[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger kseeger at samba.org
Mon Apr 30 12:40:52 MDT 2012 

The branch, v3-6-test has been updated
       via  3882e0a WHATSNEW: Start release notes for 3.6.6.
       via  6e47e4e Bump version number up to 3.6.6.
       via  cd41170 Fix self granting privileges in security=ads.
       via  17fe076 WHATSNEW: Release notes for 3.6.5.
      from  e538c0b s3-docs: Prepend '/' to filename argument (Bug #8826) (cherry picked from commit 6804e46811dd13cfd405f7c48a3dc2bc6501d75c)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 3882e0af43bfcaec1bfa2477d352b7ee3fd9993d
Author: Karolin Seeger <kseeger at samba.org>
Date:   Mon Apr 30 20:38:01 2012 +0200

    WHATSNEW: Start release notes for 3.6.6.
    
    Karolin
    (cherry picked from commit 8ad95d03caced31c0a6d98b729fe98537592a33e)

commit 6e47e4ed69349a2b73ad7ebab7d1c21950dd6307
Author: Karolin Seeger <kseeger at samba.org>
Date:   Mon Apr 30 20:35:24 2012 +0200

    Bump version number up to 3.6.6.
    
    Karolin
    (cherry picked from commit b71b0c64fb1e603cd2881e04f47939332eb30fe4)

commit cd4117056f19b053ec45de5baf5b67007d7d1940
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Apr 17 12:30:15 2012 -0700

    Fix self granting privileges in security=ads.
    
    CVE-2012-2111
    (cherry picked from commit 5bdabda9e2143b1188f52533a4fa3f838b6066c9)

commit 17fe07606a781f0305e2c9c207061186fcf29476
Author: Karolin Seeger <kseeger at samba.org>
Date:   Fri Apr 27 20:23:15 2012 +0200

    WHATSNEW: Release notes for 3.6.5.
    
    Karolin
    (cherry picked from commit 49808d01df79d67bc98f9c993b38c3ed49e892b4)

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt                        |   58 ++++++++++++++++++++++++++++++++---
 source3/VERSION                     |    2 +-
 source3/rpc_server/lsa/srv_lsa_nt.c |   16 +++++++--
 3 files changed, 66 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 02ed8dd..921fee2 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,20 +1,20 @@
                    =============================
-                   Release Notes for Samba 3.6.5
+                   Release Notes for Samba 3.6.6
                           , 2012
                    =============================
 
 
-This is the latest stable release of Samba 3.6.
+This is is the latest stable release of Samba 3.6.
 
-Major enhancements in Samba 3.6.5 include:
+Major enhancements in Samba 3.6.6 include:
 
 o  
 
-Changes since 3.6.4:
+Changes since 3.6.5:
 --------------------
 
 
-o   Stefan Metzmacher <metze at samba.org>
+o   Jeremy Allison <jra at samba.org>
 
 
 ######################################################################
@@ -40,6 +40,54 @@ Release notes for older releases follow:
 ----------------------------------------
 
                    =============================
+                   Release Notes for Samba 3.6.5
+                          April 30, 2012
+                   =============================
+
+
+This is a security release in order to address
+CVE-2012-2111 (Incorrect permission checks when granting/removing
+privileges can compromise file server security).
+
+o  CVE-2012-2111:
+   Samba 3.4.x to 3.6.4 are affected by a
+   vulnerability that allows arbitrary users
+   to modify privileges on a file server.
+
+
+Changes since 3.6.4:
+--------------------
+
+
+o   Jeremy Allison <jra at samba.org>
+    * Fix  incorrect permission checks when granting/removing
+      privileges (CVE-2012-2111).
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.6 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+                   =============================
                    Release Notes for Samba 3.6.4
                           April 10, 2012
                    =============================
diff --git a/source3/VERSION b/source3/VERSION
index 1149f0c..13621f1 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=6
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
 
 ########################################################
 # Bug fix releases use a letter for the patch revision #
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index f8c77ba..a7b55e7 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -2448,6 +2448,10 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
 	uint32_t acc_granted;
 	struct security_descriptor *psd;
 	size_t sd_size;
+	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
+			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
+			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
+			SEC_STD_DELETE));
 
 	/* find the connection policy handle. */
 	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
@@ -2473,7 +2477,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
 
 	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
 				    &lsa_account_mapping,
-				    r->in.sid, LSA_POLICY_ALL_ACCESS);
+				    r->in.sid, owner_access);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -2514,6 +2518,10 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
 	size_t sd_size;
 	uint32_t des_access = r->in.access_mask;
 	uint32_t acc_granted;
+	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
+			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
+			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
+			SEC_STD_DELETE));
 	NTSTATUS status;
 
 	/* find the connection policy handle. */
@@ -2538,7 +2546,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
 	/* get the generic lsa account SD until we store it */
 	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
 				&lsa_account_mapping,
-				r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+				r->in.sid, owner_access);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -2886,7 +2894,7 @@ NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p,
         /* get the generic lsa account SD for this SID until we store it */
         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
                                 &lsa_account_mapping,
-                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+				NULL, 0);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
@@ -2957,7 +2965,7 @@ NTSTATUS _lsa_RemoveAccountRights(struct pipes_struct *p,
         /* get the generic lsa account SD for this SID until we store it */
         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
                                 &lsa_account_mapping,
-                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+				NULL, 0);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }


-- 
Samba Shared Repository

More information about the samba-cvs mailing list