Projects
openEuler:20.03:LTS:SP3
samba
_service:tar_scm_kernel_repo:backport-0011-CVE-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-0011-CVE-2022-32743-s4-rpc_server-netlogon-Connect-to-sam.patch of Package samba
From f545142380151a626848dbae9ee746167f3299fa Mon Sep 17 00:00:00 2001 From: Joseph Sutton <josephsutton@catalyst.net.nz> Date: Tue, 7 Jun 2022 17:29:02 +1200 Subject: [PATCH 11/15] CVE-2022-32743 s4:rpc_server/netlogon: Connect to samdb as a user, rather than as system This allows us to perform validation on a client-specified dNSHostName value, to ensure that it matches the sAMAccountName. We might not have any rights to modify the account, so pass the control FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE which allows us to perform a validated write to dNSHostName and servicePrincipalName (and unvalidated writes to other attributes, such as operatingSystem). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> --- selftest/knownfail.d/netlogon-dns-host-name | 17 ++--------------- source4/rpc_server/netlogon/dcerpc_netlogon.c | 5 +++-- 2 files changed, 5 insertions(+), 17 deletions(-) diff --git a/selftest/knownfail.d/netlogon-dns-host-name b/selftest/knownfail.d/netlogon-dns-host-name index 30c157f..3eca0cd 100644 --- a/selftest/knownfail.d/netlogon-dns-host-name +++ b/selftest/knownfail.d/netlogon-dns-host-name @@ -1,15 +1,2 @@ -^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_suffix\( -^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_validated_write\( -^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_write_property\( -^samba4.rpc.netlogon on ncacn_ip_tcp with bigendian.netlogon.GetDomainInfo\( -^samba4.rpc.netlogon on ncacn_ip_tcp with seal,padcheck.netlogon.GetDomainInfo\( -^samba4.rpc.netlogon on ncacn_ip_tcp with validate.netlogon.GetDomainInfo\( -^samba4.rpc.netlogon on ncacn_np with bigendian.netlogon.GetDomainInfo\( -^samba4.rpc.netlogon on ncacn_np with seal,padcheck.netlogon.GetDomainInfo\( -^samba4.rpc.netlogon on ncacn_np with validate.netlogon.GetDomainInfo\( -^samba4.rpc.netlogon on ncalrpc with bigendian.netlogon.GetDomainInfo\( -^samba4.rpc.netlogon on ncalrpc with seal,padcheck.netlogon.GetDomainInfo\( -^samba4.rpc.netlogon on ncalrpc with validate.netlogon.GetDomainInfo\( -^samba4.rpc.netlogon with bigendian.netlogon.GetDomainInfo\( -^samba4.rpc.netlogon with seal,padcheck.netlogon.GetDomainInfo\( -^samba4.rpc.netlogon with validate.netlogon.GetDomainInfo\( +^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_valid\( +^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_valid_denied\( diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index efba013..15cd27b 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -2450,7 +2450,8 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal } NT_STATUS_NOT_OK_RETURN(status); - sam_ctx = dcesrv_samdb_connect_as_system(mem_ctx, dce_call); + /* We want to avoid connecting as system. */ + sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call); if (sam_ctx == NULL) { return NT_STATUS_INVALID_SYSTEM_SERVICE; } @@ -2607,7 +2608,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal } } - if (dsdb_replace(sam_ctx, new_msg, 0) != LDB_SUCCESS) { + if (dsdb_replace(sam_ctx, new_msg, DSDB_FLAG_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE) != LDB_SUCCESS) { DEBUG(3,("Impossible to update samdb: %s\n", ldb_errstring(sam_ctx))); } -- 1.8.3.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.