mirror of
https://github.com/samba-team/samba.git
synced 2025-01-12 09:18:10 +03:00
4c9b380527
Bug 12977 highlighted that Samba only checks exop GetNcChanges requests once, when they're first received. This makes sense because valid exop requests should only ever involve a single request. For regular (non-exop) GetNcChanges requests, the server stores a cache of the object GUIDs to return. What we don't want to happen is for a malicious/compromised RODC to use this cache to circumvent privilege checks, and receive secrets that it's normally not permitted to access (e.g. the administrator's password). The specific scenario we're concerned about is: - The RODC sends a regular GetNcChanges request for all objects (without secrets). (This causes the server to build its GUID array cache). - The RODC then sends a follow-on request for the next chunk, but sets the REPL_SECRET exop this time. The only thing inadvertently preventing Samba from leaking secrets in this case is updating msDS-RevealedUsers for auditing. It's possible that a future code change may alter the codepath and open up a security-hole without realizing. This patch adds a test case so if that ever did happen, the selftests would detect the problem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12977 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> |
||
|---|---|---|
| .. | ||
| auth | ||
| build/pasn1 | ||
| cldap_server | ||
| client | ||
| cluster | ||
| dns_server | ||
| dsdb | ||
| echo_server | ||
| heimdal | ||
| heimdal_build | ||
| include | ||
| kdc | ||
| ldap_server | ||
| lib | ||
| libcli | ||
| libnet | ||
| librpc | ||
| nbt_server | ||
| ntp_signd | ||
| ntvfs | ||
| param | ||
| rpc_server | ||
| script | ||
| scripting | ||
| selftest | ||
| setup | ||
| smb_server | ||
| smbd | ||
| torture | ||
| utils | ||
| web_server | ||
| winbind | ||
| wrepl_server | ||
| .clang_complete | ||
| .valgrind_suppressions | ||
| wscript_build | ||