sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00
Code
353d3df3dd
samba-mirror/lib/ldb
History
Joseph Sutton 9447c4e81e CVE-2023-0614 ldb: Prevent disclosure of confidential attributes 
Add a hook, acl_redact_msg_for_filter(), in the aclread module, that
marks inaccessible any message elements used by an LDAP search filter
that the user has no right to access. Make the various ldb_match_*()
functions check whether message elements are accessible, and refuse to
match any that are not. Remaining message elements, not mentioned in the
search filter, are checked in aclread_callback(), and any inaccessible
elements are removed at this point.

Certain attributes, namely objectClass, distinguishedName, name, and
objectGUID, are always present, and hence the presence of said
attributes is always allowed to be checked in a search filter. This
corresponds with the behaviour of Windows.

Further, we unconditionally allow the attributes isDeleted and
isRecycled in a check for presence or equality. Windows is not known to
make this special exception, but it seems mostly harmless, and should
mitigate the performance impact on searches made by the show_deleted
module.

As a result of all these changes, our behaviour regarding confidential
attributes happens to match Windows more closely. For the test in
confidential_attr.py, we can now model our attribute handling with
DC_MODE_RETURN_ALL, which corresponds to the behaviour exhibited by
Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

[abartlet@samba.org adapted due to Samba 4.17 and lower
 not having the patches for CVE-2020-25720 and 4.16 and lower
 not having the patches for CVE-2022-32743 ]
2023-03-20 10:03:38 +01:00
..
ABI CVE-2022-32746 ldb: Release LDB 2.5.2 2022-07-24 09:20:22 +02:00
common CVE-2023-0614 ldb: Prevent disclosure of confidential attributes 2023-03-20 10:03:38 +01:00
docs
examples
include CVE-2023-0614 ldb: Prevent disclosure of confidential attributes 2023-03-20 10:03:38 +01:00
ldb_key_value CVE-2023-0614 ldb: Prevent disclosure of confidential attributes 2023-03-20 10:03:38 +01:00
ldb_ldap ldb_ldap: Fix a memleak 2020-07-02 10:38:34 +00:00
ldb_ldb ldb: Add MDB support to ldb:// 2018-05-23 02:27:12 +02:00
ldb_map CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message 2022-07-24 09:20:21 +02:00
ldb_mdb Fix clang 9 parentheses-equality warnings 2020-05-08 09:31:31 +00:00
ldb_sqlite3 CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite 2018-08-14 13:57:15 +02:00
ldb_tdb lib ldb key value backends: Add nested txn support 2019-06-21 04:27:12 +00:00
man Spelling fixes s/overrided/overridden/ 2019-04-02 01:12:11 +00:00
modules CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message 2022-07-24 09:20:21 +02:00
nssldb
tests CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place 2023-03-20 10:03:38 +01:00
tools lib:ldb-samba: Improve calculate_popt_array_length() 2021-06-16 00:34:38 +00:00
web
_ldb_text.py ldb/tests/_ldb_text: remove unused imports 2018-10-25 21:45:55 +02:00
configure build: Move python detection back into waf (instead of in configure and Makefile) 2018-12-14 14:40:19 +01:00
Doxyfile
examples.dox
ldb.pc.in
mainpage.dox
Makefile Search for location of waf script 2019-02-26 10:39:24 +01:00
pyldb_util.c pyldb: rename pyldb_Dn_AsDn() to pyldb_Dn_AS_DN() 2019-07-10 04:32:13 +00:00
pyldb-util.pc.in lib/ldb: Enable use of a python3 pyldb-util system library 2017-03-10 07:31:10 +01:00
pyldb.c pyldb: Make ldb.Message containment testing consistent with indexing 2021-09-28 09:44:35 +00:00
pyldb.h pyldb: rename pyldb_Dn_AsDn() to pyldb_Dn_AS_DN() 2019-07-10 04:32:13 +00:00
README_gcov.txt
wscript CVE-2023-0614 ldb: Add function to filter message in place 2023-03-20 10:03:38 +01:00