--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/samba/Patches/CVE-2012-2111.diff Thu May 03 17:50:53 2012 +0100
@@ -0,0 +1,68 @@
+--- source3/rpc_server/srv_lsa_nt.c.orig 2012-04-07 14:59:17.000000000 +0100
++++ source3/rpc_server/srv_lsa_nt.c 2012-04-27 20:10:36.000000000 +0100
+@@ -1691,6 +1691,10 @@
+ struct lsa_info *handle;
+ struct lsa_info *info;
+ uint32_t acc_granted;
++ uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
++ ~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
++ LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
++ STD_RIGHT_DELETE_ACCESS));
+ struct security_descriptor *psd;
+ size_t sd_size;
+
+@@ -1718,7 +1722,7 @@
+
+ status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+ &lsa_account_mapping,
+- r->in.sid, LSA_POLICY_ALL_ACCESS);
++ r->in.sid, owner_access);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+@@ -1764,6 +1768,10 @@
+ size_t sd_size;
+ uint32_t des_access = r->in.access_mask;
+ uint32_t acc_granted;
++ uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
++ ~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
++ LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
++ STD_RIGHT_DELETE_ACCESS));
+ NTSTATUS status;
+
+ /* find the connection policy handle. */
+@@ -1788,7 +1796,7 @@
+ /* get the generic lsa account SD until we store it */
+ status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+ &lsa_account_mapping,
+- r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
++ r->in.sid, owner_access);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+@@ -2174,10 +2182,10 @@
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+- /* get the generic lsa account SD for this SID until we store it */
++ /* get the generic lsa account SD until we store it */
+ status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+ &lsa_account_mapping,
+- r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
++ NULL, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+@@ -2245,10 +2253,10 @@
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+- /* get the generic lsa account SD for this SID until we store it */
++ /* get the generic lsa account SD until we store it */
+ status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+ &lsa_account_mapping,
+- r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
++ NULL, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }