diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2014-12-04 17:23:29 +1300 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2015-01-15 14:54:47 +0100 |
| commit | ef7fb904a97f00babb33affa0bfc8d2f5bb5ce32 (patch) | |
| tree | 21d3a6df0f59ed4ca356b22417d03100c6f89d39 /librpc | |
| parent | 9d62b6764e99737fd7b914163237a8767d1224b1 (diff) | |
| download | samba-ef7fb904a97f00babb33affa0bfc8d2f5bb5ce32.tar.gz samba-ef7fb904a97f00babb33affa0bfc8d2f5bb5ce32.tar.xz samba-ef7fb904a97f00babb33affa0bfc8d2f5bb5ce32.zip | |
CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl
This requires an additional control to be used in the
LSA server to add domain trust account objects.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
Diffstat (limited to 'librpc')
| -rw-r--r-- | librpc/idl/security.idl | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index eb80a869b0..78c13c9950 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -674,14 +674,21 @@ interface security const string GUID_DRS_CHANGE_RID_MASTER = "d58d5f36-0a98-11d1-adbb-00c04fd8d5cd"; const string GUID_DRS_CHANGE_SCHEMA_MASTER = "e12b56b6-0a95-11d1-adbb-00c04fd8d5cd"; const string GUID_DRS_GET_CHANGES = "1131f6aa-9c07-11d1-f79f-00c04fc2dcd2"; + const string GUID_DRS_REPL_SYNCRONIZE = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2"; + const string GUID_DRS_MANAGE_TOPOLOGY = "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2"; const string GUID_DRS_GET_ALL_CHANGES = "1131f6ad-9c07-11d1-f79f-00c04fc2dcd2"; + const string GUID_DRS_RO_REPL_SECRET_SYNC = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2"; const string GUID_DRS_GET_FILTERED_ATTRIBUTES = "89e95b76-444d-4c62-991a-0facbeda640c"; - const string GUID_DRS_MANAGE_TOPOLOGY = "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2"; const string GUID_DRS_MONITOR_TOPOLOGY = "f98340fb-7c5b-4cdb-a00b-2ebdfa115a96"; - const string GUID_DRS_REPL_SYNCRONIZE = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2"; - const string GUID_DRS_RO_REPL_SECRET_SYNC = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2"; const string GUID_DRS_USER_CHANGE_PASSWORD = "ab721a53-1e2f-11d0-9819-00aa0040529b"; const string GUID_DRS_FORCE_CHANGE_PASSWORD = "00299570-246d-11d0-a768-00aa006e0529"; + const string GUID_DRS_UPDATE_PASSWORD_NOT_REQUIRED_BIT + = "280f369c-67c7-438e-ae98-1d46f3c6f541"; + const string GUID_DRS_UNEXPIRE_PASSWORD = "ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501"; + const string GUID_DRS_ENABLE_PER_USER_REVERSIBLY_ENCRYPTED_PASSWORD + = "05c74c5e-4deb-43b4-bd9f-86664c2a7fd5"; + const string GUID_DRS_DS_INSTALL_REPLICA = "9923a32a-3607-11d2-b9be-0000f87a36b2"; + /***************************************************************/ /* validated writes guids */ |