1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source4/libcli
Nadezhda Ivanova 08187833fe CVE-2020-25720: s4-acl: Change behavior of Create Children check
Up to now, the rights to modify an attribute were not checked during an LDAP
add operation. This means that even if a user has no right to modify
an attribute, they can still specify any value during object creation,
and the validated writes were not checked.
This patch changes this behavior. During an add operation,
a security descriptor is created that does not include the one provided by the
user, and is used to verify that the user has the right to modify the supplied attributes.
Exception is made for an object's mandatory attributes, and if the user has Write DACL right,
further checks are skipped.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-16 02:32:36 +00:00
..
composite s4-libcli: Remove unused header from composite/composite.c 2019-11-10 22:27:47 +00:00
dgram s4:libcli: Covscan: unchecked return value for file_save() 2022-05-14 03:49:32 +00:00
ldap CVE-2020-25720: s4-acl: Change behavior of Create Children check 2022-09-16 02:32:36 +00:00
rap s4-libcli/rap: Set the switch_value before NDR_BUFFERS to prepare for new libndr behaviour 2019-12-12 02:30:40 +00:00
raw smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv 2022-08-26 19:54:03 +00:00
resolve lib: addns: Fix ads_dns_lookup_srv() and functions to return size_t * num servers. 2020-09-15 10:09:37 +00:00
smb2 smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv 2022-08-26 19:54:03 +00:00
smb_composite smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv 2022-08-26 19:54:03 +00:00
util Add SMB2 lsa helper routines 2020-04-28 18:09:39 +00:00
wbclient wbclient: "ev" is no longer used in wbc_xids_to_sids 2016-09-28 00:04:36 +02:00
wrepl
cliconnect.c
clideltree.c s4: libcli: In smbcli_deltree() use smbcli_unlink_wcard() in place of smbcli_unlink(). 2021-12-09 18:06:35 +00:00
clifile.c s4: libcli: smbcli_unlink() is no longer used with wildcard patterns. 2021-12-09 18:06:35 +00:00
clilist.c util: Drop unused variable num_received 2022-02-17 18:12:51 +00:00
climessage.c
clireadwrite.c source4/libcli/clireadwrite.c: typo fixes 2019-10-31 00:43:37 +00:00
clitrans2.c
finddc.h
finddcs_cldap.c
libcli.h s4: libcli: Add smbcli_unlink_wcard(). 2021-12-09 18:06:35 +00:00
wscript_build s4:libcli: Remove (now unused) pysmb.c bindings 2019-01-26 04:05:25 +01:00