1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-07 17:18:11 +03:00

CVE-2018-10919 acl_read: Flip the logic in the dirsync check

This better reflects the special case we're making for dirsync, and gets
rid of a 'if-else' clause.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This commit is contained in:
Tim Beale 2018-07-30 16:00:15 +12:00 committed by Karolin Seeger
parent 533106ae9c
commit 9605ecc7e1

View File

@ -241,10 +241,12 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares)
if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
bool in_search_filter;
/* check if attr is part of the search filter */
in_search_filter = dsdb_attr_in_parse_tree(ac->req->op.search.tree,
msg->elements[i].name);
if (ac->indirsync) {
if (in_search_filter) {
/*
* We are doing dirysnc answers
* and the object shouldn't be returned (normally)
@ -253,21 +255,16 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares)
* (remove the object if it is not deleted, or return
* just the objectGUID if it's deleted).
*/
if (in_search_filter) {
if (ac->indirsync) {
ldb_msg_remove_attr(msg, "replPropertyMetaData");
break;
} else {
aclread_mark_inaccesslible(&msg->elements[i]);
}
} else {
/*
* do not return this entry if attribute is
* part of the search filter
*/
if (in_search_filter) {
/* do not return this entry */
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
} else {
aclread_mark_inaccesslible(&msg->elements[i]);
}
} else if (ret != LDB_SUCCESS) {