mirror of
https://github.com/samba-team/samba.git
synced 2025-01-06 13:18:07 +03:00
9447c4e81e
Add a hook, acl_redact_msg_for_filter(), in the aclread module, that marks inaccessible any message elements used by an LDAP search filter that the user has no right to access. Make the various ldb_match_*() functions check whether message elements are accessible, and refuse to match any that are not. Remaining message elements, not mentioned in the search filter, are checked in aclread_callback(), and any inaccessible elements are removed at this point. Certain attributes, namely objectClass, distinguishedName, name, and objectGUID, are always present, and hence the presence of said attributes is always allowed to be checked in a search filter. This corresponds with the behaviour of Windows. Further, we unconditionally allow the attributes isDeleted and isRecycled in a check for presence or equality. Windows is not known to make this special exception, but it seems mostly harmless, and should mitigate the performance impact on searches made by the show_deleted module. As a result of all these changes, our behaviour regarding confidential attributes happens to match Windows more closely. For the test in confidential_attr.py, we can now model our attribute handling with DC_MODE_RETURN_ALL, which corresponds to the behaviour exhibited by Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> [abartlet@samba.org adapted due to Samba 4.17 and lower not having the patches for CVE-2020-25720 and 4.16 and lower not having the patches for CVE-2022-32743 ] |
||
|---|---|---|
| .. | ||
| ldb_kv_cache.c | ||
| ldb_kv_index.c | ||
| ldb_kv_search.c | ||
| ldb_kv.c | ||
| ldb_kv.h | ||