-26 12:34:17 +00:00
smb2_posix.c
s3: smbd: store_smb2_posix_info hide info for '..'
2022-11-29 10:26:38 +00:00
smb2_process.c
s3: smbd: Ensure init_smb1_request() zeros out what the incoming pointer points to.
2023-08-18 14:07:39 +00:00
smb2_query_directory.c
smbd: use fsp_search_ask_sharemode() and fsp_getinfo_ask_sharemode()
2022-12-09 23:11:37 +00:00
smb2_read.c
s3: smbd: named pipe reads are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
2023-09-20 20:35:15 +00:00
smb2_reply.c
s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators.
2023-08-31 09:38:21 +00:00
smb2_server.c
smbd: Pass error_context_count through smbd_smb2_request_error_ex()
2022-11-22 18:27:33 +00:00
smb2_service.c
smbXsrv_tcon: avoid storing temporary (invalid!) records.
2023-04-16 15:41:16 +00:00
smb2_sesssetup.c
smbd: Save a few lines by using tevent_req_nterror()'s retval
2022-09-07 18:40:28 +00:00
smb2_setinfo.c
smbd: Remove NTCREATEX_FLAG_DELETE_ON_CLOSE
2022-06-06 19:22:28 +00:00
smb2_signing.c
CVE-2023-3347: smbd: fix "server signing = mandatory"
2023-07-14 15:12:41 +02:00
smb2_tcon.c
smbXsrv_tcon: avoid storing temporary (invalid!) records.
2023-04-16 15:41:16 +00:00
smb2_trans2.c
smbd: Move bytes from r/w data to r/o text section
2023-01-10 00:28:37 +00:00
smb2_write.c
s3: smbd: named pipe writes are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
2023-09-20 20:35:15 +00:00
smbd_cleanupd.c
smbd: Remove unused brlock code
2019-06-20 17:18:19 +00:00
smbd_cleanupd.h
smbd.h
smbd: Hide the SMB1 posix symlink behaviour behind UCF_LCOMP_LNK_OK
2022-12-22 19:50:34 +00:00
smbXsrv_client.c
s3:smbd: fix multichannel connection passing race
2023-08-11 09:49:53 +00:00
smbXsrv_open.c
smbd: Modernize DBG statements in smbXsrv_open_global_store()
2023-01-18 11:49:38 +00:00
smbXsrv_open.h
smbd: Give smbXsrv_open.c its own header file
2021-11-11 19:08:37 +00:00
smbXsrv_session.c
lib: Use tdb_data_dbg() where appropriate
2023-01-10 00:28:37 +00:00
smbXsrv_tcon.c
smbXsrv_tcon: avoid storing temporary (invalid!) records.
2023-04-16 15:41:16 +00:00
smbXsrv_version.c
lib: Pass mem_ctx to lock_path()
2018-08-17 11:30:10 +02:00
srvstr.c
smbd: Move message_push_string() to smb1_utils.c
2022-06-06 19:22:28 +00:00
statvfs.c
smbd: Fix the build on FreeBSD
2022-08-04 20:44:32 +00:00
uid.c
source3: move lib/substitute.c functions out of proto.h
2021-11-11 13:49:32 +00:00
utmp.c
s3/smbd: fix utmp hostname logging on Solaris
2019-01-10 22:46:11 +01:00
vfs.c
s3:smbd: add helpers to deny vfs calls in some sections
2022-09-20 00:34:35 +00:00