diff options
author | bubulle <bubulle@alioth.debian.org> | 2007-05-19 05:50:27 +0000 |
---|---|---|
committer | bubulle <bubulle@alioth.debian.org> | 2007-05-19 05:50:27 +0000 |
commit | 75945bd8ef13f45bda506a6c132de62f0b089789 (patch) | |
tree | e0cbfce9859c027e133f387c63a10186f950e873 | |
parent | ed93da15edf765d81c2a71333ff80ee0240bce28 (diff) | |
download | samba-75945bd8ef13f45bda506a6c132de62f0b089789.tar.gz |
Fix for #424629
git-svn-id: svn://svn.debian.org/svn/pkg-samba/branches/samba/etch/debian@1392 fc4039ab-9d04-0410-8cac-899223bdd6b0
-rw-r--r-- | changelog | 10 | ||||
-rw-r--r-- | patches/security-CVE-2007-2444_fixed-force-group.patch | 58 | ||||
-rw-r--r-- | patches/series | 1 |
3 files changed, 69 insertions, 0 deletions
@@ -1,3 +1,13 @@ +samba (3.0.24-6etch2) stable-security; urgency=high + + * The fix for CVE-2007-2444 broke the behaviour of "force group" when + for forced group is a local Unix group for domain member servers + Applied an upstream patch (security-CVE-2007-244_fixed-force-group.patch) + that is part of samba 3.0.25a. + Closes: #424629 + + -- Christian Perrier <bubulle@debian.org> Sat, 19 May 2007 07:24:19 +0200 + samba (3.0.24-6etch1) stable-security; urgency=high * Security fixes: diff --git a/patches/security-CVE-2007-2444_fixed-force-group.patch b/patches/security-CVE-2007-2444_fixed-force-group.patch new file mode 100644 index 0000000000..91e224fdd4 --- /dev/null +++ b/patches/security-CVE-2007-2444_fixed-force-group.patch @@ -0,0 +1,58 @@ +=== modified file 'source/smbd/uid.c' +--- samba-3.0.24.orig/source/smbd/uid.c 2007-05-12 16:45:55 +0000 ++++ samba-3.0.24/source/smbd/uid.c 2007-05-18 17:33:11 +0000 +@@ -151,7 +151,9 @@ + char group_c; + BOOL must_free_token = False; + NT_USER_TOKEN *token = NULL; +- ++ int num_groups = 0; ++ gid_t *group_list = NULL; ++ + if (!conn) { + DEBUG(2,("change_to_user: Connection not open\n")); + return(False); +@@ -190,14 +192,14 @@ + if (conn->force_user) /* security = share sets this too */ { + uid = conn->uid; + gid = conn->gid; +- current_user.ut.groups = conn->groups; +- current_user.ut.ngroups = conn->ngroups; ++ group_list = conn->groups; ++ num_groups = conn->ngroups; + token = conn->nt_user_token; + } else if (vuser) { + uid = conn->admin_user ? 0 : vuser->uid; + gid = vuser->gid; +- current_user.ut.ngroups = vuser->n_groups; +- current_user.ut.groups = vuser->groups; ++ num_groups = vuser->n_groups; ++ group_list = vuser->groups; + token = vuser->nt_user_token; + } else { + DEBUG(2,("change_to_user: Invalid vuid used %d in accessing " +@@ -230,8 +232,8 @@ + */ + + int i; +- for (i = 0; i < current_user.ut.ngroups; i++) { +- if (current_user.ut.groups[i] == conn->gid) { ++ for (i = 0; i < num_groups; i++) { ++ if (group_list[i] == conn->gid) { + gid = conn->gid; + gid_to_sid(&token->user_sids[1], gid); + break; +@@ -243,6 +245,12 @@ + } + } + ++ /* Now set current_user since we will immediately also call ++ set_sec_ctx() */ ++ ++ current_user.ut.ngroups = num_groups; ++ current_user.ut.groups = group_list; ++ + set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups, + token); + + diff --git a/patches/series b/patches/series index 3f61842140..0a573aa66d 100644 --- a/patches/series +++ b/patches/series @@ -23,3 +23,4 @@ no_unbreakable_spaces_in_man.patch security-CVE-2007-2444.patch security-CVE-2007-2446.patch security-CVE-2007-2447.patch +security-CVE-2007-2444_fixed-force-group.patch |