packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0002-CVE-2018-14628.patch
xh e21bd1ec7f fix CVE-2018-14628
2023-12-28 16:29:19 +08:00

97 lines
4.3 KiB
Diff
Raw Permalink Blame History

From 2ee9129c6fe36cb0e363677dee43a2940aa81810 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 29 Jan 2016 23:33:37 +0100
Subject: [PATCH 2/6] CVE-2018-14628: python:provision: make
DELETEDOBJECTS_DESCRIPTOR available in the ldif files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0c329a0fda37d87ed737e4b579b6d04ec907604c)
Conflict: context adapt
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 2/6] CVE-2018-14628: python:provision: make
---
python/samba/provision/__init__.py | 5 +++++
python/samba/provision/sambadns.py | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 2ffaf9f..1880890 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -82,6 +82,7 @@ from samba.provision.backend import (
OpenLDAPBackend,
)
from samba.descriptor import (
+ get_deletedobjects_descriptor,
get_empty_descriptor,
get_config_descriptor,
get_config_partitions_descriptor,
@@ -1475,6 +1476,8 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
msg["subRefs"] = ldb.MessageElement(names.configdn, ldb.FLAG_MOD_ADD,
"subRefs")
+ deletedobjects_descr = b64encode(get_deletedobjects_descriptor(names.domainsid)).decode('utf8')
+
samdb.invocation_id = invocationid
# If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
@@ -1506,6 +1509,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
"FOREST_FUNCTIONALITY": str(forestFunctionality),
"DOMAIN_FUNCTIONALITY": str(domainFunctionality),
"NTDSQUOTAS_DESCRIPTOR": ntdsquotas_descr,
+ "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
"LOSTANDFOUND_DESCRIPTOR": protected1wd_descr,
"SERVICES_DESCRIPTOR": protected1_descr,
"PHYSICALLOCATIONS_DESCRIPTOR": protected1wd_descr,
@@ -1570,6 +1574,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
"RIDAVAILABLESTART": str(next_rid + 600),
"POLICYGUID_DC": policyguid_dc,
"INFRASTRUCTURE_DESCRIPTOR": infrastructure_desc,
+ "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
"LOSTANDFOUND_DESCRIPTOR": lostandfound_desc,
"SYSTEM_DESCRIPTOR": system_desc,
"BUILTIN_DESCRIPTOR": builtin_desc,
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index 239c99f..608db52 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -41,6 +41,7 @@ from samba.dsdb import (
DS_DOMAIN_FUNCTION_2016
)
from samba.descriptor import (
+ get_deletedobjects_descriptor,
get_domain_descriptor,
get_domain_delete_protected1_descriptor,
get_domain_delete_protected2_descriptor,
@@ -245,6 +246,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
descriptor = get_dns_partition_descriptor(domainsid)
+ deletedobjects_desc = get_deletedobjects_descriptor(domainsid)
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
"ZONE_DN": domainzone_dn,
@@ -268,6 +270,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
"ZONE_DNS": domainzone_dns,
"CONFIGDN": configdn,
"SERVERDN": serverdn,
+ "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8'),
"LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
"INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
})
@@ -288,6 +291,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
"ZONE_DNS": forestzone_dns,
"CONFIGDN": configdn,
"SERVERDN": serverdn,
+ "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8'),
"LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
"INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
})
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink