blob: d92ad41df1ef9cce5669cc1e4879df9b27ee4fd7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
From e884fc791e59bd6ebd41b4a2ab7c9d7dc45415f4 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 29 Jan 2016 23:30:59 +0100
Subject: [PATCH] CVE-2018-14628: python:descriptor: add
get_deletedobjects_descriptor()
samba-tool drs clone-dc-database was quite useful to find
the true value of nTSecurityDescriptor of the CN=Delete Objects
containers.
Only the auto inherited SACL is available via a ldap search.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3be190dcf7153e479383f7f3d29ddca43fe121b8)
CVE: CVE-2018-14628
Upstream-Status: Backport
[https://github.com/samba-team/samba/commit/e884fc791e59bd6ebd41b4a2ab7c9d7dc45415f4]
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
python/samba/descriptor.py | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
index 08cfab0..0141f38 100644
--- a/python/samba/descriptor.py
+++ b/python/samba/descriptor.py
@@ -52,6 +52,16 @@ def get_empty_descriptor(domain_sid, name_map={}):
# "get_schema_descriptor" is located in "schema.py"
+def get_deletedobjects_descriptor(domain_sid, name_map=None):
+ if name_map is None:
+ name_map = {}
+
+ sddl = "O:SYG:SYD:PAI" \
+ "(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)" \
+ "(A;;RPLC;;;BA)"
+ return sddl2binary(sddl, domain_sid, name_map)
+
+
def get_config_descriptor(domain_sid, name_map={}):
sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
"(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
--
2.40.0
|
