mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2020-25722 samdb: Fill in isCriticalSystemObject on any account type change
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
55cc9324b4
commit
0b06e9a5a5
@ -1 +0,0 @@
|
||||
^samba4.sam.python\(.*\).__main__.SamTests.test_isCriticalSystemObject_user
|
@ -2626,8 +2626,14 @@ static int samldb_user_account_control_change(struct samldb_ctx *ac)
|
||||
el->flags = LDB_FLAG_MOD_REPLACE;
|
||||
}
|
||||
|
||||
/* "isCriticalSystemObject" might be set/changed */
|
||||
if (old_is_critical != new_is_critical) {
|
||||
/*
|
||||
* "isCriticalSystemObject" might be set/changed
|
||||
*
|
||||
* Even a change from UF_NORMAL_ACCOUNT (implicitly FALSE) to
|
||||
* UF_WORKSTATION_TRUST_ACCOUNT (actually FALSE) triggers
|
||||
* creating the attribute.
|
||||
*/
|
||||
if (old_is_critical != new_is_critical || old_atype != new_atype) {
|
||||
ret = ldb_msg_add_string(ac->msg, "isCriticalSystemObject",
|
||||
new_is_critical ? "TRUE": "FALSE");
|
||||
if (ret != LDB_SUCCESS) {
|
||||
|
Loading…
Reference in New Issue
Block a user