Mercurial Mercurial > sustaining > oi_151a > sfw-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Samba CVE-2012-2111 oi_151a oi_151a_prestable3 oi_151a_prestable4
authorJon Tibble <meths@btinternet.com>
Thu, 03 May 2012 17:50:53 +0100
branchoi_151a
changeset 131 189f095ac491
parent 130 3eb16d7ac55b
child 132 26690a0dda3d
Samba CVE-2012-2111
usr/src/cmd/samba/Patches/CVE-2012-2111.diff file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/samba/Patches/CVE-2012-2111.diff	Thu May 03 17:50:53 2012 +0100
@@ -0,0 +1,68 @@
+--- source3/rpc_server/srv_lsa_nt.c.orig	2012-04-07 14:59:17.000000000 +0100
++++ source3/rpc_server/srv_lsa_nt.c	2012-04-27 20:10:36.000000000 +0100
+@@ -1691,6 +1691,10 @@
+ 	struct lsa_info *handle;
+ 	struct lsa_info *info;
+ 	uint32_t acc_granted;
++	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
++			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
++			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
++			STD_RIGHT_DELETE_ACCESS));
+ 	struct security_descriptor *psd;
+ 	size_t sd_size;
+ 
+@@ -1718,7 +1722,7 @@
+ 
+ 	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+ 				    &lsa_account_mapping,
+-				    r->in.sid, LSA_POLICY_ALL_ACCESS);
++				    r->in.sid, owner_access);
+ 	if (!NT_STATUS_IS_OK(status)) {
+ 		return status;
+ 	}
+@@ -1764,6 +1768,10 @@
+ 	size_t sd_size;
+ 	uint32_t des_access = r->in.access_mask;
+ 	uint32_t acc_granted;
++	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
++			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
++			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
++			STD_RIGHT_DELETE_ACCESS));
+ 	NTSTATUS status;
+ 
+ 	/* find the connection policy handle. */
+@@ -1788,7 +1796,7 @@
+ 	/* get the generic lsa account SD until we store it */
+ 	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+ 				&lsa_account_mapping,
+-				r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
++				r->in.sid, owner_access);
+ 	if (!NT_STATUS_IS_OK(status)) {
+ 		return status;
+ 	}
+@@ -2174,10 +2182,10 @@
+ 		return NT_STATUS_INVALID_HANDLE;
+ 	}
+ 
+-        /* get the generic lsa account SD for this SID until we store it */
++        /* get the generic lsa account SD until we store it */
+         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+                                 &lsa_account_mapping,
+-                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
++                                NULL, 0);
+         if (!NT_STATUS_IS_OK(status)) {
+                 return status;
+         }
+@@ -2245,10 +2253,10 @@
+ 		return NT_STATUS_INVALID_HANDLE;
+ 	}
+ 
+-        /* get the generic lsa account SD for this SID until we store it */
++        /* get the generic lsa account SD until we store it */
+         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+                                 &lsa_account_mapping,
+-                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
++                                NULL, 0);
+         if (!NT_STATUS_IS_OK(status)) {
+                 return status;
+         }
sustaining/oi_151a/sfw-gate