sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-03 13:47:25 +03:00
Code
samba-mirror/source4/dsdb/samdb/ldb_modules
History
Nadezhda Ivanova 8da6d0bf6f CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the Applies-to attribute 
Validate Writes and Control Access Rights only grant access if the
object is of the type listed in the Right's appliesTo attribute. For
example, even though a Validated-SPN access may be granted to a user
object in the SD, it should only pass if the object is of class
computer This patch enforces the appliesTo attribute classes for
access checks from within the ldb stack.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14832

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:33 +00:00
..
tests
python: remove all 'from __future__ import print_function'
2021-04-28 03:43:34 +00:00
acl_read.c
s4:dsdb:acl_read: Implement "List Object" mode feature
2020-10-21 08:48:01 +00:00
acl_util.c
CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the Applies-to attribute
2021-11-09 19:45:33 +00:00
acl.c
CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the Applies-to attribute
2021-11-09 19:45:33 +00:00
anr.c
Fix build after removal of an extra safe_string.h
2020-10-01 22:45:29 +00:00
audit_log.c
audit_log: Align integer types
2020-01-03 00:04:43 +00:00
audit_util.c
dsdb: Align integer types
2019-02-27 01:35:19 +01:00
count_attrs.c
lib/util: remove extra safe_string.h file
2020-08-28 02:18:40 +00:00
descriptor.c
dsdb: Slightly tune get_new_descriptor()
2021-04-19 18:18:32 +00:00
dirsync.c
CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the Applies-to attribute
2021-11-09 19:45:33 +00:00
dns_notify.c
Fix build after removal of an extra safe_string.h
2020-10-01 22:45:29 +00:00
dsdb_notification.c
dsdb: Correctly call ldb_module_done in dsdb_notification
2017-06-15 01:24:25 +02:00
encrypted_secrets.c
lib/util: remove extra safe_string.h file
2020-08-28 02:18:40 +00:00
extended_dn_in.c
dsdb: Fix a typo
2021-01-08 20:31:33 +00:00
extended_dn_out.c
lib/util: remove extra safe_string.h file
2020-08-28 02:18:40 +00:00
extended_dn_store.c
dsdb mods/extended_dn_store: used the ldb we already have
2019-04-05 04:41:25 +00:00
group_audit.c
samdb: Fix an uninitialized variable read
2021-08-06 17:22:30 +00:00
instancetype.c
dsdb: Permit creation of partitions of type INSTANCE_TYPE_UNINSTANT
2014-09-01 00:36:42 +02:00
lazy_commit.c
linked_attributes.c
lib/util: remove extra safe_string.h file
2020-08-28 02:18:40 +00:00
netlogon.c
s4: rename source4/smbd/ to source4/samba/
2020-11-27 10:07:18 +00:00
new_partition.c
objectclass_attrs.c
Fix build after removal of an extra safe_string.h
2020-10-01 22:45:29 +00:00
objectclass.c
Fix build after removal of an extra safe_string.h
2020-10-01 22:45:29 +00:00
objectguid.c
dsdb/samdb/ldb_modules: Use correct member of union
2021-09-04 00:10:37 +00:00
operational.c
dsdb: Fix CID 1473453: Null pointer dereferences
2021-03-06 02:20:05 +00:00
paged_results.c
CVE-2020-10760 dsdb: Ensure a proper talloc tree for saved controls
2020-07-02 09:01:41 +00:00
partition_init.c
dsdb: Remove OpenLDAP backend complexity from partitions module
2019-08-30 08:32:30 +00:00
partition_metadata.c
lib: relicense smb_strtoul(l) under LGPLv3
2020-08-03 22:21:02 +00:00
partition.c
dsdb: Rewrite comment to remove refernece to LDAP backends
2020-02-28 04:42:23 +00:00
partition.h
dsdb: Remove OpenLDAP backend complexity from partitions module
2019-08-30 08:32:30 +00:00
password_hash.c
CVE-2020-25722 dsdb: Move krbtgt password setup after the point of checking if any passwords are changed
2021-11-09 19:45:32 +00:00
password_modules.h
proxy.c
s4:dsdsb: Check return code of cli_credentials_guess()
2021-06-29 02:19:35 +00:00
ranged_results.c
lib/util: remove extra safe_string.h file
2020-08-28 02:18:40 +00:00
repl_meta_data.c
dsdb/samdb/ldb_modules: Use correct member of union
2021-09-04 00:10:37 +00:00
resolve_oids.c
s4:dsdb: Fix warnings about not set / set but unused / shadowed variables
2013-04-19 13:15:40 +02:00
ridalloc.c
ridalloc: Don't skip the first RID of a pool
2021-06-11 07:41:38 +00:00
rootdse.c
dsdb: Fix CID 1473454: Null pointer dereferences
2021-03-06 02:20:05 +00:00
samba3sam.c
s4:samdb: Use C99 initializer for last element of ldb_map_objectclass
2019-01-28 10:29:24 +01:00
samba3sid.c
samba_dsdb.c
dsdb: Remove OpenLDAP backend complexity from samba_dsdb module
2019-08-30 09:50:25 +00:00
samba_secrets.c
samldb.c
CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the Applies-to attribute
2021-11-09 19:45:33 +00:00
schema_data.c
lib/util: remove extra safe_string.h file
2020-08-28 02:18:40 +00:00
schema_load.c
Fix a comment typo copied around
2020-08-17 19:35:38 +00:00
schema_util.c
s4:dsdb/schema: don't change schema->schema_info on originating schema changes.
2016-08-11 00:49:14 +02:00
secrets_tdb_sync.c
dlist: remove unneeded type argument from DLIST_ADD_END()
2016-02-06 21:48:17 +01:00
show_deleted.c
show-deleted: Rename attr_filter to exclude_filter for clarity
2017-06-30 06:23:39 +02:00
subtree_delete.c
dsdb: Remove sort from subtree_delete and add comments.
2018-05-30 04:23:27 +02:00
subtree_rename.c
subtree_rename: Correct comments
2018-05-30 04:23:27 +02:00
tombstone_reanimate.c
Revert "dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests"
2016-07-09 15:06:19 +02:00
unique_object_sids.c
source4 dsdb modules: Add new module "unique_object_sids"
2017-12-10 00:47:29 +01:00
update_keytab.c
dlist: remove unneeded type argument from DLIST_ADD_END()
2016-02-06 21:48:17 +01:00
util.c
s4:dsdb:util: add dsdb_do_list_object() helper
2020-10-21 07:25:37 +00:00
util.h
dsdb: Ensure replication of renames works in schema partition
2017-06-15 01:24:25 +02:00
vlv_pagination.c
CVE-2020-10760 dsdb: Ensure a proper talloc tree for saved controls
2020-07-02 09:01:41 +00:00
wscript
waf: Move check for gnutls_aead_cipher_init to main gnutls wscript
2019-04-30 23:18:27 +00:00
wscript_build
build: Do not build selftest binaries for builds without --enable-selftest
2019-11-22 11:48:59 +00:00
wscript_build_server
build: Do not build selftest binaries for builds without --enable-selftest
2019-11-22 11:48:59 +00:00