sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00
Code

CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

(cherry picked from commit 2c02378029fff6636b8f19e45af78b265f2210ed)
This commit is contained in:
Stefan Metzmacher 2023-03-16 10:03:44 +01:00 committed by Jule Anger
parent 7ebf51dd8b
commit 570e892a0e
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
libcli/security/security_descriptor.c
View File

@ -344,6 +344,20 @@ NTSTATUS security_descriptor_sacl_add(struct security_descriptor *sd,
return security_descriptor_acl_add(sd, true, ace, -1);
}
/*
insert an ACE at a given index to the SACL of a security_descriptor
idx can be negative, which means it's related to the new size from the
end, so -1 means the ace is appended at the end.
*/
NTSTATUS security_descriptor_sacl_insert(struct security_descriptor *sd,
const struct security_ace *ace,
ssize_t idx)
{
return security_descriptor_acl_add(sd, true, ace, idx);
}
/*
add an ACE to the DACL of a security_descriptor
*/
@ -354,6 +368,20 @@ NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd,
return security_descriptor_acl_add(sd, false, ace, -1);
}
/*
insert an ACE at a given index to the DACL of a security_descriptor
idx can be negative, which means it's related to the new size from the
end, so -1 means the ace is appended at the end.
*/
NTSTATUS security_descriptor_dacl_insert(struct security_descriptor *sd,
const struct security_ace *ace,
ssize_t idx)
{
return security_descriptor_acl_add(sd, false, ace, idx);
}
/*
delete the ACE corresponding to the given trustee in an ACL of a
security_descriptor

6
libcli/security/security_descriptor.h
View File

@ -33,8 +33,14 @@ NTSTATUS security_descriptor_for_client(TALLOC_CTX *mem_ctx,
struct security_descriptor **_csd);
NTSTATUS security_descriptor_sacl_add(struct security_descriptor *sd,
const struct security_ace *ace);
NTSTATUS security_descriptor_sacl_insert(struct security_descriptor *sd,
const struct security_ace *ace,
ssize_t idx);
NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd,
const struct security_ace *ace);
NTSTATUS security_descriptor_dacl_insert(struct security_descriptor *sd,
const struct security_ace *ace,
ssize_t idx);
NTSTATUS security_descriptor_dacl_del(struct security_descriptor *sd,
const struct dom_sid *trustee);
NTSTATUS security_descriptor_sacl_del(struct security_descriptor *sd,