mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2022-32743 dsdb/common: Add FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE control
Passing this control will grant the right to set validated values for dNSHostName and servicePrincipalName, and non-validated values for other attributes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
b95431ab23
commit
c2ab1f4696
@ -4546,6 +4546,13 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (dsdb_flags & DSDB_FLAG_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE) {
|
||||||
|
ret = ldb_request_add_control(req, DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID, true, NULL);
|
||||||
|
if (ret != LDB_SUCCESS) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return LDB_SUCCESS;
|
return LDB_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -39,3 +39,4 @@ struct netlogon_samlogon_response;
|
|||||||
#define DSDB_FLAG_TOP_MODULE 0x00800000
|
#define DSDB_FLAG_TOP_MODULE 0x00800000
|
||||||
#define DSDB_FLAG_TRUSTED 0x01000000
|
#define DSDB_FLAG_TRUSTED 0x01000000
|
||||||
#define DSDB_FLAG_REPLICATED_UPDATE 0x02000000
|
#define DSDB_FLAG_REPLICATED_UPDATE 0x02000000
|
||||||
|
#define DSDB_FLAG_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE 0x04000000
|
||||||
|
@ -226,6 +226,12 @@ struct dsdb_control_transaction_identifier {
|
|||||||
struct GUID transaction_guid;
|
struct GUID transaction_guid;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
* passed when we want to allow validated writes to dNSHostName and
|
||||||
|
* servicePrincipalName.
|
||||||
|
*/
|
||||||
|
#define DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID "1.3.6.1.4.1.7165.4.3.35"
|
||||||
|
|
||||||
#define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
|
#define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
|
||||||
struct dsdb_extended_replicated_object {
|
struct dsdb_extended_replicated_object {
|
||||||
struct ldb_message *msg;
|
struct ldb_message *msg;
|
||||||
|
Loading…
Reference in New Issue
Block a user