summaryrefslogtreecommitdiffstats
path: root/meta-networking
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking')
-rw-r--r--meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch147
-rw-r--r--meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch72
-rw-r--r--meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch106
-rw-r--r--meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch64
-rw-r--r--meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch98
-rw-r--r--meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch51
-rw-r--r--meta-networking/recipes-connectivity/samba/samba_4.14.14.bb6
7 files changed, 544 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch
new file mode 100644
index 0000000000..d938e8cd66
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch
@@ -0,0 +1,147 @@
1From cbbfc917b9635bc62825ea64a157028297f54fb7 Mon Sep 17 00:00:00 2001
2From: Stefan Metzmacher <metze@samba.org>
3Date: Fri, 29 Jan 2016 23:35:31 +0100
4Subject: [PATCH] CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix
5 the nTSecurityDescriptor on CN=Deleted Objects containers
6
7BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
8
9Signed-off-by: Stefan Metzmacher <metze@samba.org>
10Reviewed-by: Andrew Bartlett <abartlet@samba.org>
11(cherry picked from commit 97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566)
12
13Autobuild-User(v4-18-test): Jule Anger <janger@samba.org>
14Autobuild-Date(v4-18-test): Mon Oct 23 09:52:22 UTC 2023 on atb-devel-224
15
16CVE: CVE-2018-14628
17
18Upstream-Status: Backport[https://github.com/samba-team/samba/commit/cbbfc917b9635bc62825ea64a157028297f54fb7]
19
20Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
21---
22 python/samba/dbchecker.py | 10 ++++++++--
23 python/samba/descriptor.py | 15 ++++++++++++++-
24 testprogs/blackbox/dbcheck-links.sh | 12 ++++++++++++
25 3 files changed, 34 insertions(+), 3 deletions(-)
26
27diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
28index d10d765..d8c2341 100644
29--- a/python/samba/dbchecker.py
30+++ b/python/samba/dbchecker.py
31@@ -2433,7 +2433,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
32 error_count += 1
33 continue
34
35- if self.reset_well_known_acls:
36+ if dn == deleted_objects_dn or self.reset_well_known_acls:
37 try:
38 well_known_sd = self.get_wellknown_sd(dn)
39 except KeyError:
40@@ -2442,7 +2442,13 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
41 current_sd = ndr_unpack(security.descriptor,
42 obj[attrname][0])
43
44- diff = get_diff_sds(well_known_sd, current_sd, security.dom_sid(self.samdb.get_domain_sid()))
45+ ignoreAdditionalACEs = False
46+ if not self.reset_well_known_acls:
47+ ignoreAdditionalACEs = True
48+
49+ diff = get_diff_sds(well_known_sd, current_sd,
50+ security.dom_sid(self.samdb.get_domain_sid()),
51+ ignoreAdditionalACEs=ignoreAdditionalACEs)
52 if diff != "":
53 self.err_wrong_default_sd(dn, well_known_sd, diff)
54 error_count += 1
55diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
56index 0998348..08cfab0 100644
57--- a/python/samba/descriptor.py
58+++ b/python/samba/descriptor.py
59@@ -407,6 +407,7 @@ def get_wellknown_sds(samdb):
60 # Then subcontainers
61 subcontainers = [
62 (ldb.Dn(samdb, "%s" % str(samdb.domain_dn())), get_domain_descriptor),
63+ (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.domain_dn())), get_deletedobjects_descriptor),
64 (ldb.Dn(samdb, "CN=LostAndFound,%s" % str(samdb.domain_dn())), get_domain_delete_protected2_descriptor),
65 (ldb.Dn(samdb, "CN=System,%s" % str(samdb.domain_dn())), get_domain_delete_protected1_descriptor),
66 (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(samdb.domain_dn())), get_domain_infrastructure_descriptor),
67@@ -417,6 +418,7 @@ def get_wellknown_sds(samdb):
68 (ldb.Dn(samdb, "CN=MicrosoftDNS,CN=System,%s" % str(samdb.domain_dn())), get_dns_domain_microsoft_dns_descriptor),
69
70 (ldb.Dn(samdb, "%s" % str(samdb.get_config_basedn())), get_config_descriptor),
71+ (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.get_config_basedn())), get_deletedobjects_descriptor),
72 (ldb.Dn(samdb, "CN=NTDS Quotas,%s" % str(samdb.get_config_basedn())), get_config_ntds_quotas_descriptor),
73 (ldb.Dn(samdb, "CN=LostAndFoundConfig,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1wd_descriptor),
74 (ldb.Dn(samdb, "CN=Services,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1_descriptor),
75@@ -441,6 +443,9 @@ def get_wellknown_sds(samdb):
76 if ldb.Dn(samdb, nc.decode('utf8')) == dnsforestdn:
77 c = (ldb.Dn(samdb, "%s" % str(dnsforestdn)), get_dns_partition_descriptor)
78 subcontainers.append(c)
79+ c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsforestdn)),
80+ get_deletedobjects_descriptor)
81+ subcontainers.append(c)
82 c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsforestdn)),
83 get_domain_delete_protected1_descriptor)
84 subcontainers.append(c)
85@@ -456,6 +461,9 @@ def get_wellknown_sds(samdb):
86 if ldb.Dn(samdb, nc.decode('utf8')) == dnsdomaindn:
87 c = (ldb.Dn(samdb, "%s" % str(dnsdomaindn)), get_dns_partition_descriptor)
88 subcontainers.append(c)
89+ c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsdomaindn)),
90+ get_deletedobjects_descriptor)
91+ subcontainers.append(c)
92 c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsdomaindn)),
93 get_domain_delete_protected1_descriptor)
94 subcontainers.append(c)
95@@ -548,7 +556,8 @@ def get_clean_sd(sd):
96 return sd_clean
97
98
99-def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
100+def get_diff_sds(refsd, cursd, domainsid, checkSacl=True,
101+ ignoreAdditionalACEs=False):
102 """Get the difference between 2 sd
103
104 This function split the textual representation of ACL into smaller
105@@ -603,6 +612,10 @@ def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
106 h_ref.remove(k)
107
108 if len(h_cur) + len(h_ref) > 0:
109+ if txt == "" and len(h_ref) == 0:
110+ if ignoreAdditionalACEs:
111+ return ""
112+
113 txt = "%s\tPart %s is different between reference" \
114 " and current here is the detail:\n" % (txt, part)
115
116diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh
117index f00fe46..06b24fb 100755
118--- a/testprogs/blackbox/dbcheck-links.sh
119+++ b/testprogs/blackbox/dbcheck-links.sh
120@@ -58,6 +58,16 @@ dbcheck() {
121 fi
122 }
123
124+dbcheck_acl_reset()
125+{
126+ $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --fix --yes --attrs=nTSecurityDescriptor
127+}
128+
129+dbcheck_acl_clean()
130+{
131+ $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --attrs=nTSecurityDescriptor
132+}
133+
134 dbcheck_dangling() {
135 dbcheck "" "1" "--selftest-check-expired-tombstones"
136 return $?
137@@ -893,6 +903,8 @@ EOF
138 remove_directory $PREFIX_ABS/${RELEASE}
139
140 testit $RELEASE undump || failed=`expr $failed + 1`
141+testit_expect_failure "dbcheck_acl_reset" dbcheck_acl_reset || failed=$(expr $failed + 1)
142+testit "dbcheck_acl_clean" dbcheck_acl_clean || failed=$(expr $failed + 1)
143 testit "add_two_more_users" add_two_more_users || failed=`expr $failed + 1`
144 testit "add_four_more_links" add_four_more_links || failed=`expr $failed + 1`
145 testit "remove_one_link" remove_one_link || failed=`expr $failed + 1`
146--
1472.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch
new file mode 100644
index 0000000000..e3d45627a5
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch
@@ -0,0 +1,72 @@
1From f967b91da76f86a9feb4c1469fccfce93be8bc79 Mon Sep 17 00:00:00 2001
2From: Stefan Metzmacher <metze@samba.org>
3Date: Wed, 7 Jun 2023 18:18:58 +0200
4Subject: [PATCH] CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor
5 for missing deleted objects container
6
7BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
8
9Signed-off-by: Stefan Metzmacher <metze@samba.org>
10Reviewed-by: Andrew Bartlett <abartlet@samba.org>
11(cherry picked from commit 70586061128f90afa33f25e104d4570a1cf778db)
12
13CVE: CVE-2018-14628
14
15Upstream-Status: Backport
16[https://github.com/samba-team/samba/commit/f967b91da76f86a9feb4c1469fccfce93be8bc79]
17
18Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
19---
20 python/samba/dbchecker.py | 16 +++++++++++++---
21 1 file changed, 13 insertions(+), 3 deletions(-)
22
23diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
24index d8c2341..35b6eeb 100644
25--- a/python/samba/dbchecker.py
26+++ b/python/samba/dbchecker.py
27@@ -21,7 +21,7 @@ from __future__ import print_function
28 import ldb
29 import samba
30 import time
31-from base64 import b64decode
32+from base64 import b64decode, b64encode
33 from samba import dsdb
34 from samba import common
35 from samba.dcerpc import misc
36@@ -30,7 +30,11 @@ from samba.ndr import ndr_unpack, ndr_pack
37 from samba.dcerpc import drsblobs
38 from samba.samdb import dsdb_Dn
39 from samba.dcerpc import security
40-from samba.descriptor import get_wellknown_sds, get_diff_sds
41+from samba.descriptor import (
42+ get_wellknown_sds,
43+ get_deletedobjects_descriptor,
44+ get_diff_sds
45+)
46 from samba.auth import system_session, admin_session
47 from samba.netcmd import CommandError
48 from samba.netcmd.fsmo import get_fsmo_roleowner
49@@ -340,6 +344,11 @@ class dbcheck(object):
50 wko_prefix = "B:32:%s" % dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER
51 listwko.append('%s:%s' % (wko_prefix, dn))
52 guid_suffix = ""
53+
54+ domain_sid = security.dom_sid(self.samdb.get_domain_sid())
55+ sec_desc = get_deletedobjects_descriptor(domain_sid,
56+ name_map=self.name_map)
57+ sec_desc_b64 = b64encode(sec_desc).decode('utf8')
58
59 # Insert a brand new Deleted Objects container
60 self.samdb.add_ldif("""dn: %s
61@@ -349,7 +358,8 @@ description: Container for deleted objects
62 isDeleted: TRUE
63 isCriticalSystemObject: TRUE
64 showInAdvancedViewOnly: TRUE
65-systemFlags: -1946157056%s""" % (dn, guid_suffix),
66+nTSecurityDescriptor:: %s
67+systemFlags: -1946157056%s""" % (dn, sec_desc_b64, guid_suffix),
68 controls=["relax:0", "provision:0"])
69
70 delta = ldb.Message()
71--
722.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch
new file mode 100644
index 0000000000..df30e0c106
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch
@@ -0,0 +1,106 @@
1From edac27f5408191567233983562091484ebbbad0a Mon Sep 17 00:00:00 2001
2From: Stefan Metzmacher <metze@samba.org>
3Date: Mon, 26 Jun 2023 15:14:24 +0200
4Subject: [PATCH] CVE-2018-14628: s4:dsdb: remove unused code in
5 dirsync_filter_entry()
6
7This makes the next change easier to understand.
8
9BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
10
11Signed-off-by: Stefan Metzmacher <metze@samba.org>
12Reviewed-by: Andrew Bartlett <abartlet@samba.org>
13(cherry picked from commit 498542be0bbf4f26558573c1f87b77b8e3509371)
14
15CVE: CVE-2018-14628
16
17Upstream-Status: Backport [https://github.com/samba-team/samba/commit/edac27f5408191567233983562091484ebbbad0a]
18
19Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
20---
21 source4/dsdb/samdb/ldb_modules/dirsync.c | 53 +++---------------------
22 1 file changed, 5 insertions(+), 48 deletions(-)
23
24diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c b/source4/dsdb/samdb/ldb_modules/dirsync.c
25index e61ade8..e7fb27f 100644
26--- a/source4/dsdb/samdb/ldb_modules/dirsync.c
27+++ b/source4/dsdb/samdb/ldb_modules/dirsync.c
28@@ -152,10 +152,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
29 * list only the attribute that have been modified since last interogation
30 *
31 */
32- newmsg = ldb_msg_new(dsc->req);
33- if (newmsg == NULL) {
34- return ldb_oom(ldb);
35- }
36 for (i = msg->num_elements - 1; i >= 0; i--) {
37 if (ldb_attr_cmp(msg->elements[i].name, "uSNChanged") == 0) {
38 int error = 0;
39@@ -202,11 +198,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
40 */
41 return LDB_SUCCESS;
42 }
43- newmsg->dn = ldb_dn_new(newmsg, ldb, "");
44- if (newmsg->dn == NULL) {
45- return ldb_oom(ldb);
46- }
47-
48 el = ldb_msg_find_element(msg, "objectGUID");
49 if ( el != NULL) {
50 guidfound = true;
51@@ -217,48 +208,14 @@ static int dirsync_filter_entry(struct ldb_request *req,
52 * well will uncomment the code bellow
53 */
54 SMB_ASSERT(guidfound == true);
55- /*
56- if (guidfound == false) {
57- struct GUID guid;
58- struct ldb_val *new_val;
59- DATA_BLOB guid_blob;
60-
61- tmp[0] = '\0';
62- txt = strrchr(txt, ':');
63- if (txt == NULL) {
64- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
65- }
66- txt++;
67-
68- status = GUID_from_string(txt, &guid);
69- if (!NT_STATUS_IS_OK(status)) {
70- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
71- }
72-
73- status = GUID_to_ndr_blob(&guid, msg, &guid_blob);
74- if (!NT_STATUS_IS_OK(status)) {
75- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
76- }
77-
78- new_val = talloc(msg, struct ldb_val);
79- if (new_val == NULL) {
80- return ldb_oom(ldb);
81- }
82- new_val->data = talloc_steal(new_val, guid_blob.data);
83- new_val->length = guid_blob.length;
84- if (ldb_msg_add_value(msg, "objectGUID", new_val, NULL) != 0) {
85- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
86- }
87- }
88- */
89- ldb_msg_add(newmsg, el, LDB_FLAG_MOD_ADD);
90- talloc_steal(newmsg->elements, el->name);
91- talloc_steal(newmsg->elements, el->values);
92-
93- talloc_steal(newmsg->elements, msg);
94 return ldb_module_send_entry(dsc->req, msg, controls);
95 }
96
97+ newmsg = ldb_msg_new(dsc->req);
98+ if (newmsg == NULL) {
99+ return ldb_oom(ldb);
100+ }
101+
102 ndr_err = ndr_pull_struct_blob(replMetaData, dsc, &rmd,
103 (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
104 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
105--
1062.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch
new file mode 100644
index 0000000000..6fa4ef10dd
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch
@@ -0,0 +1,64 @@
1From 74a508b39e6fd5036a2adc99d559bd3852f8ce8d Mon Sep 17 00:00:00 2001
2From: Stefan Metzmacher <metze@samba.org>
3Date: Fri, 29 Jan 2016 23:34:15 +0100
4Subject: [PATCH] CVE-2018-14628: s4:setup: set the correct
5 nTSecurityDescriptor on the CN=Deleted Objects container
6
7This revealed a bug in our dirsync code, so we mark
8test_search_with_dirsync_deleted_objects as knownfail.
9
10BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
11
12Signed-off-by: Stefan Metzmacher <metze@samba.org>
13Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14(cherry picked from commit 7f8b15faa76d05023c987fac2c4c31f9ac61bb47)
15
16CVE: CVE-2018-14628
17
18Upstream-Status: Backport [https://github.com/samba-team/samba/commit/74a508b39e6fd5036a2adc99d559bd3852f8ce8d]
19
20Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
21---
22 source4/setup/provision.ldif | 1 +
23 source4/setup/provision_configuration.ldif | 1 +
24 source4/setup/provision_dnszones_add.ldif | 1 +
25 3 files changed, 3 insertions(+)
26
27diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
28index 5d9eba4..7f966fd 100644
29--- a/source4/setup/provision.ldif
30+++ b/source4/setup/provision.ldif
31@@ -34,6 +34,7 @@ isDeleted: TRUE
32 isCriticalSystemObject: TRUE
33 showInAdvancedViewOnly: TRUE
34 systemFlags: -1946157056
35+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
36
37 # Computers located in "provision_computers*.ldif"
38 # Users/Groups located in "provision_users*.ldif"
39diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
40index 53c9c85..8fcbddb 100644
41--- a/source4/setup/provision_configuration.ldif
42+++ b/source4/setup/provision_configuration.ldif
43@@ -14,6 +14,7 @@ description: Container for deleted objects
44 isDeleted: TRUE
45 isCriticalSystemObject: TRUE
46 systemFlags: -1946157056
47+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
48
49 # Extended rights
50
51diff --git a/source4/setup/provision_dnszones_add.ldif b/source4/setup/provision_dnszones_add.ldif
52index 860aa4b..a2d6b6b 100644
53--- a/source4/setup/provision_dnszones_add.ldif
54+++ b/source4/setup/provision_dnszones_add.ldif
55@@ -8,6 +8,7 @@ description: Deleted objects
56 isDeleted: TRUE
57 isCriticalSystemObject: TRUE
58 systemFlags: -1946157056
59+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
60
61 dn: CN=LostAndFound,${ZONE_DN}
62 objectClass: top
63--
642.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch
new file mode 100644
index 0000000000..b0a8ef2535
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch
@@ -0,0 +1,98 @@
1From 46a168c9a89e82ccaf8d27669d1ae5459f7becb9 Mon Sep 17 00:00:00 2001
2From: Stefan Metzmacher <metze@samba.org>
3Date: Fri, 29 Jan 2016 23:33:37 +0100
4Subject: [PATCH] CVE-2018-14628: python:provision: make
5 DELETEDOBJECTS_DESCRIPTOR available in the ldif files
6
7BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
8
9Signed-off-by: Stefan Metzmacher <metze@samba.org>
10Reviewed-by: Andrew Bartlett <abartlet@samba.org>
11(cherry picked from commit 0c329a0fda37d87ed737e4b579b6d04ec907604c)
12
13CVE: CVE-2018-14628
14
15Upstream-Status: Backport
16[https://github.com/samba-team/samba/commit/46a168c9a89e82ccaf8d27669d1ae5459f7becb9]
17
18Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
19---
20 python/samba/provision/__init__.py | 5 +++++
21 python/samba/provision/sambadns.py | 4 ++++
22 2 files changed, 9 insertions(+)
23
24diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
25index e8903ad..0c52cc1 100644
26--- a/python/samba/provision/__init__.py
27+++ b/python/samba/provision/__init__.py
28@@ -79,6 +79,7 @@ from samba.provision.backend import (
29 LDBBackend,
30 )
31 from samba.descriptor import (
32+ get_deletedobjects_descriptor,
33 get_empty_descriptor,
34 get_config_descriptor,
35 get_config_partitions_descriptor,
36@@ -1441,6 +1442,8 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
37 msg["subRefs"] = ldb.MessageElement(names.configdn, ldb.FLAG_MOD_ADD,
38 "subRefs")
39
40+ deletedobjects_descr = b64encode(get_deletedobjects_descriptor(names.domainsid)).decode('utf8')
41+
42 samdb.invocation_id = invocationid
43
44 # If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
45@@ -1472,6 +1475,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
46 "FOREST_FUNCTIONALITY": str(forestFunctionality),
47 "DOMAIN_FUNCTIONALITY": str(domainFunctionality),
48 "NTDSQUOTAS_DESCRIPTOR": ntdsquotas_descr,
49+ "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
50 "LOSTANDFOUND_DESCRIPTOR": protected1wd_descr,
51 "SERVICES_DESCRIPTOR": protected1_descr,
52 "PHYSICALLOCATIONS_DESCRIPTOR": protected1wd_descr,
53@@ -1536,6 +1540,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
54 "RIDAVAILABLESTART": str(next_rid + 600),
55 "POLICYGUID_DC": policyguid_dc,
56 "INFRASTRUCTURE_DESCRIPTOR": infrastructure_desc,
57+ "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
58 "LOSTANDFOUND_DESCRIPTOR": lostandfound_desc,
59 "SYSTEM_DESCRIPTOR": system_desc,
60 "BUILTIN_DESCRIPTOR": builtin_desc,
61diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
62index 8a5d8a9..61beb16 100644
63--- a/python/samba/provision/sambadns.py
64+++ b/python/samba/provision/sambadns.py
65@@ -41,6 +41,7 @@ from samba.dsdb import (
66 DS_DOMAIN_FUNCTION_2016
67 )
68 from samba.descriptor import (
69+ get_deletedobjects_descriptor,
70 get_domain_descriptor,
71 get_domain_delete_protected1_descriptor,
72 get_domain_delete_protected2_descriptor,
73@@ -245,6 +246,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
74 domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
75 forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
76 descriptor = get_dns_partition_descriptor(domainsid)
77+ deletedobjects_desc = get_deletedobjects_descriptor(domainsid)
78
79 setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
80 "ZONE_DN": domainzone_dn,
81@@ -268,6 +270,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
82 "ZONE_DNS": domainzone_dns,
83 "CONFIGDN": configdn,
84 "SERVERDN": serverdn,
85+ "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8'),
86 "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
87 "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
88 })
89@@ -288,6 +291,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
90 "ZONE_DNS": forestzone_dns,
91 "CONFIGDN": configdn,
92 "SERVERDN": serverdn,
93+ "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8')
94 "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
95 "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
96 })
97--
982.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch
new file mode 100644
index 0000000000..d92ad41df1
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch
@@ -0,0 +1,51 @@
1From e884fc791e59bd6ebd41b4a2ab7c9d7dc45415f4 Mon Sep 17 00:00:00 2001
2From: Stefan Metzmacher <metze@samba.org>
3Date: Fri, 29 Jan 2016 23:30:59 +0100
4Subject: [PATCH] CVE-2018-14628: python:descriptor: add
5 get_deletedobjects_descriptor()
6
7samba-tool drs clone-dc-database was quite useful to find
8the true value of nTSecurityDescriptor of the CN=Delete Objects
9containers.
10
11Only the auto inherited SACL is available via a ldap search.
12
13BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
14
15Signed-off-by: Stefan Metzmacher <metze@samba.org>
16Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17(cherry picked from commit 3be190dcf7153e479383f7f3d29ddca43fe121b8)
18
19CVE: CVE-2018-14628
20
21Upstream-Status: Backport
22[https://github.com/samba-team/samba/commit/e884fc791e59bd6ebd41b4a2ab7c9d7dc45415f4]
23
24Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
25---
26 python/samba/descriptor.py | 10 ++++++++++
27 1 file changed, 10 insertions(+)
28
29diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
30index 08cfab0..0141f38 100644
31--- a/python/samba/descriptor.py
32+++ b/python/samba/descriptor.py
33@@ -52,6 +52,16 @@ def get_empty_descriptor(domain_sid, name_map={}):
34 # "get_schema_descriptor" is located in "schema.py"
35
36
37+def get_deletedobjects_descriptor(domain_sid, name_map=None):
38+ if name_map is None:
39+ name_map = {}
40+
41+ sddl = "O:SYG:SYD:PAI" \
42+ "(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)" \
43+ "(A;;RPLC;;;BA)"
44+ return sddl2binary(sddl, domain_sid, name_map)
45+
46+
47 def get_config_descriptor(domain_sid, name_map={}):
48 sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
49 "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
50--
512.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb
index 17d12e4392..6838ac12f2 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb
@@ -52,6 +52,12 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
52 file://CVE-2023-4091-0001.patch \ 52 file://CVE-2023-4091-0001.patch \
53 file://CVE-2023-4091-0002.patch \ 53 file://CVE-2023-4091-0002.patch \
54 file://CVE-2023-42669.patch \ 54 file://CVE-2023-42669.patch \
55 file://CVE-2018-14628-0001.patch \
56 file://CVE-2018-14628-0002.patch \
57 file://CVE-2018-14628-0003.patch \
58 file://CVE-2018-14628-0004.patch \
59 file://CVE-2018-14628-0005.patch \
60 file://CVE-2018-14628-0006.patch \
55 " 61 "
56 62
57SRC_URI:append:libc-musl = " \ 63SRC_URI:append:libc-musl = " \
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-14 06:35:07 +0000