1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source4
Nadezhda Ivanova 8da6d0bf6f CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the Applies-to attribute
Validate Writes and Control Access Rights only grant access if the
object is of the type listed in the Right's appliesTo attribute. For
example, even though a Validated-SPN access may be granted to a user
object in the SD, it should only pass if the object is of class
computer This patch enforces the appliesTo attribute classes for
access checks from within the ldb stack.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14832

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:33 +00:00
..
auth CVE-2020-25719 CVE-2020-25717: s4:auth: remove unused auth_generate_session_info_principal() 2021-11-09 19:45:33 +00:00
build/pasn1
cldap_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
client s4/cifsdd: don't ignore unknown options 2021-09-10 15:10:30 +00:00
cluster dbwrap: Remove calls to loadparm 2018-04-24 01:53:19 +02:00
dns_server s4/dnsserver: Fix NULL check 2021-09-04 00:10:37 +00:00
dsdb CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the Applies-to attribute 2021-11-09 19:45:33 +00:00
echo_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
heimdal HEIMDAL:kdc: Fix transit path validation CVE-2017-6594 2021-10-20 10:58:37 +00:00
heimdal_build kdc: sign ticket using Windows PAC 2021-10-14 18:59:31 +00:00
include lib: Remove global xfile.h includes 2016-11-20 06:23:19 +01:00
kdc CVE-2020-25717: Add FreeIPA domain controller role 2021-11-09 19:45:33 +00:00
ldap_server s4:ldap_server: Use cli_credentials_init_server() 2021-04-09 10:46:28 +00:00
lib s4/regtree: don't ignore unknown options 2021-09-10 15:10:30 +00:00
libcli auth:creds: Add obtained arg to cli_credentials_set_gensec_features() 2021-04-28 03:43:34 +00:00
libnet s4:libnet: Allow libnet_SetPassword() for encrypted SMB connections 2021-08-03 09:28:38 +00:00
librpc CVE-2020-25721 ndrdump: Add tests for PAC with UPN_DNS_INFO 2021-11-09 19:45:32 +00:00
nbt_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
ntp_signd s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
ntvfs s4: ntvfs: Missed comma in 24c09f913d, string would be concatenated. 2021-08-25 18:02:05 +00:00
param libcli/smb: actually make use of "client/server smb3 signing algorithms" 2021-07-15 00:06:31 +00:00
rpc_server CVE-2020-25717: Add FreeIPA domain controller role 2021-11-09 19:45:33 +00:00
samba samba: Save a line with TALLOC_FREE 2021-10-08 19:28:31 +00:00
script python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
scripting gp: Apply Firewalld Policy 2021-11-01 21:16:43 +00:00
selftest CVE-2020-25717: selftest: Add a test for the new 'min domain uid' parameter 2021-11-09 19:45:33 +00:00
setup s4:samba: Migrate samba daemon to new cmdline option parser 2021-04-29 03:58:37 +00:00
smb_server CVE-2020-25717: s4:smb_server: start with authoritative = 1 2021-11-09 19:45:32 +00:00
torture CVE-2020-25717: s4:torture: start with authoritative = 1 2021-11-09 19:45:32 +00:00
utils s4:utils: Migrate oLschema2ldif to new cmdline option parser 2021-06-20 23:26:32 +00:00
winbind s3: Remove --log-stdout from daemons 2021-04-29 03:58:37 +00:00
wrepl_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
.clang_complete
.valgrind_suppressions
wscript_build s4:client: Migrate cifsdd to new cmdline option parser 2021-06-16 00:34:38 +00:00