openwrt/package/network/services/samba36/patches/260-remove_samr.patch
Hauke Mehrtens 1414f1647d samba: fix some security problems
This fixes the following security problems:
* CVE-2015-7560
* CVE-2015-5370
* CVE-2016-2110
* CVE-2016-2111
* CVE-2016-2112
* CVE-2016-2115
* CVE-2016-2118

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49175
2016-04-16 20:06:34 +00:00

163 lines
4.0 KiB
Diff

--- a/source3/rpc_server/rpc_handles.c
+++ b/source3/rpc_server/rpc_handles.c
@@ -59,8 +59,11 @@ struct handle_list {
static bool is_samr_lsa_pipe(const struct ndr_syntax_id *syntax)
{
- return (ndr_syntax_id_equal(syntax, &ndr_table_samr.syntax_id)
- || ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id));
+ return
+#ifdef SAMR_SUPPORT
+ ndr_syntax_id_equal(syntax, &ndr_table_samr.syntax_id) ||
+#endif
+ ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id);
}
size_t num_pipe_handles(struct pipes_struct *p)
--- a/source3/librpc/rpc/rpc_common.c
+++ b/source3/librpc/rpc/rpc_common.c
@@ -100,9 +100,11 @@ static bool initialize_interfaces(void)
return false;
}
#endif
+#ifdef SAMR_SUPPORT
if (!smb_register_ndr_interface(&ndr_table_samr)) {
return false;
}
+#endif
#ifdef NETLOGON_SUPPORT
if (!smb_register_ndr_interface(&ndr_table_netlogon)) {
return false;
--- a/source3/rpc_server/rpc_ep_setup.c
+++ b/source3/rpc_server/rpc_ep_setup.c
@@ -557,6 +557,7 @@ static bool lsarpc_init_cb(void *ptr)
return true;
}
+#ifdef SAMR_SUPPORT
static bool samr_init_cb(void *ptr)
{
struct dcesrv_ep_context *ep_ctx =
@@ -605,6 +606,7 @@ static bool samr_init_cb(void *ptr)
return true;
}
+#endif
#ifdef NETLOGON_SUPPORT
static bool netlogon_init_cb(void *ptr)
@@ -1111,12 +1113,14 @@ bool dcesrv_ep_setup(struct tevent_conte
return false;
}
+#ifdef SAMR_SUPPORT
samr_cb.init = samr_init_cb;
samr_cb.shutdown = NULL;
samr_cb.private_data = ep_ctx;
if (!NT_STATUS_IS_OK(rpc_samr_init(&samr_cb))) {
return false;
}
+#endif
#ifdef NETLOGON_SUPPORT
netlogon_cb.init = netlogon_init_cb;
--- a/source3/smbd/server_exit.c
+++ b/source3/smbd/server_exit.c
@@ -159,7 +159,9 @@ static void exit_server_common(enum serv
#ifdef NETLOGON_SUPPORT
rpc_netlogon_shutdown();
#endif
+#ifdef SAMR_SUPPORT
rpc_samr_shutdown();
+#endif
rpc_lsarpc_shutdown();
}
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -623,7 +623,9 @@ static struct cmd_set *rpcclient_command
rpcclient_commands,
lsarpc_commands,
ds_commands,
+#ifdef SAMR_SUPPORT
samr_commands,
+#endif
#ifdef PRINTER_SUPPORT
spoolss_commands,
#endif
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -2353,6 +2353,10 @@ static bool api_RNetGroupEnum(struct smb
NTSTATUS status, result;
struct dcerpc_binding_handle *b;
+#ifndef SAMR_SUPPORT
+ return False;
+#endif
+
if (!str1 || !str2 || !p) {
return False;
}
@@ -2541,6 +2545,10 @@ static bool api_NetUserGetGroups(struct
NTSTATUS status, result;
struct dcerpc_binding_handle *b;
+#ifndef SAMR_SUPPORT
+ return False;
+#endif
+
if (!str1 || !str2 || !UserName || !p) {
return False;
}
@@ -2741,6 +2749,10 @@ static bool api_RNetUserEnum(struct smbd
struct dcerpc_binding_handle *b;
+#ifndef SAMR_SUPPORT
+ return False;
+#endif
+
if (!str1 || !str2 || !p) {
return False;
}
@@ -2979,6 +2991,10 @@ static bool api_SamOEMChangePassword(str
int bufsize;
struct dcerpc_binding_handle *b;
+#ifndef SAMR_SUPPORT
+ return False;
+#endif
+
*rparam_len = 4;
*rparam = smb_realloc_limit(*rparam,*rparam_len);
if (!*rparam) {
@@ -4020,6 +4036,10 @@ static bool api_RNetUserGetInfo(struct s
union samr_UserInfo *info;
struct dcerpc_binding_handle *b = NULL;
+#ifndef SAMR_SUPPORT
+ return False;
+#endif
+
if (!str1 || !str2 || !UserName || !p) {
return False;
}
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -409,6 +409,7 @@ static bool check_bind_req(struct pipes_
context_fns->syntax = *abstract;
context_fns->allow_connect = lp_allow_dcerpc_auth_level_connect();
+#ifdef SAMR_SUPPORT
/*
* for the samr and the lsarpc interfaces we don't allow "connect"
* auth_level by default.
@@ -417,6 +418,7 @@ static bool check_bind_req(struct pipes_
if (ok) {
context_fns->allow_connect = false;
}
+#endif
ok = ndr_syntax_id_equal(abstract, &ndr_table_lsarpc.syntax_id);
if (ok) {
context_fns->allow_connect = false;