Mercurial Mercurial > sustaining > oi_151a > sfw-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
usr/src/cmd/samba/Patches/CVE-2012-2111.diff
branchoi_151a
changeset 131 189f095ac491
equal deleted inserted replaced
130:3eb16d7ac55b 131:189f095ac491 
       
     1 --- source3/rpc_server/srv_lsa_nt.c.orig	2012-04-07 14:59:17.000000000 +0100
 
       
     2 +++ source3/rpc_server/srv_lsa_nt.c	2012-04-27 20:10:36.000000000 +0100
 
       
     3 @@ -1691,6 +1691,10 @@
 
       
     4  	struct lsa_info *handle;
 
       
     5  	struct lsa_info *info;
 
       
     6  	uint32_t acc_granted;
 
       
     7 +	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
 
       
     8 +			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
 
       
     9 +			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
 
       
    10 +			STD_RIGHT_DELETE_ACCESS));
 
       
    11  	struct security_descriptor *psd;
 
       
    12  	size_t sd_size;
 
       
    13  
       
    14 @@ -1718,7 +1722,7 @@
 
       
    15  
       
    16  	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
 
       
    17  				    &lsa_account_mapping,
 
       
    18 -				    r->in.sid, LSA_POLICY_ALL_ACCESS);
 
       
    19 +				    r->in.sid, owner_access);
 
       
    20  	if (!NT_STATUS_IS_OK(status)) {
 
       
    21  		return status;
 
       
    22  	}
 
       
    23 @@ -1764,6 +1768,10 @@
 
       
    24  	size_t sd_size;
 
       
    25  	uint32_t des_access = r->in.access_mask;
 
       
    26  	uint32_t acc_granted;
 
       
    27 +	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
 
       
    28 +			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
 
       
    29 +			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
 
       
    30 +			STD_RIGHT_DELETE_ACCESS));
 
       
    31  	NTSTATUS status;
 
       
    32  
       
    33  	/* find the connection policy handle. */
 
       
    34 @@ -1788,7 +1796,7 @@
 
       
    35  	/* get the generic lsa account SD until we store it */
 
       
    36  	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
 
       
    37  				&lsa_account_mapping,
 
       
    38 -				r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
 
       
    39 +				r->in.sid, owner_access);
 
       
    40  	if (!NT_STATUS_IS_OK(status)) {
 
       
    41  		return status;
 
       
    42  	}
 
       
    43 @@ -2174,10 +2182,10 @@
 
       
    44  		return NT_STATUS_INVALID_HANDLE;
 
       
    45  	}
 
       
    46  
       
    47 -        /* get the generic lsa account SD for this SID until we store it */
 
       
    48 +        /* get the generic lsa account SD until we store it */
 
       
    49          status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
 
       
    50                                  &lsa_account_mapping,
 
       
    51 -                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
 
       
    52 +                                NULL, 0);
 
       
    53          if (!NT_STATUS_IS_OK(status)) {
 
       
    54                  return status;
 
       
    55          }
 
       
    56 @@ -2245,10 +2253,10 @@
 
       
    57  		return NT_STATUS_INVALID_HANDLE;
 
       
    58  	}
 
       
    59  
       
    60 -        /* get the generic lsa account SD for this SID until we store it */
 
       
    61 +        /* get the generic lsa account SD until we store it */
 
       
    62          status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
 
       
    63                                  &lsa_account_mapping,
 
       
    64 -                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
 
       
    65 +                                NULL, 0);
 
       
    66          if (!NT_STATUS_IS_OK(status)) {
 
       
    67                  return status;
 
       
    68          }
sustaining/oi_151a/sfw-gate