sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-07 17:18:11 +03:00
Code
0535afe7fa
samba-mirror/source4/dsdb
History
Andrew Bartlett 07f9a85a16 CVE-2020-25722 Ensure the structural objectclass cannot be changed 
If the structural objectclass is allowed to change, then the restrictions
locking an object to remaining a user or computer will not be enforcable.

Likewise other LDAP inheritance rules, which allow only certain
child objects can be bypassed, which can in turn allow creation of
(unprivileged) users where only DNS objects were expected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14889

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2021-11-08 10:46:45 +01:00
..
common CVE-2020-25718 kdc: Return ERR_POLICY if RODC krbtgt account is invalid 2021-11-08 10:46:45 +01:00
dns s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
kcc s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
repl s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
samdb CVE-2020-25722 Ensure the structural objectclass cannot be changed 2021-11-08 10:46:45 +01:00
schema dsdb: Be careful to avoid use of the expensive talloc_is_parent() 2021-09-13 07:50:09 +00:00
tests/python CVE-2020-25722 selftest: Adapt ldap.py tests to new objectClass restrictions 2021-11-08 10:46:44 +01:00
pydsdb.c CVE-2020-25722 pydsdb: Add API to return strings of known UF_ flags 2021-11-08 10:46:42 +01:00
samdb.pc.in s4-pkgconfig: add @LIB_RPATH@ to our link flags 2010-12-08 12:46:00 +01:00
wscript_build CVE-2020-25718 dsdb: Bring sid_helper.c into common code as rodc_helper.c 2021-11-08 10:46:45 +01:00