Mercurial Mercurial > sustaining > oi_151a > sfw-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
usr/src/cmd/samba/Patches/CVE-2012-2111.diff
author Jon Tibble <meths@btinternet.com>
Thu, 03 May 2012 17:50:53 +0100
branchoi_151a
changeset 131 189f095ac491
permissions -rw-r--r--
Samba CVE-2012-2111
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
131
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
     1
 
--- source3/rpc_server/srv_lsa_nt.c.orig	2012-04-07 14:59:17.000000000 +0100
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
     2
 
+++ source3/rpc_server/srv_lsa_nt.c	2012-04-27 20:10:36.000000000 +0100
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
     3
 
@@ -1691,6 +1691,10 @@
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
     4
 
 	struct lsa_info *handle;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
     5
 
 	struct lsa_info *info;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
     6
 
 	uint32_t acc_granted;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
     7
 
+	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
     8
 
+			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
     9
 
+			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    10
 
+			STD_RIGHT_DELETE_ACCESS));
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    11
 
 	struct security_descriptor *psd;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    12
 
 	size_t sd_size;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    13
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    14
 
@@ -1718,7 +1722,7 @@
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    15
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    16
 
 	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    17
 
 				    &lsa_account_mapping,
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    18
 
-				    r->in.sid, LSA_POLICY_ALL_ACCESS);
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    19
 
+				    r->in.sid, owner_access);
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    20
 
 	if (!NT_STATUS_IS_OK(status)) {
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    21
 
 		return status;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    22
 
 	}
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    23
 
@@ -1764,6 +1768,10 @@
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    24
 
 	size_t sd_size;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    25
 
 	uint32_t des_access = r->in.access_mask;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    26
 
 	uint32_t acc_granted;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    27
 
+	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    28
 
+			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    29
 
+			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    30
 
+			STD_RIGHT_DELETE_ACCESS));
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    31
 
 	NTSTATUS status;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    32
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    33
 
 	/* find the connection policy handle. */
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    34
 
@@ -1788,7 +1796,7 @@
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    35
 
 	/* get the generic lsa account SD until we store it */
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    36
 
 	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    37
 
 				&lsa_account_mapping,
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    38
 
-				r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    39
 
+				r->in.sid, owner_access);
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    40
 
 	if (!NT_STATUS_IS_OK(status)) {
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    41
 
 		return status;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    42
 
 	}
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    43
 
@@ -2174,10 +2182,10 @@
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    44
 
 		return NT_STATUS_INVALID_HANDLE;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    45
 
 	}
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    46
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    47
 
-        /* get the generic lsa account SD for this SID until we store it */
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    48
 
+        /* get the generic lsa account SD until we store it */
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    49
 
         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    50
 
                                 &lsa_account_mapping,
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    51
 
-                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    52
 
+                                NULL, 0);
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    53
 
         if (!NT_STATUS_IS_OK(status)) {
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    54
 
                 return status;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    55
 
         }
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    56
 
@@ -2245,10 +2253,10 @@
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    57
 
 		return NT_STATUS_INVALID_HANDLE;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    58
 
 	}
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    59
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    60
 
-        /* get the generic lsa account SD for this SID until we store it */
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    61
 
+        /* get the generic lsa account SD until we store it */
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    62
 
         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    63
 
                                 &lsa_account_mapping,
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    64
 
-                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    65
 
+                                NULL, 0);
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    66
 
         if (!NT_STATUS_IS_OK(status)) {
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    67
 
                 return status;
189f095ac491 Samba CVE-2012-2111
Jon Tibble <meths@btinternet.com>
parents:
diff changeset 
    68
 
         }
sustaining/oi_151a/sfw-gate