sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-03 01:18:10 +03:00
Code

CVE-2023-0614 dsdb: Add DSDB_MARK_REQ_UNTRUSTED

Browse Source 
This will allow our dsdb helper search functions to mark the new
request as untrusted, forcing read ACL evaluation (per current behaviour).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

[abartlet@samba.org adapted due to Samba 4.16 and lower
 not having the patches for CVE-2022-32743]
This commit is contained in:
Andrew Bartlett 2023-03-02 16:31:17 +13:00 committed by Jule Anger
parent 1cfaa078ff
commit c64b48b2b2
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source4/dsdb/common/util.c
View File

@ -4606,6 +4606,10 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
} }
} }
if (dsdb_flags & DSDB_MARK_REQ_UNTRUSTED) {
ldb_req_mark_untrusted(req);
}
return LDB_SUCCESS; return LDB_SUCCESS;
} }

1
source4/dsdb/common/util.h
View File

@ -43,6 +43,7 @@
#define DSDB_MODIFY_PARTIAL_REPLICA 0x04000 #define DSDB_MODIFY_PARTIAL_REPLICA 0x04000
#define DSDB_PASSWORD_BYPASS_LAST_SET 0x08000 #define DSDB_PASSWORD_BYPASS_LAST_SET 0x08000
#define DSDB_REPLMD_VANISH_LINKS 0x10000 #define DSDB_REPLMD_VANISH_LINKS 0x10000
#define DSDB_MARK_REQ_UNTRUSTED 0x20000
bool is_attr_in_list(const char * const * attrs, const char *attr); bool is_attr_in_list(const char * const * attrs, const char *attr);