samba: update to 4.13.0

[ipfire-2.x.git] / src / patches / samba / CVE-2015-5299-v3-6-bso11529.patch
diff --git a/src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch b/src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch

deleted file mode 100644 (file)

index 38936bb..0000000
--- a/src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 8e49de7754f7171a58a1f94dee0f1138dbee3c60 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Fri, 23 Oct 2015 14:54:31 -0700
-Subject: [PATCH] CVE-2015-5299: s3-shadow-copy2: fix missing access check on
- snapdir
-
-Fix originally from <partha@exablox.com>
-
-https://bugzilla.samba.org/show_bug.cgi?id=11529
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: David Disseldorp <ddiss@samba.org>
----
- source3/modules/vfs_shadow_copy2.c | 47 ++++++++++++++++++++++++++++++++++++++
- 1 file changed, 47 insertions(+)
-
-diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
-index fedfb53..16c1ed7 100644
---- a/source3/modules/vfs_shadow_copy2.c
-+++ b/source3/modules/vfs_shadow_copy2.c
-@@ -21,6 +21,8 @@
- 
- #include "includes.h"
- #include "smbd/smbd.h"
-+#include "smbd/globals.h"
-+#include "../libcli/security/security.h"
- #include "system/filesys.h"
- #include "ntioctl.h"
- 
-@@ -764,6 +766,43 @@ static int shadow_copy2_mkdir(vfs_handle_struct *handle,  const char *fname, mod
-         SHADOW2_NEXT(MKDIR, (handle, name, mode), int, -1);
- }
- 
-+static bool check_access_snapdir(struct vfs_handle_struct *handle,
-+                              const char *path)
-+{
-+      struct smb_filename smb_fname;
-+      int ret;
-+      NTSTATUS status;
-+      uint32_t access_granted = 0;
-+
-+      ZERO_STRUCT(smb_fname);
-+      smb_fname.base_name = talloc_asprintf(talloc_tos(),
-+                                              "%s",
-+                                              path);
-+      if (smb_fname.base_name == NULL) {
-+              return false;
-+      }
-+
-+      ret = SMB_VFS_NEXT_STAT(handle, &smb_fname);
-+      if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) {
-+              TALLOC_FREE(smb_fname.base_name);
-+              return false;
-+      }
-+
-+      status = smbd_check_open_rights(handle->conn,
-+                                      &smb_fname,
-+                                      SEC_DIR_LIST,
-+                                      &access_granted);
-+      if (!NT_STATUS_IS_OK(status)) {
-+              DEBUG(0,("user does not have list permission "
-+                      "on snapdir %s\n",
-+                      smb_fname.base_name));
-+              TALLOC_FREE(smb_fname.base_name);
-+              return false;
-+      }
-+      TALLOC_FREE(smb_fname.base_name);
-+      return true;
-+}
-+
- static int shadow_copy2_rmdir(vfs_handle_struct *handle,  const char *fname)
- {
-         SHADOW2_NEXT(RMDIR, (handle, name), int, -1);
-@@ -877,6 +916,7 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle,
-       SMB_STRUCT_DIRENT *d;
-       TALLOC_CTX *tmp_ctx = talloc_new(handle->data);
-       char *snapshot;
-+      bool ret;
- 
-       snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle);
-       if (snapdir == NULL) {
-@@ -886,6 +926,13 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle,
-               talloc_free(tmp_ctx);
-               return -1;
-       }
-+      ret = check_access_snapdir(handle, snapdir);
-+      if (!ret) {
-+              DEBUG(0,("access denied on listing snapdir %s\n", snapdir));
-+              errno = EACCES;
-+              talloc_free(tmp_ctx);
-+              return -1;
-+      }
- 
-       p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0);
- 
--- 
-2.5.0
-