packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:ebcb666fdeefbc5e657e27e924a138b300fdaa4e
Branches Tags
packages:main
...
compare: packages:bf39de164e70962a88148637086c59a5fed6986c
Branches Tags
packages:main

10 Commits
ebcb666fde ... bf39de164e

Author SHA1 Message Date
openeuler-ci-bot
bf39de164e
!273 fix winbindd coredump 
From: @tjwangxm 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
 2025-04-03 01:46:40 +00:00
wangxiaomeng
f8aab27987 fix winbind coredump 2025-03-31 17:54:46 +08:00
openeuler-ci-bot
f81fef9c31
!248 speeds up the creation of source rpm 
From: @xinghe_1 
Reviewed-by: @gebidelidaye 
Signed-off-by: @gebidelidaye
 2024-01-20 07:30:45 +00:00
xinghe
7e14783a3c speeds up the creation of source rpm 2024-01-19 09:39:55 +00:00
openeuler-ci-bot
1fcddddf76
!237 remove sensitive info 
From: @xinghe_1 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
 2024-01-16 06:10:47 +00:00
xinghe
49aca20f91 remove sensitive info 2024-01-16 02:59:35 +00:00
openeuler-ci-bot
ec98e70ea8
!228 fix CVE-2018-14628 
From: @xinghe_1 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
 2023-12-29 07:39:20 +00:00
xh
e21bd1ec7f fix CVE-2018-14628 2023-12-28 16:29:19 +08:00
openeuler-ci-bot
961619dd60
!223 ensure upgrade normal 
From: @xinghe_1 
Reviewed-by: @sunsuwan 
Signed-off-by: @sunsuwan
 2023-10-20 08:10:13 +00:00
xh
46970a6f8c ensure upgrade normal 2023-10-19 15:24:03 +08:00
10 changed files with 883 additions and 1 deletions
Show Stats Expand all files Collapse all files

48
backport-0001-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,48 @@
From 890cf42b13b0debea20751a230dd45363523944a Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 29 Jan 2016 23:30:59 +0100
Subject: [PATCH 1/6] CVE-2018-14628: python:descriptor: add
get_deletedobjects_descriptor()
samba-tool drs clone-dc-database was quite useful to find
the true value of nTSecurityDescriptor of the CN=Delete Objects
containers.
Only the auto inherited SACL is available via a ldap search.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3be190dcf7153e479383f7f3d29ddca43fe121b8)
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 1/6] CVE-2018-14628: python:descriptor: add
---
python/samba/descriptor.py | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
index ac4c7e3273de..08c7518f56ab 100644
--- a/python/samba/descriptor.py
+++ b/python/samba/descriptor.py
@@ -52,6 +52,16 @@ def get_empty_descriptor(domain_sid, name_map={}):
# "get_schema_descriptor" is located in "schema.py"
+def get_deletedobjects_descriptor(domain_sid, name_map=None):
+ if name_map is None:
+ name_map = {}
+
+ sddl = "O:SYG:SYD:PAI" \
+ "(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)" \
+ "(A;;RPLC;;;BA)"
+ return sddl2binary(sddl, domain_sid, name_map)
+
+
def get_config_descriptor(domain_sid, name_map={}):
sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
"(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
--
2.34.1

96
backport-0002-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,96 @@
From 2ee9129c6fe36cb0e363677dee43a2940aa81810 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 29 Jan 2016 23:33:37 +0100
Subject: [PATCH 2/6] CVE-2018-14628: python:provision: make
DELETEDOBJECTS_DESCRIPTOR available in the ldif files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0c329a0fda37d87ed737e4b579b6d04ec907604c)
Conflict: context adapt
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 2/6] CVE-2018-14628: python:provision: make
---
python/samba/provision/__init__.py | 5 +++++
python/samba/provision/sambadns.py | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 2ffaf9f..1880890 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -82,6 +82,7 @@ from samba.provision.backend import (
OpenLDAPBackend,
)
from samba.descriptor import (
+ get_deletedobjects_descriptor,
get_empty_descriptor,
get_config_descriptor,
get_config_partitions_descriptor,
@@ -1475,6 +1476,8 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
msg["subRefs"] = ldb.MessageElement(names.configdn, ldb.FLAG_MOD_ADD,
"subRefs")
+ deletedobjects_descr = b64encode(get_deletedobjects_descriptor(names.domainsid)).decode('utf8')
+
samdb.invocation_id = invocationid
# If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
@@ -1506,6 +1509,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
"FOREST_FUNCTIONALITY": str(forestFunctionality),
"DOMAIN_FUNCTIONALITY": str(domainFunctionality),
"NTDSQUOTAS_DESCRIPTOR": ntdsquotas_descr,
+ "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
"LOSTANDFOUND_DESCRIPTOR": protected1wd_descr,
"SERVICES_DESCRIPTOR": protected1_descr,
"PHYSICALLOCATIONS_DESCRIPTOR": protected1wd_descr,
@@ -1570,6 +1574,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
"RIDAVAILABLESTART": str(next_rid + 600),
"POLICYGUID_DC": policyguid_dc,
"INFRASTRUCTURE_DESCRIPTOR": infrastructure_desc,
+ "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
"LOSTANDFOUND_DESCRIPTOR": lostandfound_desc,
"SYSTEM_DESCRIPTOR": system_desc,
"BUILTIN_DESCRIPTOR": builtin_desc,
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index 239c99f..608db52 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -41,6 +41,7 @@ from samba.dsdb import (
DS_DOMAIN_FUNCTION_2016
)
from samba.descriptor import (
+ get_deletedobjects_descriptor,
get_domain_descriptor,
get_domain_delete_protected1_descriptor,
get_domain_delete_protected2_descriptor,
@@ -245,6 +246,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
descriptor = get_dns_partition_descriptor(domainsid)
+ deletedobjects_desc = get_deletedobjects_descriptor(domainsid)
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
"ZONE_DN": domainzone_dn,
@@ -268,6 +270,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
"ZONE_DNS": domainzone_dns,
"CONFIGDN": configdn,
"SERVERDN": serverdn,
+ "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8'),
"LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
"INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
})
@@ -288,6 +291,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
"ZONE_DNS": forestzone_dns,
"CONFIGDN": configdn,
"SERVERDN": serverdn,
+ "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8'),
"LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
"INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
})
--
2.27.0

71
backport-0003-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,71 @@
From 96d787c0a5182c24ea51591342b37eb041798afb Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 29 Jan 2016 23:34:15 +0100
Subject: [PATCH 3/6] CVE-2018-14628: s4:setup: set the correct
nTSecurityDescriptor on the CN=Deleted Objects container
This revealed a bug in our dirsync code, so we mark
test_search_with_dirsync_deleted_objects as knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7f8b15faa76d05023c987fac2c4c31f9ac61bb47)
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 3/6] CVE-2018-14628: s4:setup: set the correct
---
selftest/knownfail.d/samba4.ldap.confidential_attr | 1 +
source4/setup/provision.ldif | 1 +
source4/setup/provision_configuration.ldif | 1 +
source4/setup/provision_dnszones_add.ldif | 1 +
4 files changed, 4 insertions(+)
create mode 100644 selftest/knownfail.d/samba4.ldap.confidential_attr
diff --git a/selftest/knownfail.d/samba4.ldap.confidential_attr b/selftest/knownfail.d/samba4.ldap.confidential_attr
new file mode 100644
index 000000000000..46a75ce928b0
--- /dev/null
+++ b/selftest/knownfail.d/samba4.ldap.confidential_attr
@@ -0,0 +1 @@
+^samba4.ldap.confidential_attr.python.*.__main__.*.test_search_with_dirsync_deleted_objects
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 5d9eba49f86f..7f966fd57f81 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -34,6 +34,7 @@ isDeleted: TRUE
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: TRUE
systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
# Computers located in "provision_computers*.ldif"
# Users/Groups located in "provision_users*.ldif"
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index 53c9c8536de4..8fcbddbdae48 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -14,6 +14,7 @@ description: Container for deleted objects
isDeleted: TRUE
isCriticalSystemObject: TRUE
systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
# Extended rights
diff --git a/source4/setup/provision_dnszones_add.ldif b/source4/setup/provision_dnszones_add.ldif
index 860aa4b72b30..a2d6b6bab8f2 100644
--- a/source4/setup/provision_dnszones_add.ldif
+++ b/source4/setup/provision_dnszones_add.ldif
@@ -8,6 +8,7 @@ description: Deleted objects
isDeleted: TRUE
isCriticalSystemObject: TRUE
systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
dn: CN=LostAndFound,${ZONE_DN}
objectClass: top
--
2.34.1

104
backport-0004-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,104 @@
From a561ec6ebc3676a9f785ddd8d916e1e220a25e35 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 26 Jun 2023 15:14:24 +0200
Subject: [PATCH 4/6] CVE-2018-14628: s4:dsdb: remove unused code in
dirsync_filter_entry()
This makes the next change easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 498542be0bbf4f26558573c1f87b77b8e3509371)
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 4/6] CVE-2018-14628: s4:dsdb: remove unused code in
---
source4/dsdb/samdb/ldb_modules/dirsync.c | 53 +++---------------------
1 file changed, 5 insertions(+), 48 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c b/source4/dsdb/samdb/ldb_modules/dirsync.c
index fbb75790095b..124cff25e397 100644
--- a/source4/dsdb/samdb/ldb_modules/dirsync.c
+++ b/source4/dsdb/samdb/ldb_modules/dirsync.c
@@ -151,10 +151,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
* list only the attribute that have been modified since last interogation
*
*/
- newmsg = ldb_msg_new(dsc->req);
- if (newmsg == NULL) {
- return ldb_oom(ldb);
- }
for (i = msg->num_elements - 1; i >= 0; i--) {
if (ldb_attr_cmp(msg->elements[i].name, "uSNChanged") == 0) {
int error = 0;
@@ -201,11 +197,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
*/
return LDB_SUCCESS;
}
- newmsg->dn = ldb_dn_new(newmsg, ldb, "");
- if (newmsg->dn == NULL) {
- return ldb_oom(ldb);
- }
-
el = ldb_msg_find_element(msg, "objectGUID");
if ( el != NULL) {
guidfound = true;
@@ -216,48 +207,14 @@ static int dirsync_filter_entry(struct ldb_request *req,
* well will uncomment the code bellow
*/
SMB_ASSERT(guidfound == true);
- /*
- if (guidfound == false) {
- struct GUID guid;
- struct ldb_val *new_val;
- DATA_BLOB guid_blob;
-
- tmp[0] = '\0';
- txt = strrchr(txt, ':');
- if (txt == NULL) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
- txt++;
-
- status = GUID_from_string(txt, &guid);
- if (!NT_STATUS_IS_OK(status)) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
-
- status = GUID_to_ndr_blob(&guid, msg, &guid_blob);
- if (!NT_STATUS_IS_OK(status)) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
-
- new_val = talloc(msg, struct ldb_val);
- if (new_val == NULL) {
- return ldb_oom(ldb);
- }
- new_val->data = talloc_steal(new_val, guid_blob.data);
- new_val->length = guid_blob.length;
- if (ldb_msg_add_value(msg, "objectGUID", new_val, NULL) != 0) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
- }
- */
- ldb_msg_add(newmsg, el, LDB_FLAG_MOD_ADD);
- talloc_steal(newmsg->elements, el->name);
- talloc_steal(newmsg->elements, el->values);
-
- talloc_steal(newmsg->elements, msg);
return ldb_module_send_entry(dsc->req, msg, controls);
}
+ newmsg = ldb_msg_new(dsc->req);
+ if (newmsg == NULL) {
+ return ldb_oom(ldb);
+ }
+
ndr_err = ndr_pull_struct_blob(replMetaData, dsc, &rmd,
(ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
--
2.34.1

70
backport-0005-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,70 @@
From 83dbd0c922640bb1ac244d2855c00d6984625963 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 7 Jun 2023 18:18:58 +0200
Subject: [PATCH 5/6] CVE-2018-14628: dbchecker: use
get_deletedobjects_descriptor for missing deleted objects container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 70586061128f90afa33f25e104d4570a1cf778db)
Conflict: context adapt
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 5/6] CVE-2018-14628: dbchecker: use
---
python/samba/dbchecker.py | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 449b0a7d985c..e124b1a0d671 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -20,7 +20,7 @@
import ldb
import samba
import time
-from base64 import b64decode
+from base64 import b64decode, b64encode
from samba import dsdb
from samba import common
from samba.dcerpc import misc
@@ -29,7 +29,11 @@ from samba.ndr import ndr_unpack, ndr_pack
from samba.dcerpc import drsblobs
from samba.common import dsdb_Dn
from samba.dcerpc import security
-from samba.descriptor import get_wellknown_sds, get_diff_sds
+from samba.descriptor import (
+ get_wellknown_sds,
+ get_deletedobjects_descriptor,
+ get_diff_sds
+)
from samba.auth import system_session, admin_session
from samba.netcmd import CommandError
from samba.netcmd.fsmo import get_fsmo_roleowner
@@ -341,6 +345,12 @@ class dbcheck(object):
listwko.append('%s:%s' % (wko_prefix, dn))
guid_suffix = ""
+
+ domain_sid = security.dom_sid(self.samdb.get_domain_sid())
+ sec_desc = get_deletedobjects_descriptor(domain_sid,
+ name_map=self.name_map)
+ sec_desc_b64 = b64encode(sec_desc).decode('utf8')
+
# Insert a brand new Deleted Objects container
self.samdb.add_ldif("""dn: %s
objectClass: top
@@ -349,7 +359,8 @@ description: Container for deleted objects
isDeleted: TRUE
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: TRUE
-systemFlags: -1946157056%s""" % (dn, guid_suffix),
+nTSecurityDescriptor:: %s
+systemFlags: -1946157056%s""" % (dn, sec_desc_b64, guid_suffix),
controls=["relax:0", "provision:0"])
delta = ldb.Message()
--
2.34.1

146
backport-0006-CVE-2018-14628.patch Normal file
View File

@ -0,0 +1,146 @@
From c0c380a017eb465b41105d1ea84da92c8edfe8e3 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 29 Jan 2016 23:35:31 +0100
Subject: [PATCH 6/6] CVE-2018-14628: python:descriptor: let samba-tool dbcheck
fix the nTSecurityDescriptor on CN=Deleted Objects containers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566)
Conflict: context adapt for testprogs/blackbox/dbcheck-links.sh
remove source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-missing-link-sid-corruption.txt
remove source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-dbcheck.ldif
remove source4/selftest/provisions/release-4-5-0-pre1/rootdse-version.final.txt
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 6/6] CVE-2018-14628: python:descriptor: let samba-tool dbcheck
---
python/samba/dbchecker.py | 10 ++++++++--
python/samba/descriptor.py | 15 ++++++++++++++-
testprogs/blackbox/dbcheck-links.sh | 12 ++++++++++++
3 files changed, 34 insertions(+), 3 deletions(-)
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 074e7d8..128aecf 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -2401,7 +2401,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
error_count += 1
continue
- if self.reset_well_known_acls:
+ if dn == deleted_objects_dn or self.reset_well_known_acls:
try:
well_known_sd = self.get_wellknown_sd(dn)
except KeyError:
@@ -2410,7 +2410,13 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
current_sd = ndr_unpack(security.descriptor,
obj[attrname][0])
- diff = get_diff_sds(well_known_sd, current_sd, security.dom_sid(self.samdb.get_domain_sid()))
+ ignoreAdditionalACEs = False
+ if not self.reset_well_known_acls:
+ ignoreAdditionalACEs = True
+
+ diff = get_diff_sds(well_known_sd, current_sd,
+ security.dom_sid(self.samdb.get_domain_sid()),
+ ignoreAdditionalACEs=ignoreAdditionalACEs)
if diff != "":
self.err_wrong_default_sd(dn, well_known_sd, current_sd, diff)
error_count += 1
diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
index ebdd920..0141f38 100644
--- a/python/samba/descriptor.py
+++ b/python/samba/descriptor.py
@@ -417,6 +417,7 @@ def get_wellknown_sds(samdb):
# Then subcontainers
subcontainers = [
(ldb.Dn(samdb, "%s" % str(samdb.domain_dn())), get_domain_descriptor),
+ (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.domain_dn())), get_deletedobjects_descriptor),
(ldb.Dn(samdb, "CN=LostAndFound,%s" % str(samdb.domain_dn())), get_domain_delete_protected2_descriptor),
(ldb.Dn(samdb, "CN=System,%s" % str(samdb.domain_dn())), get_domain_delete_protected1_descriptor),
(ldb.Dn(samdb, "CN=Infrastructure,%s" % str(samdb.domain_dn())), get_domain_infrastructure_descriptor),
@@ -427,6 +428,7 @@ def get_wellknown_sds(samdb):
(ldb.Dn(samdb, "CN=MicrosoftDNS,CN=System,%s" % str(samdb.domain_dn())), get_dns_domain_microsoft_dns_descriptor),
(ldb.Dn(samdb, "%s" % str(samdb.get_config_basedn())), get_config_descriptor),
+ (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.get_config_basedn())), get_deletedobjects_descriptor),
(ldb.Dn(samdb, "CN=NTDS Quotas,%s" % str(samdb.get_config_basedn())), get_config_ntds_quotas_descriptor),
(ldb.Dn(samdb, "CN=LostAndFoundConfig,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1wd_descriptor),
(ldb.Dn(samdb, "CN=Services,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1_descriptor),
@@ -451,6 +453,9 @@ def get_wellknown_sds(samdb):
if ldb.Dn(samdb, nc.decode('utf8')) == dnsforestdn:
c = (ldb.Dn(samdb, "%s" % str(dnsforestdn)), get_dns_partition_descriptor)
subcontainers.append(c)
+ c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsforestdn)),
+ get_deletedobjects_descriptor)
+ subcontainers.append(c)
c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsforestdn)),
get_domain_delete_protected1_descriptor)
subcontainers.append(c)
@@ -466,6 +471,9 @@ def get_wellknown_sds(samdb):
if ldb.Dn(samdb, nc.decode('utf8')) == dnsdomaindn:
c = (ldb.Dn(samdb, "%s" % str(dnsdomaindn)), get_dns_partition_descriptor)
subcontainers.append(c)
+ c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsdomaindn)),
+ get_deletedobjects_descriptor)
+ subcontainers.append(c)
c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsdomaindn)),
get_domain_delete_protected1_descriptor)
subcontainers.append(c)
@@ -558,7 +566,8 @@ def get_clean_sd(sd):
return sd_clean
-def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
+def get_diff_sds(refsd, cursd, domainsid, checkSacl=True,
+ ignoreAdditionalACEs=False):
"""Get the difference between 2 sd
This function split the textual representation of ACL into smaller
@@ -613,6 +622,10 @@ def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
h_ref.remove(k)
if len(h_cur) + len(h_ref) > 0:
+ if txt == "" and len(h_ref) == 0:
+ if ignoreAdditionalACEs:
+ return ""
+
txt = "%s\tPart %s is different between reference" \
" and current here is the detail:\n" % (txt, part)
diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh
index d9d80d4..a9f8e46 100755
--- a/testprogs/blackbox/dbcheck-links.sh
+++ b/testprogs/blackbox/dbcheck-links.sh
@@ -41,6 +41,16 @@ dbcheck() {
fi
}
+dbcheck_acl_reset()
+{
+ $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --fix --yes --attrs=nTSecurityDescriptor
+}
+
+dbcheck_acl_clean()
+{
+ $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --attrs=nTSecurityDescriptor
+}
+
dbcheck_dangling() {
dbcheck "" "1" "--selftest-check-expired-tombstones"
return $?
@@ -734,6 +744,8 @@ dangling_multi_valued_check_equal_or_too_many() {
if [ -d $release_dir ]; then
testit $RELEASE undump
+ testit_expect_failure "dbcheck_acl_reset" dbcheck_acl_reset
+ testit "dbcheck_acl_clean" dbcheck_acl_clean
testit "add_two_more_users" add_two_more_users
testit "add_four_more_links" add_four_more_links
testit "remove_one_link" remove_one_link
--
2.27.0

41
backport-wb_sids2xids-build-state-idmap_doms-based-on-wb_parent_idmap_config.patch Normal file
View File

@ -0,0 +1,41 @@
From c55f4f37589130a0d8952489da175bbcf53f6748 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 10 Sep 2020 17:13:14 +0200
Subject: [PATCH] wb_sids2xids: build state->idmap_doms based on
wb_parent_idmap_config
In future we'll try to avoid wb_lookupsids_send() and only call
it if needed.
The domain name passed should be only relevant to find the correct
idmap backend, and these should all be available in
wb_parent_idmap_config as it was created before the idmap child was forked.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: wangxiaomeng <wangxiaomeng@kylinos.cn>
Subject: [PATCH] fix winbind coredump
---
source3/winbindd/wb_sids2xids.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c
index 29fb1cd..40c0235 100644
--- a/source3/winbindd/wb_sids2xids.c
+++ b/source3/winbindd/wb_sids2xids.c
@@ -157,7 +157,7 @@ static void wb_sids2xids_idmap_setup_done(struct tevent_req *subreq)
* with non cached entries
*/
for (i=0; i<state->num_sids; i++) {
- struct wbint_TransID *t = &state->ids.ids[i];
+ struct wbint_TransID *t = &state->all_ids.ids[i];
struct dom_sid domain_sid;
const char *domain_name = NULL;
int domain_index;
--
2.33.0

122
backport-wb_sids2xids-maintain-struct-wbint_TransIDArray-all_ids-as-cache.patch Normal file
View File

@ -0,0 +1,122 @@
From 04956350a5725325954b2caba662ecd6dace7829 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 10 Sep 2020 16:45:03 +0200
Subject: [PATCH] wb_sids2xids: maintain struct wbint_TransIDArray all_ids as
cache
Entries with domain_index == UINT32_MAX are valid cache entries.
In the following commits we'll fill in missing entries step by step
until all entries are marked as filled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
---
source3/winbindd/wb_sids2xids.c | 49 ++++++++++++++++++++++++++++-----
1 file changed, 42 insertions(+), 7 deletions(-)
diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c
index 725fd857ef5d..770a7f0d8b00 100644
--- a/source3/winbindd/wb_sids2xids.c
+++ b/source3/winbindd/wb_sids2xids.c
@@ -34,7 +34,7 @@ struct wb_sids2xids_state {
struct dom_sid *sids;
uint32_t num_sids;
- struct id_map *cached;
+ struct wbint_TransIDArray all_ids;
struct dom_sid *non_cached;
uint32_t num_non_cached;
@@ -75,6 +75,7 @@ struct tevent_req *wb_sids2xids_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req, *subreq;
struct wb_sids2xids_state *state;
uint32_t i;
+ uint32_t num_valid = 0;
req = tevent_req_create(mem_ctx, &state,
struct wb_sids2xids_state);
@@ -95,8 +96,9 @@ struct tevent_req *wb_sids2xids_send(TALLOC_CTX *mem_ctx,
sid_copy(&state->sids[i], &sids[i]);
}
- state->cached = talloc_zero_array(state, struct id_map, num_sids);
- if (tevent_req_nomem(state->cached, req)) {
+ state->all_ids.num_ids = num_sids;
+ state->all_ids.ids = talloc_zero_array(state, struct wbint_TransID, num_sids);
+ if (tevent_req_nomem(state->all_ids.ids, req)) {
return tevent_req_post(req, ev);
}
@@ -111,20 +113,53 @@ struct tevent_req *wb_sids2xids_send(TALLOC_CTX *mem_ctx,
* the same index.
*/
for (i=0; i<state->num_sids; i++) {
+ struct wbint_TransID *cur_id = &state->all_ids.ids[i];
+ struct dom_sid domain_sid;
struct dom_sid_buf buf;
+ struct id_map map = { .status = ID_UNMAPPED, };
+ uint32_t rid = 0;
+ bool in_cache;
+
+ sid_copy(&domain_sid, &state->sids[i]);
+ sid_split_rid(&domain_sid, &rid);
+
+ /*
+ * Start with an invalid entry.
+ */
+ *cur_id = (struct wbint_TransID) {
+ .type = ID_TYPE_NOT_SPECIFIED,
+ .domain_index = UINT32_MAX - 1, /* invalid */
+ .rid = rid,
+ .xid = {
+ .id = UINT32_MAX,
+ .type = ID_TYPE_NOT_SPECIFIED,
+ },
+ };
DEBUG(10, ("SID %d: %s\n", (int)i,
dom_sid_str_buf(&state->sids[i], &buf)));
- if (wb_sids2xids_in_cache(&state->sids[i], &state->cached[i])) {
+ in_cache = wb_sids2xids_in_cache(&state->sids[i], &map);
+ if (in_cache) {
+ /*
+ * We used to ignore map.status and just rely
+ * on map.xid.type.
+ *
+ * Lets keep this logic for now...
+ */
+
+ cur_id->xid = map.xid;
+ cur_id->domain_index = UINT32_MAX; /* this marks it as filled entry */
+ num_valid += 1;
continue;
}
+
sid_copy(&state->non_cached[state->num_non_cached],
&state->sids[i]);
state->num_non_cached += 1;
}
- if (state->num_non_cached == 0) {
+ if (num_valid == num_sids) {
tevent_req_done(req);
return tevent_req_post(req, ev);
}
@@ -453,8 +488,8 @@ NTSTATUS wb_sids2xids_recv(struct tevent_req *req,
xid.id = UINT32_MAX;
- if (state->cached[i].sid != NULL) {
- xid = state->cached[i].xid;
+ if (state->all_ids.ids[i].domain_index == UINT32_MAX) {
+ xid = state->all_ids.ids[i].xid;
} else {
xid = state->ids.ids[num_non_cached].xid;
--
GitLab

144
remove-sensitive-info.patch Normal file
View File

@ -0,0 +1,144 @@
From 54e951d6795bad1f0451ea2e03403e791df3856a Mon Sep 17 00:00:00 2001
From: zhouyihang <zhouyihang3@huawei.com>
Date: Fri, 25 Dec 2020 00:11:23 +0800
Subject: [PATCH] remove sensitive info
Conflict: NA
Reference: NA
---
source3/lib/netapi/examples/share/share_enum.c | 1 -
source3/lib/netapi/examples/share/share_getinfo.c | 1 -
source3/lib/netapi/examples/user/user_getinfo.c | 3 ---
source3/rpcclient/cmd_lsarpc.c | 3 ---
source3/rpcclient/cmd_srvsvc.c | 2 --
source3/utils/net_rpc.c | 1 -
source4/scripting/bin/samba3dump | 2 --
source4/torture/shell.c | 1 -
8 files changed, 14 deletions(-)
diff --git a/source3/lib/netapi/examples/share/share_enum.c b/source3/lib/netapi/examples/share/share_enum.c
index b1f4043..ee69d60 100644
--- a/source3/lib/netapi/examples/share/share_enum.c
+++ b/source3/lib/netapi/examples/share/share_enum.c
@@ -118,7 +118,6 @@ int main(int argc, const char **argv)
printf("#%d max users: %d\n", i, i2->shi2_max_uses);
printf("#%d current users: %d\n", i, i2->shi2_current_uses);
printf("#%d path: %s\n", i, i2->shi2_path);
- printf("#%d password: %s\n", i, i2->shi2_passwd);
i2++;
break;
default:
diff --git a/source3/lib/netapi/examples/share/share_getinfo.c b/source3/lib/netapi/examples/share/share_getinfo.c
index 479da5c..3ef7825 100644
--- a/source3/lib/netapi/examples/share/share_getinfo.c
+++ b/source3/lib/netapi/examples/share/share_getinfo.c
@@ -128,7 +128,6 @@ int main(int argc, const char **argv)
printf("max users: %d\n", i2->shi2_max_uses);
printf("current users: %d\n", i2->shi2_current_uses);
printf("path: %s\n", i2->shi2_path);
- printf("password: %s\n", i2->shi2_passwd);
break;
case 501:
printf("netname: %s\n", i501->shi501_netname);
diff --git a/source3/lib/netapi/examples/user/user_getinfo.c b/source3/lib/netapi/examples/user/user_getinfo.c
index 9e95260..154aa7d 100644
--- a/source3/lib/netapi/examples/user/user_getinfo.c
+++ b/source3/lib/netapi/examples/user/user_getinfo.c
@@ -104,7 +104,6 @@ int main(int argc, const char **argv)
case 1:
u1 = (struct USER_INFO_1 *)buffer;
printf("name: %s\n", u1->usri1_name);
- printf("password: %s\n", u1->usri1_password);
printf("password_age: %d\n", u1->usri1_password_age);
printf("priv: %d\n", u1->usri1_priv);
printf("homedir: %s\n", u1->usri1_home_dir);
@@ -115,7 +114,6 @@ int main(int argc, const char **argv)
case 2:
u2 = (struct USER_INFO_2 *)buffer;
printf("name: %s\n", u2->usri2_name);
- printf("password: %s\n", u2->usri2_password);
printf("password_age: %d\n", u2->usri2_password_age);
printf("priv: %d\n", u2->usri2_priv);
printf("homedir: %s\n", u2->usri2_home_dir);
@@ -187,7 +185,6 @@ int main(int argc, const char **argv)
case 4:
u4 = (struct USER_INFO_4 *)buffer;
printf("name: %s\n", u4->usri4_name);
- printf("password: %s\n", u4->usri4_password);
printf("password_age: %d\n", u4->usri4_password_age);
printf("priv: %d\n", u4->usri4_priv);
printf("homedir: %s\n", u4->usri4_home_dir);
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index abb4543..81baece 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -1289,9 +1289,6 @@ static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p,
pwd = sess_decrypt_string(talloc_tos(), &data, &session_key);
pwd_old = sess_decrypt_string(talloc_tos(), &data_old, &session_key);
- d_printf("Password:\t%s\n", pwd);
- d_printf("Old Password:\t%s\n", pwd_old);
-
talloc_free(pwd);
talloc_free(pwd_old);
}
diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c
index 9c00060..b107741 100644
--- a/source3/rpcclient/cmd_srvsvc.c
+++ b/source3/rpcclient/cmd_srvsvc.c
@@ -233,7 +233,6 @@ static void display_share_info_2(struct srvsvc_NetShareInfo2 *r)
printf("netname: %s\n", r->name);
printf("\tremark:\t%s\n", r->comment);
printf("\tpath:\t%s\n", r->path);
- printf("\tpassword:\t%s\n", r->password);
}
static void display_share_info_502(struct srvsvc_NetShareInfo502 *r)
@@ -241,7 +240,6 @@ static void display_share_info_502(struct srvsvc_NetShareInfo502 *r)
printf("netname: %s\n", r->name);
printf("\tremark:\t%s\n", r->comment);
printf("\tpath:\t%s\n", r->path);
- printf("\tpassword:\t%s\n", r->password);
printf("\ttype:\t0x%x\n", r->type);
printf("\tperms:\t%d\n", r->permissions);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index a56190f..28a1808 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -5582,7 +5582,6 @@ static NTSTATUS rpc_sh_share_info(struct net_context *c,
d_printf(_("Name: %s\n"), info.info2->name);
d_printf(_("Comment: %s\n"), info.info2->comment);
d_printf(_("Path: %s\n"), info.info2->path);
- d_printf(_("Password: %s\n"), info.info2->password);
done:
return werror_to_ntstatus(result);
diff --git a/source4/scripting/bin/samba3dump b/source4/scripting/bin/samba3dump
index 1a5d74f..4b311c2 100755
--- a/source4/scripting/bin/samba3dump
+++ b/source4/scripting/bin/samba3dump
@@ -70,8 +70,6 @@ def print_samba3_secrets(secrets):
print("IPC Credentials:")
if secrets.get_auth_user():
print(" User: %s\n" % secrets.get_auth_user())
- if secrets.get_auth_password():
- print(" Password: %s\n" % secrets.get_auth_password())
if secrets.get_auth_domain():
print(" Domain: %s\n" % secrets.get_auth_domain())
diff --git a/source4/torture/shell.c b/source4/torture/shell.c
index 195149a..f63694a 100644
--- a/source4/torture/shell.c
+++ b/source4/torture/shell.c
@@ -240,7 +240,6 @@ static void shell_auth(const struct shell_command * command,
printf("User Principal: %s\n", principal ? principal : "");
printf("Domain: %s\n", domain ? domain : "");
printf("Realm: %s\n", realm ? realm : "");
- printf("Password: %s\n", password ? password : "");
} else if (argc == 2) {
bool result;
--
2.23.0

42
samba.spec
View File

@ -1,5 +1,6 @@
%bcond_with testsuite
%bcond_without clustering
%{?python3_sitearch: %global python3_sitearch %{python3_sitearch}}
%define talloc_version 2.2.0
%define tdb_version 1.4.2
@ -49,7 +50,7 @@
Name: samba
Version: 4.11.12
Release: 31
Release: 36
Summary: A suite for Linux to interoperate with Windows
License: GPLv3+ and LGPLv3+
@ -348,6 +349,15 @@ Patch6418: backport-CVE-2023-34967.patch
Patch6419: backport-0001-CVE-2023-4091.patch
Patch6420: backport-0002-CVE-2023-4091.patch
Patch6421: backport-CVE-2023-42669.patch
Patch6422: backport-0001-CVE-2018-14628.patch
Patch6423: backport-0002-CVE-2018-14628.patch
Patch6424: backport-0003-CVE-2018-14628.patch
Patch6425: backport-0004-CVE-2018-14628.patch
Patch6426: backport-0005-CVE-2018-14628.patch
Patch6427: backport-0006-CVE-2018-14628.patch
Patch6428: remove-sensitive-info.patch
Patch6429: backport-wb_sids2xids-build-state-idmap_doms-based-on-wb_parent_idmap_config.patch
Patch6430: backport-wb_sids2xids-maintain-struct-wbint_TransIDArray-all_ids-as-cache.patch
BuildRequires: avahi-devel cups-devel dbus-devel docbook-style-xsl e2fsprogs-devel gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
@ -3406,6 +3416,36 @@ fi
%{_mandir}/man*
%changelog
* Fri Mar 14 2025 wangxiaomeng <wangxiaomeng@kylinos.cn> - 4.11.12-36
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix winbindd coredump
* Fri Jan 19 2024 xinghe <xinghe2@h-partners.com> - 4.11.12-35
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:speeds up the creation of source rpm
* Tue Jan 16 2024 xinghe <xinghe2@h-partners.com> - 4.11.12-34
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:remove sensitive info
* Thu Dec 28 2023 xinghe <xinghe2@h-partners.com> - 4.11.12-33
- Type:cves
- CVE:CVE-2018-14628
- SUG:NA
- DESC:fix CVE-2018-14628
* Thu Oct 19 2023 xinghe <xinghe2@h-partners.com> - 4.11.12-32
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:ensure upgrade normal
* Mon Oct 16 2023 yanglu <yanglu72@h-partners.com> - 4.11.12-31
- Type:cves
- CVE:CVE-2023-4091 CVE-2023-42669