packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0012-CVE-2022-2031-CVE-2022-32744.patch

102 lines
4.0 KiB
Diff
Raw Blame History

From d3bd072c0e9b3810921048663ac59a8f70739b31 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 1 Oct 2021 15:59:28 +1300
Subject: [PATCH] CVE-2020-25718 dsdb: Bring sid_helper.c into common code as
rodc_helper.c
These common routines will assist the KDC to do the same access
checking as the RPC servers need to do regarding which accounts
a RODC can act with regard to.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
---
.../common/sid_helper.c => dsdb/common/rodc_helper.c} | 1 -
source4/dsdb/wscript_build | 2 +-
source4/rpc_server/drsuapi/getncchanges.c | 1 -
source4/rpc_server/netlogon/dcerpc_netlogon.c | 1 -
source4/rpc_server/wscript_build | 9 +--------
5 files changed, 2 insertions(+), 12 deletions(-)
rename source4/{rpc_server/common/sid_helper.c => dsdb/common/rodc_helper.c} (99%)
diff --git a/source4/rpc_server/common/sid_helper.c b/source4/dsdb/common/rodc_helper.c
similarity index 99%
rename from source4/rpc_server/common/sid_helper.c
rename to source4/dsdb/common/rodc_helper.c
index 78cb35d..3a9636a 100644
--- a/source4/rpc_server/common/sid_helper.c
+++ b/source4/dsdb/common/rodc_helper.c
@@ -23,7 +23,6 @@
#include "rpc_server/dcerpc_server.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "source4/dsdb/samdb/samdb.h"
-#include "rpc_server/common/sid_helper.h"
#include "libcli/security/security.h"
/*
diff --git a/source4/dsdb/wscript_build b/source4/dsdb/wscript_build
index dbe5885..9836466 100644
--- a/source4/dsdb/wscript_build
+++ b/source4/dsdb/wscript_build
@@ -13,7 +13,7 @@ bld.SAMBA_LIBRARY('samdb',
)
bld.SAMBA_LIBRARY('samdb-common',
- source='common/util.c common/util_trusts.c common/util_groups.c common/util_samr.c common/dsdb_dn.c common/dsdb_access.c common/util_links.c',
+ source='common/util.c common/util_trusts.c common/util_groups.c common/util_samr.c common/dsdb_dn.c common/dsdb_access.c common/util_links.c common/rodc_helper.c',
autoproto='common/proto.h',
private_library=True,
deps='ldb NDR_DRSBLOBS util_ldb LIBCLI_AUTH samba-hostconfig samba_socket cli-ldap-common flag_mapping UTIL_RUNCMD'
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 603e41c..0d36a94 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -32,7 +32,6 @@
#include "libcli/security/session.h"
#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
#include "rpc_server/dcerpc_server_proto.h"
-#include "rpc_server/common/sid_helper.h"
#include "../libcli/drsuapi/drsuapi.h"
#include "lib/util/binsearch.h"
#include "lib/util/tsort.h"
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index e307606..11e8280 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -43,7 +43,6 @@
#include "librpc/gen_ndr/ndr_winbind.h"
#include "librpc/gen_ndr/ndr_winbind_c.h"
#include "lib/socket/netif.h"
-#include "rpc_server/common/sid_helper.h"
#include "lib/util/util_str_escape.h"
#define DCESRV_INTERFACE_NETLOGON_BIND(context, iface) \
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
index a7459d6..1c741d2 100644
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -7,17 +7,10 @@ bld.SAMBA_SUBSYSTEM('DCERPC_SHARE',
enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER'),
)
-bld.SAMBA_SUBSYSTEM('DCERPC_SID_HELPER',
- source='common/sid_helper.c',
- autoproto='common/sid_helper.h',
- deps='ldb',
- enabled=bld.AD_DC_BUILD_IS_ENABLED(),
- )
-
bld.SAMBA_SUBSYSTEM('DCERPC_COMMON',
source='common/server_info.c common/forward.c common/loadparm.c',
autoproto='common/proto.h',
- deps='ldb DCERPC_SHARE DCERPC_SID_HELPER',
+ deps='ldb DCERPC_SHARE',
enabled=bld.AD_DC_BUILD_IS_ENABLED()
)
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink