The Samba-Bugzilla – Attachment 6981 Details for
Bug 8509
Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.1.
0001-Fix-bug-8509-Read-only-handles-on-SAMR-allow-SAMR_DO.patch (text/plain), 2.43 KB, created by
Jeremy Allison
on 2011-10-07 22:05:06 UTC
(
hide
)
Description:
git-am fix for 3.6.1.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-10-07 22:05:06 UTC
Size:
2.43 KB
patch
obsolete
>From 3a7907971a719eec9dad241dbe951b7db01dd4b9 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Fri, 7 Oct 2011 11:09:44 -0700 >Subject: [PATCH] Fix bug #8509 - Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER. > >Not a security issue as we also check inside _samr_CreateUser2. >Thanks to Andreas Schneider <asn@samba.org> for finding and testing this. > >Autobuild-User: Jeremy Allison <jra@samba.org> >Autobuild-Date: Fri Oct 7 21:51:27 CEST 2011 on sn-devel-104 >(cherry picked from commit c80ba57169cee2ec66e8afe3616956c17958a3ae) >--- > source3/rpc_server/srv_access_check.c | 11 ++++++++--- > 1 files changed, 8 insertions(+), 3 deletions(-) > >diff --git a/source3/rpc_server/srv_access_check.c b/source3/rpc_server/srv_access_check.c >index 12d9024..4e74b04 100644 >--- a/source3/rpc_server/srv_access_check.c >+++ b/source3/rpc_server/srv_access_check.c >@@ -52,6 +52,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t > { > NTSTATUS status = NT_STATUS_ACCESS_DENIED; > uint32 saved_mask = 0; >+ bool priv_granted = false; > > /* check privileges; certain SAM access bits should be overridden > by privileges (mostly having to do with creating/modifying/deleting >@@ -59,6 +60,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t > > if ((needed_priv_1 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_1)) || > (needed_priv_2 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_2))) { >+ priv_granted = true; > saved_mask = (des_access & rights_mask); > des_access &= ~saved_mask; > >@@ -81,6 +83,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t > DEBUG(4,("%s: ACCESS should be DENIED (requested: %#010x)\n", debug, des_access)); > DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n")); > >+ priv_granted = true; > *acc_granted = des_access; > > status = NT_STATUS_OK; >@@ -89,10 +92,12 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t > > > done: >- /* add in any bits saved during the privilege check (only >- matters is status is ok) */ >+ if (priv_granted) { >+ /* add in any bits saved during the privilege check (only >+ matters if status is ok) */ > >- *acc_granted |= rights_mask; >+ *acc_granted |= rights_mask; >+ } > > DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n", > debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED", >-- >1.7.3.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6981">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 8509
:
6975
|
6976
| 6981