From f967b91da76f86a9feb4c1469fccfce93be8bc79 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 7 Jun 2023 18:18:58 +0200
Subject: [PATCH] CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor
 for missing deleted objects container

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 70586061128f90afa33f25e104d4570a1cf778db)

CVE: CVE-2018-14628

Upstream-Status: Backport
[https://github.com/samba-team/samba/commit/f967b91da76f86a9feb4c1469fccfce93be8bc79]

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
 python/samba/dbchecker.py | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index d8c2341..35b6eeb 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -21,7 +21,7 @@ from __future__ import print_function
 import ldb
 import samba
 import time
-from base64 import b64decode
+from base64 import b64decode, b64encode
 from samba import dsdb
 from samba import common
 from samba.dcerpc import misc
@@ -30,7 +30,11 @@ from samba.ndr import ndr_unpack, ndr_pack
 from samba.dcerpc import drsblobs
 from samba.samdb import dsdb_Dn
 from samba.dcerpc import security
-from samba.descriptor import get_wellknown_sds, get_diff_sds
+from samba.descriptor import (
+        get_wellknown_sds,
+        get_deletedobjects_descriptor,
+        get_diff_sds
+)
 from samba.auth import system_session, admin_session
 from samba.netcmd import CommandError
 from samba.netcmd.fsmo import get_fsmo_roleowner
@@ -340,6 +344,11 @@ class dbcheck(object):
                 wko_prefix = "B:32:%s" % dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER
                 listwko.append('%s:%s' % (wko_prefix, dn))
                 guid_suffix = ""
+
+            domain_sid = security.dom_sid(self.samdb.get_domain_sid())
+            sec_desc = get_deletedobjects_descriptor(domain_sid,
+                                                     name_map=self.name_map)
+            sec_desc_b64 = b64encode(sec_desc).decode('utf8')

             # Insert a brand new Deleted Objects container
             self.samdb.add_ldif("""dn: %s
@@ -349,7 +358,8 @@ description: Container for deleted objects
 isDeleted: TRUE
 isCriticalSystemObject: TRUE
 showInAdvancedViewOnly: TRUE
-systemFlags: -1946157056%s""" % (dn, guid_suffix),
+nTSecurityDescriptor:: %s
+systemFlags: -1946157056%s""" % (dn, sec_desc_b64, guid_suffix),
                                 controls=["relax:0", "provision:0"])

             delta = ldb.Message()
--
2.40.0