samba/CVE-2019-10197-1.patch

From 5e94fe726e9af81374c697ce603b3728ccaaebf3 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 12 Jul 2019 12:10:35 -0700
Subject: [PATCH 1/6] CVE-2019-10197: smbd: separate out impersonation debug
 info into a new function.

Will be called on elsewhere on successful impersonation.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source3/smbd/uid.c | 37 +++++++++++++++++++++++--------------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index a4bcb747d37e..ce8e8d92131c 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -279,6 +279,28 @@ static bool check_user_ok(connection_struct *conn,
 	return(True);
 }
 
+static void print_impersonation_info(connection_struct *conn)
+{
+	struct smb_filename *cwdfname = NULL;
+
+	if (!CHECK_DEBUGLVL(DBGLVL_INFO)) {
+		return;
+	}
+
+	cwdfname = vfs_GetWd(talloc_tos(), conn);
+	if (cwdfname == NULL) {
+		return;
+	}
+
+	DBG_INFO("Impersonated user: uid=(%d,%d), gid=(%d,%d), cwd=[%s]\n",
+		 (int)getuid(),
+		 (int)geteuid(),
+		 (int)getgid(),
+		 (int)getegid(),
+		 cwdfname->base_name);
+	TALLOC_FREE(cwdfname);
+}
+
 /****************************************************************************
  Become the user of a connection number without changing the security context
  stack, but modify the current_user entries.
@@ -415,20 +437,7 @@ static bool change_to_user_internal(connection_struct *conn,
 		current_user.done_chdir = true;
 	}
 
-	if (CHECK_DEBUGLVL(DBGLVL_INFO)) {
-		struct smb_filename *cwdfname = vfs_GetWd(talloc_tos(), conn);
-		if (cwdfname == NULL) {
-			return false;
-		}
-		DBG_INFO("Impersonated user: uid=(%d,%d), gid=(%d,%d), cwd=[%s]\n",
-			 (int)getuid(),
-			 (int)geteuid(),
-			 (int)getgid(),
-			 (int)getegid(),
-			 cwdfname->base_name);
-		TALLOC_FREE(cwdfname);
-	}
-
+	print_impersonation_info(conn);
 	return true;
 }
 
-- 
2.17.1
Package init 2019-12-25 16:07:00 +08:00			`From 5e94fe726e9af81374c697ce603b3728ccaaebf3 Mon Sep 17 00:00:00 2001`
			`From: Jeremy Allison <jra@samba.org>`
			`Date: Fri, 12 Jul 2019 12:10:35 -0700`
			`Subject: [PATCH 1/6] CVE-2019-10197: smbd: separate out impersonation debug`
			`info into a new function.`

			`Will be called on elsewhere on successful impersonation.`

			`BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035`

			`Signed-off-by: Jeremy Allison <jra@samba.org>`
			`Reviewed-by: Ralph Boehme <slow@samba.org>`
			`Reviewed-by: Stefan Metzmacher <metze@samba.org>`
			`---`
			`source3/smbd/uid.c \| 37 +++++++++++++++++++++++--------------`
			`1 file changed, 23 insertions(+), 14 deletions(-)`

			`diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c`
			`index a4bcb747d37e..ce8e8d92131c 100644`
			`--- a/source3/smbd/uid.c`
			`+++ b/source3/smbd/uid.c`
			`@@ -279,6 +279,28 @@ static bool check_user_ok(connection_struct *conn,`
			`return(True);`
			`}`

			`+static void print_impersonation_info(connection_struct *conn)`
			`+{`
			`+ struct smb_filename *cwdfname = NULL;`
			`+`
			`+ if (!CHECK_DEBUGLVL(DBGLVL_INFO)) {`
			`+ return;`
			`+ }`
			`+`
			`+ cwdfname = vfs_GetWd(talloc_tos(), conn);`
			`+ if (cwdfname == NULL) {`
			`+ return;`
			`+ }`
			`+`
			`+ DBG_INFO("Impersonated user: uid=(%d,%d), gid=(%d,%d), cwd=[%s]\n",`
			`+ (int)getuid(),`
			`+ (int)geteuid(),`
			`+ (int)getgid(),`
			`+ (int)getegid(),`
			`+ cwdfname->base_name);`
			`+ TALLOC_FREE(cwdfname);`
			`+}`
			`+`
			`/****************************************************************************`
			`Become the user of a connection number without changing the security context`
			`stack, but modify the current_user entries.`
			`@@ -415,20 +437,7 @@ static bool change_to_user_internal(connection_struct *conn,`
			`current_user.done_chdir = true;`
			`}`

			`- if (CHECK_DEBUGLVL(DBGLVL_INFO)) {`
			`- struct smb_filename *cwdfname = vfs_GetWd(talloc_tos(), conn);`
			`- if (cwdfname == NULL) {`
			`- return false;`
			`- }`
			`- DBG_INFO("Impersonated user: uid=(%d,%d), gid=(%d,%d), cwd=[%s]\n",`
			`- (int)getuid(),`
			`- (int)geteuid(),`
			`- (int)getgid(),`
			`- (int)getegid(),`
			`- cwdfname->base_name);`
			`- TALLOC_FREE(cwdfname);`
			`- }`
			`-`
			`+ print_impersonation_info(conn);`
			`return true;`
			`}`

			`--`
			`2.17.1`