mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added to an object
If an added SPN already exists on an object, we still want to check the rest of the element values for conflicts. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
c58ede44f3
commit
1a5dc817c0
@ -1,2 +1 @@
|
|||||||
samba.tests.ldap_spn.+LdapSpnTest.test_spn_dodgy_spns
|
samba.tests.ldap_spn.+LdapSpnTest.test_spn_dodgy_spns
|
||||||
samba.tests.ldap_spn.+LdapSpnSambaOnlyTest.test_spn_add_a_conflict_along_with_a_re_added_SPN
|
|
||||||
|
@ -4006,8 +4006,7 @@ static int samldb_spn_uniqueness_check(struct samldb_ctx *ac,
|
|||||||
ac->msg->dn);
|
ac->msg->dn);
|
||||||
if (ret == LDB_ERR_COMPARE_TRUE) {
|
if (ret == LDB_ERR_COMPARE_TRUE) {
|
||||||
DBG_INFO("SPN %s re-added to the same object\n", spn);
|
DBG_INFO("SPN %s re-added to the same object\n", spn);
|
||||||
talloc_free(tmp_ctx);
|
continue;
|
||||||
return LDB_SUCCESS;
|
|
||||||
}
|
}
|
||||||
if (ret != LDB_SUCCESS) {
|
if (ret != LDB_SUCCESS) {
|
||||||
DBG_ERR("SPN %s failed direct uniqueness check\n", spn);
|
DBG_ERR("SPN %s failed direct uniqueness check\n", spn);
|
||||||
|
Loading…
Reference in New Issue
Block a user