mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4:drsuapi RPC server - check for the "SPN" attribute != NULL
The SPN attribute could derive from an untrusted source (client). Reviewed-by: Jelmer
This commit is contained in:
parent
0e68867b26
commit
fecf925043
@ -59,6 +59,12 @@ static bool writespn_check_spn(struct drsuapi_bind_state *b_state,
|
|||||||
krb5_principal principal;
|
krb5_principal principal;
|
||||||
const char *dns_name, *dnsHostName;
|
const char *dns_name, *dnsHostName;
|
||||||
|
|
||||||
|
/* The service principal name shouldn't be NULL */
|
||||||
|
if (spn == NULL) {
|
||||||
|
talloc_free(tmp_ctx);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
get the objectSid of the DN that is being modified, and
|
get the objectSid of the DN that is being modified, and
|
||||||
check it matches the user_sid in their token
|
check it matches the user_sid in their token
|
||||||
|
Loading…
Reference in New Issue
Block a user