sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with dirsync

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Oct 31 23:29:15 UTC 2019 on sn-devel-184
This commit is contained in:
Andrew Bartlett 2019-10-15 15:44:34 +13:00 committed by Douglas Bagnall
parent e62c535d5b
commit 03205663b3
3 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
selftest/knownfail.d/dirsync
View File

@ -1 +0,0 @@
^samba4.ldap.dirsync.python\(ad_dc_ntvfs\).__main__.ExtendedDirsyncTests.test_dirsync_linkedattributes_range\(

9
source4/dsdb/samdb/ldb_modules/dirsync.c
View File

@ -1358,11 +1358,12 @@ static int dirsync_ldb_search(struct ldb_module *module, struct ldb_request *req
}
/*
* Remove our control from the list of controls
* Mark dirsync control as uncritical (done)
*
* We need this so ranged_results knows how to behave with
* dirsync
*/
if (!ldb_save_controls(control, req, NULL)) {
return ldb_operr(ldb);
}
control->critical = false;
dsc->schema = dsdb_get_schema(ldb, dsc);
/*
* At the begining we make the hypothesis that we will return a complete

25
source4/dsdb/samdb/ldb_modules/ranged_results.c
View File

@ -35,14 +35,14 @@
struct rr_context {
struct ldb_module *module;
struct ldb_request *req;
bool dirsync_in_use;
};
static struct rr_context *rr_init_context(struct ldb_module *module,
struct ldb_request *req)
{
struct rr_context *ac;
ac = talloc_zero(req, struct rr_context);
struct ldb_control *dirsync_control = NULL;
struct rr_context *ac = talloc_zero(req, struct rr_context);
if (ac == NULL) {
ldb_set_errstring(ldb_module_get_ctx(module), "Out of Memory");
return NULL;
@ -51,6 +51,16 @@ static struct rr_context *rr_init_context(struct ldb_module *module,
ac->module = module;
ac->req = req;
/*
* check if there's a dirsync control (as there is an
* interaction between these modules)
*/
dirsync_control = ldb_request_get_control(req,
LDB_CONTROL_DIRSYNC_OID);
if (dirsync_control != NULL) {
ac->dirsync_in_use = true;
}
return ac;
}
@ -82,6 +92,15 @@ static int rr_search_callback(struct ldb_request *req, struct ldb_reply *ares)
ares->response, ares->error);
}
if (ac->dirsync_in_use) {
/*
* We return full attribute values when mixed with
* dirsync
*/
return ldb_module_send_entry(ac->req,
ares->message,
ares->controls);
}
/* LDB_REPLY_ENTRY */
temp_ctx = talloc_new(ac->req);