50 lines
1.7 KiB
Diff
50 lines
1.7 KiB
Diff
From 890cf42b13b0debea20751a230dd45363523944a Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Fri, 29 Jan 2016 23:30:59 +0100
|
|
Subject: [PATCH 1/6] CVE-2018-14628: python:descriptor: add
|
|
get_deletedobjects_descriptor()
|
|
|
|
samba-tool drs clone-dc-database was quite useful to find
|
|
the true value of nTSecurityDescriptor of the CN=Delete Objects
|
|
containers.
|
|
|
|
Only the auto inherited SACL is available via a ldap search.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 3be190dcf7153e479383f7f3d29ddca43fe121b8)
|
|
|
|
Conflict: NA
|
|
Reference: https://attachments.samba.org/attachment.cgi?id=18168
|
|
[PATCH 1/6] CVE-2018-14628: python:descriptor: add
|
|
get_deletedobjects_descriptor()
|
|
---
|
|
python/samba/descriptor.py | 10 ++++++++++
|
|
1 file changed, 10 insertions(+)
|
|
|
|
diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
|
|
index ac4c7e3273de..08c7518f56ab 100644
|
|
--- a/python/samba/descriptor.py
|
|
+++ b/python/samba/descriptor.py
|
|
@@ -52,6 +52,16 @@ def get_empty_descriptor(domain_sid, name_map={}):
|
|
# "get_schema_descriptor" is located in "schema.py"
|
|
|
|
|
|
+def get_deletedobjects_descriptor(domain_sid, name_map=None):
|
|
+ if name_map is None:
|
|
+ name_map = {}
|
|
+
|
|
+ sddl = "O:SYG:SYD:PAI" \
|
|
+ "(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)" \
|
|
+ "(A;;RPLC;;;BA)"
|
|
+ return sddl2binary(sddl, domain_sid, name_map)
|
|
+
|
|
+
|
|
def get_config_descriptor(domain_sid, name_map={}):
|
|
sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
|
|
"(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
|
|
--
|
|
2.34.1
|