sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-14 01:57:53 +03:00
Code
samba-mirror/source3/smbd
History
Stefan Metzmacher efd4832c2c CVE-2019-10197: smbd: split change_to_user_impersonate() out of change_to_user_internal() 
This makes sure we always call chdir_current_service() even
when we still impersonated the user. Which is important
in order to run the SMB* request within the correct working directory
and only if the user has permissions to enter that directory.

It makes sure we always update conn->lastused_count
in chdir_current_service() for each request.

Note that vfs_ChDir() (called from chdir_current_service())
maintains its own cache and avoids calling SMB_VFS_CHDIR()
if possible.

It means we still avoid syscalls if we get a multiple requests
for the same session/tcon tuple.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Sep  3 09:27:22 UTC 2019 on sn-devel-184
2019-09-03 09:27:21 +00:00
..
notifyd
notifyd: Fix SIGBUS on sparc
2019-02-22 12:30:10 +01:00
aio.c
Revert "smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing"
2019-01-11 23:11:16 +01:00
avahi_register.c
s3-smbd: use fruit:model string for mDNS registration
2019-01-15 21:27:20 +01:00
blocking.c
smbd: Remove unused "msg_ctx" from smbd_smb1_do_locks_send()
2019-07-02 17:01:28 +00:00
close.c
smbd: Simplify has_other_nonposix_opens()
2019-08-19 23:14:38 +00:00
conn_idle.c
s3: smbd: All directory enumeration is now via file handles - remove unneeded code in idle connections.
2019-08-06 14:23:34 +00:00
conn_msg.c
conn.c
s3: VFS: change connection_struct cwd_fname to cwd_fsp
2019-08-16 19:52:32 +00:00
connection.c
smbd: Remove some unused includes
2019-04-11 23:35:15 +00:00
dfree.c
smbd: Make sys_disk_free static
2019-08-14 17:47:33 +00:00
dir.c
smbd: Fix CID 1452290 Null pointer dereferences (REVERSE_INULL)
2019-08-14 07:39:38 +00:00
dmapi.c
dnsregister.c
dosmode.c
smbd: Fix CID 1452291 Null pointer dereferences (NULL_RETURNS)
2019-08-14 07:39:38 +00:00
durable.c
smbd: Remove "share_access" from files_struct
2019-08-06 21:49:29 +00:00
error.c
s3:smbd: Fix converity warning with _smb_setlen_large()
2018-05-16 21:30:23 +02:00
fake_file.c
file_access.c
s3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname().
2016-03-24 22:57:16 +01:00
fileio.c
smbd: Use a struct initializer
2019-05-03 22:34:16 +00:00
filename.c
Spelling fixes s/preceeding/preceding/
2019-09-01 22:21:28 +00:00
files.c
smbd: Move fsp_client_guid() to locking/
2019-08-06 21:49:29 +00:00
globals.c
printing: use housekeeping period that matches cache time
2016-04-19 09:37:14 +02:00
globals.h
s3: smbd: globals - remove dirhandles_open from internal search struct.
2019-07-09 23:12:17 +00:00
ipc.c
Revert "smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing"
2019-01-11 23:11:16 +01:00
lanman.c
s3:smbd: Use C99 initializer for RAP api_commands
2019-01-28 10:29:23 +01:00
mangle_hash2.c
mangle_hash.c
mangle.c
s3/smbd: convert "mangled names" option to an enum
2017-01-09 19:31:20 +01:00
message.c
Avoid NULL pointer dereference in SMBsendend handler
2019-03-12 00:42:19 +00:00
msdfs.c
s3: smbd: Change is_msdfs_link_internal() to call SMB_VFS_READLINKAT().
2019-08-23 18:49:36 +00:00
negprot.c
s3/smbd: Server responds incorrectly if no SMB protocol chosen
2018-09-28 08:30:22 +02:00
notify_fam.c
smbd: Allow passing notify filter from inotify and fam
2016-07-18 15:14:11 +02:00
notify_inotify.c
s3: smbd: inotify_map_mask_to_filter incorrectly indexes an array.
2017-04-28 03:18:23 +02:00
notify_msg.c
smbd: remove unused tevent_context argument from notify_init
2018-06-18 08:59:18 +02:00
notify.c
smbd: Only remove locks by mid if necessary
2019-06-20 17:18:16 +00:00
ntquotas.c
ntquotas: do not set inode limits when setting space quota
2019-02-17 13:33:12 +01:00
nttrans.c
smbd: Move handling the 1sec sharing_violation delay into smb1 code
2019-08-07 23:45:50 +00:00
open.c
s3: smbd: Change process_symlink_open() to call SMB_VFS_READLINKAT().
2019-08-23 18:49:36 +00:00
oplock_linux.c
Revert "smbd: explain that/why we use the raw tevent_context for linux_oplock_signal_handler()"
2019-01-11 23:11:17 +01:00
oplock.c
smbd: Inline remove_oplock_under_lock() into its only caller
2019-08-06 21:49:30 +00:00
password.c
s3:smbd: Make sure we do not export "/" (root) as home dir
2018-12-05 01:38:14 +01:00
perfcount.c
lib:util: Make probing of modules more secure
2017-06-06 18:36:07 +02:00
pipes.c
Revert "smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing"
2019-01-11 23:11:16 +01:00
posix_acls.c
s3: smbd: Posix ACLs. Now we know we have a handle, always use VFS_FCHMOD instead of VFS_CHMOD.
2019-06-24 18:49:10 +00:00
process.c
smbd: Enhance debugging in push_deferred_open_message_smb()
2019-08-06 21:49:29 +00:00
proto.h
smbd: Simplify has_other_nonposix_opens()
2019-08-19 23:14:38 +00:00
pysmbd.c
s3/smbd/py: avoid null deref with bad python arguments
2019-07-22 22:20:26 +00:00
quotas.c
quotas: Check group quota for directory when SGID is set
2019-08-14 16:27:43 +00:00
reply.c
s3: smbd: Change rename_internals_fsp() to call SMB_VFS_RENAMEAT().
2019-08-16 19:52:34 +00:00
scavenger.c
lib: Remove unused serverid.tdb
2017-12-05 04:58:26 +01:00
scavenger.h
seal.c
auth: Always supply both the remote and local address to the auth subsystem
2017-03-29 02:37:26 +02:00
sec_ctx.c
s3:smbd: Fix incorrect use of sys_getgroups()
2017-04-18 15:43:02 +02:00
server_exit.c
smbd: Fix use-after-free from exit_server_common()
2019-08-01 15:39:12 +00:00
server_reload.c
smbd: remove useless set_current_service(NULL,0,True) from reload_services()
2018-06-18 08:59:17 +02:00
server.c
s3:rpc_server: Return NTSTATUS in rpc_ep_setup and setup functions
2019-07-22 16:49:14 +00:00
service.c
Spelling fixes s/withing/within/
2019-09-01 22:21:28 +00:00
session.c
s3:smbd: fix SAFE_FREE() vs. TALLOC_FREE() in list_sessions()
2019-03-28 23:09:33 +00:00
sesssetup.c
s3:smbd: Start to use the smb2_signing_key structure
2019-04-30 23:18:28 +00:00
share_access.c
smbd: remove redundant comment (with typo) from token_contains_name()
2016-08-04 18:26:07 +02:00
signing.c
s3:smbd: Return NTSTATUS for srv_calculate_sign_mac()
2019-05-21 00:03:22 +00:00
smb1_utils.c
smbd: Remove "share_access" from fcb_or_dos_open()
2019-08-06 21:49:29 +00:00
smb1_utils.h
smbd: Remove "share_access" from fcb_or_dos_open()
2019-08-06 21:49:29 +00:00
smb2_break.c
Revert "smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing"
2019-01-11 23:11:16 +01:00
smb2_close.c
smbd: Base smb2_lock.c on tevent_req
2019-06-20 17:18:19 +00:00
smb2_create.c
s3:vfs: move get_fs_file_id to vfs_default
2019-07-01 21:43:24 +00:00
smb2_flush.c
Revert "smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing"
2019-01-11 23:11:16 +01:00
smb2_getinfo.c
s3: smbd: Plumb through struct smb_request *req parameter so it can be used by smb_query_posix_acl().
2019-06-24 18:49:09 +00:00
smb2_glue.c
Revert "smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing"
2019-01-11 23:11:16 +01:00
smb2_ioctl_dfs.c
s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
2018-03-22 02:15:13 +01:00
smb2_ioctl_filesys.c
s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
2018-03-22 02:15:13 +01:00
smb2_ioctl_named_pipe.c
Revert "smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing"
2019-01-11 23:11:16 +01:00
smb2_ioctl_network_fs.c
smb2_ioctl_network_fs: remove unused fsctl_srv_copychunk_state->aapl_copyfile
2019-03-28 23:09:34 +00:00
smb2_ioctl_private.h
smb2_ioctl.c
Revert "smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing"
2019-01-11 23:11:16 +01:00
smb2_keepalive.c
s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
2018-03-22 02:15:13 +01:00
smb2_lock.c
smbd: Remove unused "msg_ctx" from smbd_do_locks_try()
2019-07-02 17:01:28 +00:00
smb2_negprot.c
s3:smbd: Prefer AES-GCM over AES-CCM with GnuTLS
2019-08-27 04:44:41 +00:00
smb2_notify.c
s3:smbd: fix max_buffer handling of initial notify requests
2019-03-29 00:35:39 +00:00
smb2_query_directory.c
s3: smbd: remove redundant smb_dname arg from dptr_create()
2019-08-06 14:23:36 +00:00
smb2_read.c
Revert "smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing"
2019-01-11 23:11:16 +01:00
smb2_server.c
libcli:smb: Use smb2_signing_key in smb2_signing_encrypt_pdu()
2019-08-27 04:44:41 +00:00
smb2_sesssetup.c
s3:smbd: Use GnuTLS for AES constants
2019-08-21 09:57:32 +00:00
smb2_setinfo.c
smbd: Simplify smbd_smb2_setinfo_send()
2019-07-08 16:22:37 +00:00
smb2_tcon.c
smb2_tcon: avoid STATUS_PENDING completely on tdis
2019-03-28 23:09:35 +00:00
smb2_write.c
s3:smb2_write: add missing initialization of state->in_offset
2019-03-28 23:09:33 +00:00
smbd_cleanupd.c
smbd: Remove unused brlock code
2019-06-20 17:18:19 +00:00
smbd_cleanupd.h
smbd: Implement a cleanup daemon
2015-11-16 14:51:33 +01:00
smbd.h
s3: smbd: Add UCF_GMT_PATHNAME, which represents FLAGS2_REPARSE_PATH.
2017-05-22 18:41:16 +02:00
smbXsrv_client.c
smbd: Replace some GUID_string by GUID_buf_string
2018-10-25 17:58:24 +02:00
smbXsrv_open.c
lib: Pass mem_ctx to lock_path()
2018-08-17 11:30:10 +02:00
smbXsrv_session.c
s3: Rename server_messaging_context() to global_messaging_context()
2018-09-07 17:26:17 +02:00
smbXsrv_tcon.c
s3:smbd: reorder tcon global record deletion and closing files of a tcon
2018-08-31 22:22:23 +02:00
smbXsrv_version.c
lib: Pass mem_ctx to lock_path()
2018-08-17 11:30:10 +02:00
srvstr.c
s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown.
2017-11-21 19:42:22 +01:00
statcache.c
s3: Don't copy back the stat struct from stat_cache_lookup if we did not get a hit on the full path.
2018-09-19 17:52:13 +02:00
statvfs.c
statvfs: rename linux_statvfs to posix_statvfs
2019-01-11 02:53:57 +01:00
trans2.c
s3: smbd: Change smbd_do_qfilepathinfo(): case SMB_QUERY_FILE_UNIX_LINK: to call SMB_VFS_READLINKAT().
2019-08-23 18:49:36 +00:00
uid.c
CVE-2019-10197: smbd: split change_to_user_impersonate() out of change_to_user_internal()
2019-09-03 09:27:21 +00:00
utmp.c
s3/smbd: fix utmp hostname logging on Solaris
2019-01-10 22:46:11 +01:00
vfs.c
s3: VFS: Complete the replacement of SMB_VFS_READLINK() -> SMB_VFS_READLINKAT().
2019-08-23 20:06:22 +00:00