Annotation of /trunk/samba/patches/samba-3.0.24-sid2name_elevation.patch
Parent Directory | Revision Log
Revision 201 -
(hide annotations)
(download)
Sat May 19 16:54:40 2007 UTC (17 years, 4 months ago) by niro
File size: 3026 byte(s)
Sat May 19 16:54:40 2007 UTC (17 years, 4 months ago) by niro
File size: 3026 byte(s)
-added security fixes (CVE-2007-2446 && CVE-2007-2447)
1 | niro | 201 | Index: samba-3.0.24/source/lib/util_sec.c |
2 | =================================================================== | ||
3 | --- samba-3.0.24.orig/source/lib/util_sec.c 2007-05-03 16:41:17.000000000 -0500 | ||
4 | +++ samba-3.0.24/source/lib/util_sec.c 2007-05-03 16:41:24.000000000 -0500 | ||
5 | @@ -286,28 +286,6 @@ | ||
6 | } | ||
7 | |||
8 | /**************************************************************************** | ||
9 | - Lightweight become root - no group change. | ||
10 | -****************************************************************************/ | ||
11 | - | ||
12 | -void become_root_uid_only(void) | ||
13 | -{ | ||
14 | - save_re_uid(); | ||
15 | - set_effective_uid(0); | ||
16 | -} | ||
17 | - | ||
18 | -/**************************************************************************** | ||
19 | - Lightweight unbecome root - no group change. Expects we are root already, | ||
20 | - saves errno across call boundary. | ||
21 | -****************************************************************************/ | ||
22 | - | ||
23 | -void unbecome_root_uid_only(void) | ||
24 | -{ | ||
25 | - int saved_errno = errno; | ||
26 | - restore_re_uid_fromroot(); | ||
27 | - errno = saved_errno; | ||
28 | -} | ||
29 | - | ||
30 | -/**************************************************************************** | ||
31 | save the real and effective gid for later restoration. Used by the | ||
32 | getgroups code | ||
33 | ****************************************************************************/ | ||
34 | Index: samba-3.0.24/source/passdb/lookup_sid.c | ||
35 | =================================================================== | ||
36 | --- samba-3.0.24.orig/source/passdb/lookup_sid.c 2007-05-03 16:41:17.000000000 -0500 | ||
37 | +++ samba-3.0.24/source/passdb/lookup_sid.c 2007-05-03 16:41:24.000000000 -0500 | ||
38 | @@ -421,10 +421,10 @@ | ||
39 | return False; | ||
40 | } | ||
41 | |||
42 | - become_root_uid_only(); | ||
43 | + become_root(); | ||
44 | result = pdb_lookup_rids(domain_sid, num_rids, rids, | ||
45 | *names, *types); | ||
46 | - unbecome_root_uid_only(); | ||
47 | + unbecome_root(); | ||
48 | |||
49 | return (NT_STATUS_IS_OK(result) || | ||
50 | NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) || | ||
51 | @@ -1085,9 +1085,9 @@ | ||
52 | goto done; | ||
53 | } | ||
54 | |||
55 | - become_root_uid_only(); | ||
56 | + become_root(); | ||
57 | ret = pdb_uid_to_rid(uid, &rid); | ||
58 | - unbecome_root_uid_only(); | ||
59 | + unbecome_root(); | ||
60 | |||
61 | if (ret) { | ||
62 | /* This is a mapped user */ | ||
63 | @@ -1131,9 +1131,9 @@ | ||
64 | goto done; | ||
65 | } | ||
66 | |||
67 | - become_root_uid_only(); | ||
68 | + become_root(); | ||
69 | ret = pdb_gid_to_sid(gid, psid); | ||
70 | - unbecome_root_uid_only(); | ||
71 | + unbecome_root(); | ||
72 | |||
73 | if (ret) { | ||
74 | /* This is a mapped group */ | ||
75 | @@ -1179,9 +1179,9 @@ | ||
76 | union unid_t id; | ||
77 | BOOL ret; | ||
78 | |||
79 | - become_root_uid_only(); | ||
80 | + become_root(); | ||
81 | ret = pdb_sid_to_id(psid, &id, &type); | ||
82 | - unbecome_root_uid_only(); | ||
83 | + unbecome_root(); | ||
84 | |||
85 | if (ret) { | ||
86 | if (type != SID_NAME_USER) { | ||
87 | @@ -1259,9 +1259,9 @@ | ||
88 | sid_check_is_in_wellknown_domain(psid))) { | ||
89 | BOOL ret; | ||
90 | |||
91 | - become_root_uid_only(); | ||
92 | + become_root(); | ||
93 | ret = pdb_getgrsid(&map, *psid); | ||
94 | - unbecome_root_uid_only(); | ||
95 | + unbecome_root(); | ||
96 | |||
97 | if (ret) { | ||
98 | *pgid = map.gid; | ||
99 | @@ -1273,9 +1273,9 @@ | ||
100 | if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) { | ||
101 | BOOL ret; | ||
102 | |||
103 | - become_root_uid_only(); | ||
104 | + become_root(); | ||
105 | ret = pdb_sid_to_id(psid, &id, &type); | ||
106 | - unbecome_root_uid_only(); | ||
107 | + unbecome_root(); | ||
108 | |||
109 | if (ret) { | ||
110 | if ((type != SID_NAME_DOM_GRP) && | ||
111 | |||
112 |