mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2022-32743 dsdb/common: Add FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE control
Passing this control will grant the right to set validated values for dNSHostName and servicePrincipalName, and non-validated values for other attributes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
b95431ab23
commit
c2ab1f4696
@ -4546,6 +4546,13 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
|
||||
}
|
||||
}
|
||||
|
||||
if (dsdb_flags & DSDB_FLAG_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE) {
|
||||
ret = ldb_request_add_control(req, DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID, true, NULL);
|
||||
if (ret != LDB_SUCCESS) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
return LDB_SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -39,3 +39,4 @@ struct netlogon_samlogon_response;
|
||||
#define DSDB_FLAG_TOP_MODULE 0x00800000
|
||||
#define DSDB_FLAG_TRUSTED 0x01000000
|
||||
#define DSDB_FLAG_REPLICATED_UPDATE 0x02000000
|
||||
#define DSDB_FLAG_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE 0x04000000
|
||||
|
@ -226,6 +226,12 @@ struct dsdb_control_transaction_identifier {
|
||||
struct GUID transaction_guid;
|
||||
};
|
||||
|
||||
/*
|
||||
* passed when we want to allow validated writes to dNSHostName and
|
||||
* servicePrincipalName.
|
||||
*/
|
||||
#define DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID "1.3.6.1.4.1.7165.4.3.35"
|
||||
|
||||
#define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
|
||||
struct dsdb_extended_replicated_object {
|
||||
struct ldb_message *msg;
|
||||
|
Loading…
Reference in New Issue
Block a user