sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-16 00:23:52 +03:00
Code Activity

CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the nTSecurityDescriptor on CN=Deleted Objects containers

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher
2016-01-29 23:35:31 +01:00
parent 7058606112
commit 97e4aab1a6
6 changed files with 40 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
python/samba/descriptor.py
View File

@@ -495,6 +495,7 @@ def get_wellknown_sds(samdb):
# Then subcontainers
subcontainers = [
(ldb.Dn(samdb, "%s" % str(samdb.domain_dn())), get_domain_descriptor),
(ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.domain_dn())), get_deletedobjects_descriptor),
(ldb.Dn(samdb, "CN=LostAndFound,%s" % str(samdb.domain_dn())), get_domain_delete_protected2_descriptor),
(ldb.Dn(samdb, "CN=System,%s" % str(samdb.domain_dn())), get_domain_delete_protected1_descriptor),
(ldb.Dn(samdb, "CN=Infrastructure,%s" % str(samdb.domain_dn())), get_domain_infrastructure_descriptor),
@@ -505,6 +506,7 @@ def get_wellknown_sds(samdb):
(ldb.Dn(samdb, "CN=MicrosoftDNS,CN=System,%s" % str(samdb.domain_dn())), get_dns_domain_microsoft_dns_descriptor),
(ldb.Dn(samdb, "%s" % str(samdb.get_config_basedn())), get_config_descriptor),
(ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.get_config_basedn())), get_deletedobjects_descriptor),
(ldb.Dn(samdb, "CN=NTDS Quotas,%s" % str(samdb.get_config_basedn())), get_config_ntds_quotas_descriptor),
(ldb.Dn(samdb, "CN=LostAndFoundConfig,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1wd_descriptor),
(ldb.Dn(samdb, "CN=Services,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1_descriptor),
@@ -529,6 +531,9 @@ def get_wellknown_sds(samdb):
if ldb.Dn(samdb, nc.decode('utf8')) == dnsforestdn:
c = (ldb.Dn(samdb, "%s" % str(dnsforestdn)), get_dns_partition_descriptor)
subcontainers.append(c)
c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsforestdn)),
get_deletedobjects_descriptor)
subcontainers.append(c)
c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsforestdn)),
get_domain_delete_protected1_descriptor)
subcontainers.append(c)
@@ -544,6 +549,9 @@ def get_wellknown_sds(samdb):
if ldb.Dn(samdb, nc.decode('utf8')) == dnsdomaindn:
c = (ldb.Dn(samdb, "%s" % str(dnsdomaindn)), get_dns_partition_descriptor)
subcontainers.append(c)
c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsdomaindn)),
get_deletedobjects_descriptor)
subcontainers.append(c)
c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsdomaindn)),
get_domain_delete_protected1_descriptor)
subcontainers.append(c)
@@ -636,7 +644,8 @@ def get_clean_sd(sd):
return sd_clean
def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
def get_diff_sds(refsd, cursd, domainsid, checkSacl=True,
ignoreAdditionalACEs=False):
"""Get the difference between 2 sd
This function split the textual representation of ACL into smaller
@@ -691,6 +700,10 @@ def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
h_ref.remove(k)
if len(h_cur) + len(h_ref) > 0:
if txt == "" and len(h_ref) == 0:
if ignoreAdditionalACEs:
return ""
txt = "%s\tPart %s is different between reference" \
" and current here is the detail:\n" % (txt, part)