File _service:tar_scm_kernel_repo:backport-0005-CVE-... of Package samba

File _service:tar_scm_kernel_repo:backport-0005-CVE-2018-14628.patch of Package samba

From 83dbd0c922640bb1ac244d2855c00d6984625963 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 7 Jun 2023 18:18:58 +0200
Subject: [PATCH 5/6] CVE-2018-14628: dbchecker: use
 get_deletedobjects_descriptor for missing deleted objects container

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 70586061128f90afa33f25e104d4570a1cf778db)

Conflict: context adapt
Reference: https://attachments.samba.org/attachment.cgi?id=18168
[PATCH 5/6] CVE-2018-14628: dbchecker: use
---
 python/samba/dbchecker.py | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 449b0a7d985c..e124b1a0d671 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -20,7 +20,7 @@
 import ldb
 import samba
 import time
-from base64 import b64decode
+from base64 import b64decode, b64encode
 from samba import dsdb
 from samba import common
 from samba.dcerpc import misc
@@ -29,7 +29,11 @@ from samba.ndr import ndr_unpack, ndr_pack
 from samba.dcerpc import drsblobs
 from samba.common import dsdb_Dn
 from samba.dcerpc import security
-from samba.descriptor import get_wellknown_sds, get_diff_sds
+from samba.descriptor import (
+        get_wellknown_sds,
+        get_deletedobjects_descriptor,
+        get_diff_sds
+)
 from samba.auth import system_session, admin_session
 from samba.netcmd import CommandError
 from samba.netcmd.fsmo import get_fsmo_roleowner
@@ -341,6 +345,12 @@ class dbcheck(object):
                 listwko.append('%s:%s' % (wko_prefix, dn))
                 guid_suffix = ""
 
+
+            domain_sid = security.dom_sid(self.samdb.get_domain_sid())
+            sec_desc = get_deletedobjects_descriptor(domain_sid,
+                                                     name_map=self.name_map)
+            sec_desc_b64 = b64encode(sec_desc).decode('utf8')
+
             # Insert a brand new Deleted Objects container
             self.samdb.add_ldif("""dn: %s
 objectClass: top
@@ -349,7 +359,8 @@ description: Container for deleted objects
 isDeleted: TRUE
 isCriticalSystemObject: TRUE
 showInAdvancedViewOnly: TRUE
-systemFlags: -1946157056%s""" % (dn, guid_suffix),
+nTSecurityDescriptor:: %s
+systemFlags: -1946157056%s""" % (dn, sec_desc_b64, guid_suffix),
                                 controls=["relax:0", "provision:0"])
 
             delta = ldb.Message()
-- 
2.34.1