packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2018-14628

Browse Source
This commit is contained in:
xh 2023-12-28 16:45:03 +08:00
parent c544dc969b
commit f06d993486
7 changed files with 555 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
backport-0001-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,49 @@
From 890cf42b13b0debea20751a230dd45363523944a Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 29 Jan 2016 23:30:59 +0100
Subject: [PATCH 1/6] CVE-2018-14628: python:descriptor: add
get_deletedobjects_descriptor()
samba-tool drs clone-dc-database was quite useful to find
the true value of nTSecurityDescriptor of the CN=Delete Objects
containers.
Only the auto inherited SACL is available via a ldap search.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3be190dcf7153e479383f7f3d29ddca43fe121b8)
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 1/6] CVE-2018-14628: python:descriptor: add
get_deletedobjects_descriptor()
---
python/samba/descriptor.py | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
index ac4c7e3273de..08c7518f56ab 100644
--- a/python/samba/descriptor.py
+++ b/python/samba/descriptor.py
@@ -52,6 +52,16 @@ def get_empty_descriptor(domain_sid, name_map={}):
# "get_schema_descriptor" is located in "schema.py"
+def get_deletedobjects_descriptor(domain_sid, name_map=None):
+ if name_map is None:
+ name_map = {}
+
+ sddl = "O:SYG:SYD:PAI" \
+ "(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)" \
+ "(A;;RPLC;;;BA)"
+ return sddl2binary(sddl, domain_sid, name_map)
+
+
def get_config_descriptor(domain_sid, name_map={}):
sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
"(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
--
2.34.1

96
backport-0002-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,96 @@
From 2ee9129c6fe36cb0e363677dee43a2940aa81810 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 29 Jan 2016 23:33:37 +0100
Subject: [PATCH 2/6] CVE-2018-14628: python:provision: make
DELETEDOBJECTS_DESCRIPTOR available in the ldif files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0c329a0fda37d87ed737e4b579b6d04ec907604c)
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 2/6] CVE-2018-14628: python:provision: make
DELETEDOBJECTS_DESCRIPTOR available in the ldif files
---
python/samba/provision/__init__.py | 5 +++++
python/samba/provision/sambadns.py | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index ff9b8fac916a..f7d7468e4faf 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -78,6 +78,7 @@ from samba.provision.backend import (
LDBBackend,
)
from samba.descriptor import (
+ get_deletedobjects_descriptor,
get_empty_descriptor,
get_config_descriptor,
get_config_partitions_descriptor,
@@ -1441,6 +1442,8 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
msg["subRefs"] = ldb.MessageElement(names.configdn, ldb.FLAG_MOD_ADD,
"subRefs")
+ deletedobjects_descr = b64encode(get_deletedobjects_descriptor(names.domainsid)).decode('utf8')
+
samdb.invocation_id = invocationid
# If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
@@ -1472,6 +1475,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
"FOREST_FUNCTIONALITY": str(forestFunctionality),
"DOMAIN_FUNCTIONALITY": str(domainFunctionality),
"NTDSQUOTAS_DESCRIPTOR": ntdsquotas_descr,
+ "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
"LOSTANDFOUND_DESCRIPTOR": protected1wd_descr,
"SERVICES_DESCRIPTOR": protected1_descr,
"PHYSICALLOCATIONS_DESCRIPTOR": protected1wd_descr,
@@ -1536,6 +1540,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
"RIDAVAILABLESTART": str(next_rid + 600),
"POLICYGUID_DC": policyguid_dc,
"INFRASTRUCTURE_DESCRIPTOR": infrastructure_desc,
+ "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
"LOSTANDFOUND_DESCRIPTOR": lostandfound_desc,
"SYSTEM_DESCRIPTOR": system_desc,
"BUILTIN_DESCRIPTOR": builtin_desc,
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index 9184711a7645..d057b7830ada 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -42,6 +42,7 @@ from samba.dsdb import (
DS_GUID_USERS_CONTAINER
)
from samba.descriptor import (
+ get_deletedobjects_descriptor,
get_domain_descriptor,
get_domain_delete_protected1_descriptor,
get_domain_delete_protected2_descriptor,
@@ -256,6 +257,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
descriptor = get_dns_partition_descriptor(domainsid)
+ deletedobjects_desc = get_deletedobjects_descriptor(domainsid)
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
"ZONE_DN": domainzone_dn,
@@ -278,6 +280,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
"ZONE_DNS": domainzone_dns,
"CONFIGDN": configdn,
"SERVERDN": serverdn,
+ "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8'),
"LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
"INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
})
@@ -297,6 +300,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
"ZONE_DNS": forestzone_dns,
"CONFIGDN": configdn,
"SERVERDN": serverdn,
+ "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8'),
"LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
"INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
})
--
2.34.1

72
backport-0003-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,72 @@
From 96d787c0a5182c24ea51591342b37eb041798afb Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 29 Jan 2016 23:34:15 +0100
Subject: [PATCH 3/6] CVE-2018-14628: s4:setup: set the correct
nTSecurityDescriptor on the CN=Deleted Objects container
This revealed a bug in our dirsync code, so we mark
test_search_with_dirsync_deleted_objects as knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7f8b15faa76d05023c987fac2c4c31f9ac61bb47)
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 3/6] CVE-2018-14628: s4:setup: set the correct
nTSecurityDescriptor on the CN=Deleted Objects container
---
selftest/knownfail.d/samba4.ldap.confidential_attr | 1 +
source4/setup/provision.ldif | 1 +
source4/setup/provision_configuration.ldif | 1 +
source4/setup/provision_dnszones_add.ldif | 1 +
4 files changed, 4 insertions(+)
create mode 100644 selftest/knownfail.d/samba4.ldap.confidential_attr
diff --git a/selftest/knownfail.d/samba4.ldap.confidential_attr b/selftest/knownfail.d/samba4.ldap.confidential_attr
new file mode 100644
index 000000000000..46a75ce928b0
--- /dev/null
+++ b/selftest/knownfail.d/samba4.ldap.confidential_attr
@@ -0,0 +1 @@
+^samba4.ldap.confidential_attr.python.*.__main__.*.test_search_with_dirsync_deleted_objects
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 5d9eba49f86f..7f966fd57f81 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -34,6 +34,7 @@ isDeleted: TRUE
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: TRUE
systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
# Computers located in "provision_computers*.ldif"
# Users/Groups located in "provision_users*.ldif"
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index 53c9c8536de4..8fcbddbdae48 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -14,6 +14,7 @@ description: Container for deleted objects
isDeleted: TRUE
isCriticalSystemObject: TRUE
systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
# Extended rights
diff --git a/source4/setup/provision_dnszones_add.ldif b/source4/setup/provision_dnszones_add.ldif
index 860aa4b72b30..a2d6b6bab8f2 100644
--- a/source4/setup/provision_dnszones_add.ldif
+++ b/source4/setup/provision_dnszones_add.ldif
@@ -8,6 +8,7 @@ description: Deleted objects
isDeleted: TRUE
isCriticalSystemObject: TRUE
systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
dn: CN=LostAndFound,${ZONE_DN}
objectClass: top
--
2.34.1

105
backport-0004-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,105 @@
From a561ec6ebc3676a9f785ddd8d916e1e220a25e35 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 26 Jun 2023 15:14:24 +0200
Subject: [PATCH 4/6] CVE-2018-14628: s4:dsdb: remove unused code in
dirsync_filter_entry()
This makes the next change easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 498542be0bbf4f26558573c1f87b77b8e3509371)
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 4/6] CVE-2018-14628: s4:dsdb: remove unused code in
dirsync_filter_entry()
---
source4/dsdb/samdb/ldb_modules/dirsync.c | 53 +++---------------------
1 file changed, 5 insertions(+), 48 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c b/source4/dsdb/samdb/ldb_modules/dirsync.c
index fbb75790095b..124cff25e397 100644
--- a/source4/dsdb/samdb/ldb_modules/dirsync.c
+++ b/source4/dsdb/samdb/ldb_modules/dirsync.c
@@ -151,10 +151,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
* list only the attribute that have been modified since last interogation
*
*/
- newmsg = ldb_msg_new(dsc->req);
- if (newmsg == NULL) {
- return ldb_oom(ldb);
- }
for (i = msg->num_elements - 1; i >= 0; i--) {
if (ldb_attr_cmp(msg->elements[i].name, "uSNChanged") == 0) {
int error = 0;
@@ -201,11 +197,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
*/
return LDB_SUCCESS;
}
- newmsg->dn = ldb_dn_new(newmsg, ldb, "");
- if (newmsg->dn == NULL) {
- return ldb_oom(ldb);
- }
-
el = ldb_msg_find_element(msg, "objectGUID");
if ( el != NULL) {
guidfound = true;
@@ -216,48 +207,14 @@ static int dirsync_filter_entry(struct ldb_request *req,
* well will uncomment the code bellow
*/
SMB_ASSERT(guidfound == true);
- /*
- if (guidfound == false) {
- struct GUID guid;
- struct ldb_val *new_val;
- DATA_BLOB guid_blob;
-
- tmp[0] = '\0';
- txt = strrchr(txt, ':');
- if (txt == NULL) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
- txt++;
-
- status = GUID_from_string(txt, &guid);
- if (!NT_STATUS_IS_OK(status)) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
-
- status = GUID_to_ndr_blob(&guid, msg, &guid_blob);
- if (!NT_STATUS_IS_OK(status)) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
-
- new_val = talloc(msg, struct ldb_val);
- if (new_val == NULL) {
- return ldb_oom(ldb);
- }
- new_val->data = talloc_steal(new_val, guid_blob.data);
- new_val->length = guid_blob.length;
- if (ldb_msg_add_value(msg, "objectGUID", new_val, NULL) != 0) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
- }
- */
- ldb_msg_add(newmsg, el, LDB_FLAG_MOD_ADD);
- talloc_steal(newmsg->elements, el->name);
- talloc_steal(newmsg->elements, el->values);
-
- talloc_steal(newmsg->elements, msg);
return ldb_module_send_entry(dsc->req, msg, controls);
}
+ newmsg = ldb_msg_new(dsc->req);
+ if (newmsg == NULL) {
+ return ldb_oom(ldb);
+ }
+
ndr_err = ndr_pull_struct_blob(replMetaData, dsc, &rmd,
(ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
--
2.34.1

71
backport-0005-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,71 @@
From 83dbd0c922640bb1ac244d2855c00d6984625963 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 7 Jun 2023 18:18:58 +0200
Subject: [PATCH 5/6] CVE-2018-14628: dbchecker: use
get_deletedobjects_descriptor for missing deleted objects container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 70586061128f90afa33f25e104d4570a1cf778db)
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 5/6] CVE-2018-14628: dbchecker: use
get_deletedobjects_descriptor for missing deleted objects container
---
python/samba/dbchecker.py | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 449b0a7d985c..e124b1a0d671 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -20,7 +20,7 @@
import ldb
import samba
import time
-from base64 import b64decode
+from base64 import b64decode, b64encode
from samba import dsdb
from samba import common
from samba.dcerpc import misc
@@ -29,7 +29,11 @@ from samba.ndr import ndr_unpack, ndr_pack
from samba.dcerpc import drsblobs
from samba.samdb import dsdb_Dn
from samba.dcerpc import security
-from samba.descriptor import get_wellknown_sds, get_diff_sds
+from samba.descriptor import (
+ get_wellknown_sds,
+ get_deletedobjects_descriptor,
+ get_diff_sds
+)
from samba.auth import system_session, admin_session
from samba.netcmd import CommandError
from samba.netcmd.fsmo import get_fsmo_roleowner
@@ -341,6 +345,12 @@ class dbcheck(object):
listwko.append('%s:%s' % (wko_prefix, dn))
guid_suffix = ""
+
+ domain_sid = security.dom_sid(self.samdb.get_domain_sid())
+ sec_desc = get_deletedobjects_descriptor(domain_sid,
+ name_map=self.name_map)
+ sec_desc_b64 = b64encode(sec_desc).decode('utf8')
+
# Insert a brand new Deleted Objects container
self.samdb.add_ldif("""dn: %s
objectClass: top
@@ -349,7 +359,8 @@ description: Container for deleted objects
isDeleted: TRUE
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: TRUE
-systemFlags: -1946157056%s""" % (dn, guid_suffix),
+nTSecurityDescriptor:: %s
+systemFlags: -1946157056%s""" % (dn, sec_desc_b64, guid_suffix),
controls=["relax:0", "provision:0"])
delta = ldb.Message()
--
2.34.1

149
backport-0006-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,149 @@
From c0c380a017eb465b41105d1ea84da92c8edfe8e3 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 29 Jan 2016 23:35:31 +0100
Subject: [PATCH 6/6] CVE-2018-14628: python:descriptor: let samba-tool dbcheck
fix the nTSecurityDescriptor on CN=Deleted Objects containers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566)
Conflict: remove selftest file
source4/selftest/provisions/release-4-5-0-pre1/rootdse-version.final.txt
source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-dbcheck.ldif
source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-missing-link-sid-corruption.txt
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 6/6] CVE-2018-14628: python:descriptor: let samba-tool dbcheck
fix the nTSecurityDescriptor on CN=Deleted Objects containers
---
python/samba/dbchecker.py | 10 ++++++++--
python/samba/descriptor.py | 15 ++++++++++++++-
...ck-link-output-missing-link-sid-corruption.txt | 8 ++++----
.../expected-links-after-dbcheck.ldif | 2 +-
.../release-4-5-0-pre1/rootdse-version.final.txt | 2 +-
testprogs/blackbox/dbcheck-links.sh | 12 ++++++++++++
6 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index e124b1a0d671..28d99c01d044 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -2444,7 +2444,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
error_count += 1
continue
- if self.reset_well_known_acls:
+ if dn == deleted_objects_dn or self.reset_well_known_acls:
try:
well_known_sd = self.get_wellknown_sd(dn)
except KeyError:
@@ -2453,7 +2453,13 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
current_sd = ndr_unpack(security.descriptor,
obj[attrname][0])
- diff = get_diff_sds(well_known_sd, current_sd, security.dom_sid(self.samdb.get_domain_sid()))
+ ignoreAdditionalACEs = False
+ if not self.reset_well_known_acls:
+ ignoreAdditionalACEs = True
+
+ diff = get_diff_sds(well_known_sd, current_sd,
+ security.dom_sid(self.samdb.get_domain_sid()),
+ ignoreAdditionalACEs=ignoreAdditionalACEs)
if diff != "":
self.err_wrong_default_sd(dn, well_known_sd, diff)
error_count += 1
diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
index 08c7518f56ab..34877fa4814a 100644
--- a/python/samba/descriptor.py
+++ b/python/samba/descriptor.py
@@ -417,6 +417,7 @@ def get_wellknown_sds(samdb):
# Then subcontainers
subcontainers = [
(ldb.Dn(samdb, "%s" % str(samdb.domain_dn())), get_domain_descriptor),
+ (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.domain_dn())), get_deletedobjects_descriptor),
(ldb.Dn(samdb, "CN=LostAndFound,%s" % str(samdb.domain_dn())), get_domain_delete_protected2_descriptor),
(ldb.Dn(samdb, "CN=System,%s" % str(samdb.domain_dn())), get_domain_delete_protected1_descriptor),
(ldb.Dn(samdb, "CN=Infrastructure,%s" % str(samdb.domain_dn())), get_domain_infrastructure_descriptor),
@@ -427,6 +428,7 @@ def get_wellknown_sds(samdb):
(ldb.Dn(samdb, "CN=MicrosoftDNS,CN=System,%s" % str(samdb.domain_dn())), get_dns_domain_microsoft_dns_descriptor),
(ldb.Dn(samdb, "%s" % str(samdb.get_config_basedn())), get_config_descriptor),
+ (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.get_config_basedn())), get_deletedobjects_descriptor),
(ldb.Dn(samdb, "CN=NTDS Quotas,%s" % str(samdb.get_config_basedn())), get_config_ntds_quotas_descriptor),
(ldb.Dn(samdb, "CN=LostAndFoundConfig,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1wd_descriptor),
(ldb.Dn(samdb, "CN=Services,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1_descriptor),
@@ -451,6 +453,9 @@ def get_wellknown_sds(samdb):
if ldb.Dn(samdb, nc.decode('utf8')) == dnsforestdn:
c = (ldb.Dn(samdb, "%s" % str(dnsforestdn)), get_dns_partition_descriptor)
subcontainers.append(c)
+ c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsforestdn)),
+ get_deletedobjects_descriptor)
+ subcontainers.append(c)
c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsforestdn)),
get_domain_delete_protected1_descriptor)
subcontainers.append(c)
@@ -466,6 +471,9 @@ def get_wellknown_sds(samdb):
if ldb.Dn(samdb, nc.decode('utf8')) == dnsdomaindn:
c = (ldb.Dn(samdb, "%s" % str(dnsdomaindn)), get_dns_partition_descriptor)
subcontainers.append(c)
+ c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsdomaindn)),
+ get_deletedobjects_descriptor)
+ subcontainers.append(c)
c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsdomaindn)),
get_domain_delete_protected1_descriptor)
subcontainers.append(c)
@@ -558,7 +566,8 @@ def get_clean_sd(sd):
return sd_clean
-def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
+def get_diff_sds(refsd, cursd, domainsid, checkSacl=True,
+ ignoreAdditionalACEs=False):
"""Get the difference between 2 sd
This function split the textual representation of ACL into smaller
@@ -613,6 +622,10 @@ def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
h_ref.remove(k)
if len(h_cur) + len(h_ref) > 0:
+ if txt == "" and len(h_ref) == 0:
+ if ignoreAdditionalACEs:
+ return ""
+
txt = "%s\tPart %s is different between reference" \
" and current here is the detail:\n" % (txt, part)
diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh
index 29fb5b85abcc..a91ed00fb0f7 100755
--- a/testprogs/blackbox/dbcheck-links.sh
+++ b/testprogs/blackbox/dbcheck-links.sh
@@ -59,6 +59,16 @@ dbcheck()
fi
}
+dbcheck_acl_reset()
+{
+ $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --fix --yes --attrs=nTSecurityDescriptor
+}
+
+dbcheck_acl_clean()
+{
+ $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --attrs=nTSecurityDescriptor
+}
+
dbcheck_dangling()
{
dbcheck "" "1" "--selftest-check-expired-tombstones"
@@ -925,6 +935,8 @@ EOF
remove_directory $PREFIX_ABS/${RELEASE}
testit $RELEASE undump || failed=$(expr $failed + 1)
+testit_expect_failure "dbcheck_acl_reset" dbcheck_acl_reset || failed=$(expr $failed + 1)
+testit "dbcheck_acl_clean" dbcheck_acl_clean || failed=$(expr $failed + 1)
testit "add_two_more_users" add_two_more_users || failed=$(expr $failed + 1)
testit "add_four_more_links" add_four_more_links || failed=$(expr $failed + 1)
testit "remove_one_link" remove_one_link || failed=$(expr $failed + 1)
--
2.34.1

14
samba.spec
View File

@ -48,7 +48,7 @@
Name: samba Name: samba
Version: 4.17.5 Version: 4.17.5
Release: 9 Release: 10
Summary: A suite for Linux to interoperate with Windows Summary: A suite for Linux to interoperate with Windows
License: GPLv3+ and LGPLv3+ License: GPLv3+ and LGPLv3+
@ -158,6 +158,12 @@ Patch0089: backport-0001-CVE-2023-42669.patch
Patch0090: backport-0002-CVE-2023-42669.patch Patch0090: backport-0002-CVE-2023-42669.patch
Patch0091: backport-0001-CVE-2023-42670.patch Patch0091: backport-0001-CVE-2023-42670.patch
Patch0092: backport-0002-CVE-2023-42670.patch Patch0092: backport-0002-CVE-2023-42670.patch
Patch0093: backport-0001-CVE-2018-14628.patch
Patch0094: backport-0002-CVE-2018-14628.patch
Patch0095: backport-0003-CVE-2018-14628.patch
Patch0096: backport-0004-CVE-2018-14628.patch
Patch0097: backport-0005-CVE-2018-14628.patch
Patch0098: backport-0006-CVE-2018-14628.patch
BuildRequires: avahi-devel bison dbus-devel docbook-style-xsl e2fsprogs-devel flex gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel BuildRequires: avahi-devel bison dbus-devel docbook-style-xsl e2fsprogs-devel flex gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
@ -3609,6 +3615,12 @@ fi
%endif %endif
%changelog %changelog
* Thu Dec 28 2023 xinghe <xinghe2@h-partners.com> - 4.17.5-10
- Type:cves
- ID:CVE-2018-14628
- SUG:NA
- DESC:fix CVE-2018-14628
* Thu Oct 12 2023 xinghe <xinghe2@h-partners.com> - 4.17.5-9 * Thu Oct 12 2023 xinghe <xinghe2@h-partners.com> - 4.17.5-9
- Type:cves - Type:cves
- ID:CVE-2023-3961 CVE-2023-4091 CVE-2023-4154 CVE-2023-42669 CVE-2023-42670 - ID:CVE-2023-3961 CVE-2023-4091 CVE-2023-4154 CVE-2023-42669 CVE-2023-42670