sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

getncchanges: include object SID in tokenGroups calculation for repl secret

Browse Source 
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Garming Sam 2017-03-03 16:02:40 +13:00 committed by Andrew Bartlett
parent f869da8161
commit 6b2425343b
2 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
selftest/knownfail
View File

@ -315,4 +315,3 @@
^samba3.smb2.credits.session_setup_credits_granted.*
^samba3.smb2.credits.single_req_credits_granted.*
^samba3.smb2.credits.skipped_mid.*
^samba4.drs.repl_rodc.python.*repl_rodc.DrsRodcTestCase.test_msDSRevealedUsers_local_deny_allow

18
source4/rpc_server/drsuapi/getncchanges.c
View File

@ -1129,13 +1129,14 @@ static WERROR samdb_result_sid_array_dn(struct ldb_context *sam_ctx,
/*
return an array of SIDs from a ldb_message given an attribute name
assumes the SIDs are in NDR form
assumes the SIDs are in NDR form (with an additional sid at the end)
*/
static WERROR samdb_result_sid_array_ndr(struct ldb_context *sam_ctx,
struct ldb_message *msg,
TALLOC_CTX *mem_ctx,
const char *attr,
const struct dom_sid ***sids)
const struct dom_sid ***sids,
const struct dom_sid *user_sid)
{
struct ldb_message_element *el;
unsigned int i;
@ -1146,7 +1147,8 @@ static WERROR samdb_result_sid_array_ndr(struct ldb_context *sam_ctx,
return WERR_OK;
}
(*sids) = talloc_array(mem_ctx, const struct dom_sid *, el->num_values + 1);
/* Make array long enough for NULL and additional SID */
(*sids) = talloc_array(mem_ctx, const struct dom_sid *, el->num_values + 2);
W_ERROR_HAVE_NO_MEMORY(*sids);
for (i=0; i<el->num_values; i++) {
@ -1163,7 +1165,8 @@ static WERROR samdb_result_sid_array_ndr(struct ldb_context *sam_ctx,
}
(*sids)[i] = sid;
}
(*sids)[i] = NULL;
(*sids)[i] = user_sid;
(*sids)[i+1] = NULL;
return WERR_OK;
}
@ -1205,6 +1208,7 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
const char *obj_attrs[] = { "tokenGroups", "objectSid", "UserAccountControl", "msDS-KrbTgtLinkBL", NULL };
struct ldb_result *rodc_res, *obj_res;
const struct dom_sid **never_reveal_sids, **reveal_sids, **token_sids;
const struct dom_sid *object_sid = NULL;
WERROR werr;
DEBUG(3,(__location__ ": DRSUAPI_EXOP_REPL_SECRET extended op on %s\n",
@ -1289,8 +1293,8 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
if (ret != LDB_SUCCESS || obj_res->count != 1) goto failed;
/* if the object SID is equal to the user_sid, allow */
if (dom_sid_equal(user_sid,
samdb_result_dom_sid(mem_ctx, obj_res->msgs[0], "objectSid"))) {
object_sid = samdb_result_dom_sid(mem_ctx, obj_res->msgs[0], "objectSid");
if (dom_sid_equal(user_sid, object_sid)) {
goto allowed;
}
@ -1335,7 +1339,7 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
}
werr = samdb_result_sid_array_ndr(b_state->sam_ctx_system, obj_res->msgs[0],
mem_ctx, "tokenGroups", &token_sids);
mem_ctx, "tokenGroups", &token_sids, object_sid);
if (!W_ERROR_IS_OK(werr) || token_sids==NULL) {
goto denied;
}