[SCM] Samba Shared Repository - branch master updated

Tue, 13 Mar 2018 15:49:45 -0700 

The branch, master has been updated
       via  20609aa s4: dsdb/password_hash: use UF_TRUST_ACCOUNT_MASK
       via  8497d20 libds: rename UF_MACHINE_ACCOUNT_MASK to 
UF_TRUST_ACCOUNT_MASK
      from  c41895b CVE-2018-1050: s3: RPC: spoolss server. Protect against 
null pointer derefs.

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 20609aa260f0a84dff4574df4a1564884a813f92
Author: Ralph Boehme <[email protected]>
Date:   Thu Mar 8 17:35:15 2018 +0100

    s4: dsdb/password_hash: use UF_TRUST_ACCOUNT_MASK
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Andrew Bartlett <[email protected]>
    
    Autobuild-User(master): Andrew Bartlett <[email protected]>
    Autobuild-Date(master): Tue Mar 13 23:48:28 CET 2018 on sn-devel-144

commit 8497d2090900b252853278f29a4aaf3bce7515da
Author: Ralph Boehme <[email protected]>
Date:   Thu Mar 8 17:34:08 2018 +0100

    libds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK
    
    The name UF_TRUST_ACCOUNT_MASK better reflects the use case and it's not
    yet used.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Andrew Bartlett <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 libds/common/flags.h                           | 2 +-
 source4/dsdb/samdb/ldb_modules/password_hash.c | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libds/common/flags.h b/libds/common/flags.h
index d431bd5..d436f2b 100644
--- a/libds/common/flags.h
+++ b/libds/common/flags.h
@@ -53,7 +53,7 @@
 #define UF_PARTIAL_SECRETS_ACCOUNT             0x04000000
 #define UF_USE_AES_KEYS                         0x08000000
 
-#define UF_MACHINE_ACCOUNT_MASK (\
+#define UF_TRUST_ACCOUNT_MASK (\
                UF_INTERDOMAIN_TRUST_ACCOUNT |\
                UF_WORKSTATION_TRUST_ACCOUNT |\
                UF_SERVER_TRUST_ACCOUNT \
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c 
b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 1c1de09..c872f20 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -3211,9 +3211,7 @@ static int setup_io(struct ph_context *ac,
 
        /* Only non-trust accounts have restrictions (possibly this test is the
         * wrong way around, but we like to be restrictive if possible */
-       io->u.restrictions = !(io->u.userAccountControl
-               & (UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT
-                       | UF_SERVER_TRUST_ACCOUNT));
+       io->u.restrictions = !(io->u.userAccountControl & 
UF_TRUST_ACCOUNT_MASK);
 
        if (io->u.is_krbtgt) {
                io->u.restrictions = 0;


-- 
Samba Shared Repository

Reply via email to