From: Christian Merten <christian@merten.dev>
Date: Mon, 19 Sep 2022 21:01:34 +0000 (+0200)
Subject: CVE-2023-4154 librpc ndr/py_security: Export ACE deletion functions to python
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd5213a918edef9397ef41c1fe93d3d03264a396;p=thirdparty%2Fsamba.git

CVE-2023-4154 librpc ndr/py_security: Export ACE deletion functions to python

Exported security_descriptor_sacl_del and security_descriptor_dacl_del as new methods of the
security descriptor class to python.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Christian Merten <christian@merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 84a54d2fa2b1590fdb4e2ea986ded9c39a82cf78)
---

diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c
index e79e7170812..e61b994d7cb 100644
--- a/source4/librpc/ndr/py_security.c
+++ b/source4/librpc/ndr/py_security.c
@@ -234,6 +234,52 @@ static PyObject *py_descriptor_sacl_del(PyObject *self, PyObject *args)
 	Py_RETURN_NONE;
 }
 
+static PyObject *py_descriptor_dacl_del_ace(PyObject *self, PyObject *args)
+{
+	struct security_descriptor *desc = pytalloc_get_ptr(self);
+	NTSTATUS status;
+	struct security_ace *ace = NULL;
+	PyObject *py_ace = Py_None;
+
+	if (!PyArg_ParseTuple(args, "O!", &security_ace_Type, &py_ace))
+		return NULL;
+
+	if (!PyObject_TypeCheck(py_ace, &security_ace_Type)) {
+		PyErr_SetString(PyExc_TypeError,
+				"expected security.security_ace "
+				"for first argument to .dacl_del_ace");
+		return NULL;
+	}
+
+	ace = pytalloc_get_ptr(py_ace);
+	status = security_descriptor_dacl_del_ace(desc, ace);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_descriptor_sacl_del_ace(PyObject *self, PyObject *args)
+{
+	struct security_descriptor *desc = pytalloc_get_ptr(self);
+	NTSTATUS status;
+	struct security_ace *ace = NULL;
+	PyObject *py_ace = Py_None;
+
+	if (!PyArg_ParseTuple(args, "O!", &security_ace_Type, &py_ace))
+		return NULL;
+
+	if (!PyObject_TypeCheck(py_ace, &security_ace_Type)) {
+		PyErr_SetString(PyExc_TypeError,
+				"expected security.security_ace "
+				"for first argument to .sacl_del_ace");
+		return NULL;
+	}
+
+	ace = pytalloc_get_ptr(py_ace);
+	status = security_descriptor_sacl_del_ace(desc, ace);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+	Py_RETURN_NONE;
+}
+
 static PyObject *py_descriptor_new(PyTypeObject *self, PyObject *args, PyObject *kwargs)
 {
 	return pytalloc_steal(self, security_descriptor_initialise(NULL));
@@ -302,7 +348,11 @@ static PyMethodDef py_descriptor_extra_methods[] = {
 		NULL },
 	{ "sacl_del", (PyCFunction)py_descriptor_sacl_del, METH_VARARGS,
 		NULL },
-	{ "from_sddl", (PyCFunction)py_descriptor_from_sddl, METH_VARARGS|METH_CLASS, 
+	{ "dacl_del_ace", (PyCFunction)py_descriptor_dacl_del_ace, METH_VARARGS,
+		NULL },
+	{ "sacl_del_ace", (PyCFunction)py_descriptor_sacl_del_ace, METH_VARARGS,
+		NULL },
+	{ "from_sddl", (PyCFunction)py_descriptor_from_sddl, METH_VARARGS|METH_CLASS,
 		NULL },
 	{ "as_sddl", (PyCFunction)py_descriptor_as_sddl, METH_VARARGS,
 		NULL },