[SCM] Samba Shared Repository - branch v3-5-test updated
Karolin Seeger
kseeger at samba.org
Mon Apr 30 12:49:53 MDT 2012
The branch, v3-5-test has been updated
via d9377cc WHATSNEW: Start release notes for 3.5.16.
via 5c95d26 VERSION: Bump version number up to 3.5.16.
via 3c89d62 Fix self granting privileges in security=ads.
via c7a6c29 WHASNEW: Release notes for 3.5.15.
from 5118001 docs-xml: fix default name resolve order (fix bug #7564)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit d9377cc6fd0db9fa00ffd6b47cb48036779221ae
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Apr 30 20:48:52 2012 +0200
WHATSNEW: Start release notes for 3.5.16.
Karolin
(cherry picked from commit f28fea98458e0b3c3510f02b98177e8c46c12d3c)
commit 5c95d266b596536adf674f5f40b63e3cc29fd236
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Apr 30 20:46:52 2012 +0200
VERSION: Bump version number up to 3.5.16.
Karolin
(cherry picked from commit 452e5d110fa64f0e10cbce19bac0efbd5f0931e0)
commit 3c89d625a1c1d29b60b390f59cca887f16984db7
Author: Jeremy Allison <jra at samba.org>
Date: Tue Apr 17 11:49:55 2012 -0700
Fix self granting privileges in security=ads.
CVE-2012-2111
(cherry picked from commit b1061ab00f59fdf4ebab622ab7a9c29a3aa51eee)
commit c7a6c295747c89005e9f278bdc6c952295b139cc
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Apr 27 21:09:56 2012 +0200
WHASNEW: Release notes for 3.5.15.
Karolin
(cherry picked from commit 0b278804b1aa020e03c89e9276408dd7097bb4d2)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 58 +++++++++++++++++++++++++++++++++++---
source3/VERSION | 2 +-
source3/rpc_server/srv_lsa_nt.c | 20 +++++++++----
3 files changed, 68 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 712748f..3e8711d 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,20 +1,20 @@
==============================
- Release Notes for Samba 3.5.15
+ Release Notes for Samba 3.5.16
, 2012
==============================
This is the latest stable release of Samba 3.5.
-Major enhancements in Samba 3.5.15 include:
+Major enhancements in Samba 3.5.16 include:
-o
+o
-Changes since 3.5.14:
+Changes since 3.5.15:
---------------------
-o Stefan Metzmacher <metze at samba.org>
+o Jeremy Allison <jra at samba.org>
######################################################################
@@ -41,6 +41,54 @@ Release notes for older releases follow:
----------------------------------------
==============================
+ Release Notes for Samba 3.5.15
+ April 30, 2012
+ ==============================
+
+
+This is a security release in order to address
+CVE-2012-2111 (Incorrect permission checks when granting/removing
+privileges can compromise file server security).
+
+o CVE-2012-2111:
+ Samba 3.4.x to 3.6.4 are affected by a
+ vulnerability that allows arbitrary users
+ to modify privileges on a file server.
+
+
+Changes since 3.5.14:
+---------------------
+
+
+o Jeremy Allison <jra at samba.org>
+ * Fix incorrect permission checks when granting/removing
+ privileges (CVE-2012-2111).
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
Release Notes for Samba 3.5.14
April 10, 2012
==============================
diff --git a/source3/VERSION b/source3/VERSION
index efb2c88..53fad4d 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=3
SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=15
+SAMBA_VERSION_RELEASE=16
########################################################
# Bug fix releases use a letter for the patch revision #
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index e903f0e..b9ea2d2 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1691,6 +1691,10 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p,
struct lsa_info *handle;
struct lsa_info *info;
uint32_t acc_granted;
+ uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
+ ~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
+ LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
+ STD_RIGHT_DELETE_ACCESS));
struct security_descriptor *psd;
size_t sd_size;
@@ -1718,7 +1722,7 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p,
status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
&lsa_account_mapping,
- r->in.sid, LSA_POLICY_ALL_ACCESS);
+ r->in.sid, owner_access);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -1764,6 +1768,10 @@ NTSTATUS _lsa_OpenAccount(pipes_struct *p,
size_t sd_size;
uint32_t des_access = r->in.access_mask;
uint32_t acc_granted;
+ uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
+ ~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
+ LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
+ STD_RIGHT_DELETE_ACCESS));
NTSTATUS status;
/* find the connection policy handle. */
@@ -1788,7 +1796,7 @@ NTSTATUS _lsa_OpenAccount(pipes_struct *p,
/* get the generic lsa account SD until we store it */
status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
&lsa_account_mapping,
- r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+ r->in.sid, owner_access);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -2174,10 +2182,10 @@ NTSTATUS _lsa_AddAccountRights(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
}
- /* get the generic lsa account SD for this SID until we store it */
+ /* get the generic lsa account SD until we store it */
status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
&lsa_account_mapping,
- r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+ NULL, 0);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -2245,10 +2253,10 @@ NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
}
- /* get the generic lsa account SD for this SID until we store it */
+ /* get the generic lsa account SD until we store it */
status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
&lsa_account_mapping,
- r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+ NULL, 0);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list