39 lines
1.4 KiB
Diff
39 lines
1.4 KiB
Diff
|
From bb092fc576868e30edf78136894472f95c4b039d Mon Sep 17 00:00:00 2001
|
||
|
|
From: Andrew Bartlett <abartlet@samba.org>
|
||
|
|
Date: Thu, 2 Mar 2023 17:24:15 +1300
|
||
|
|
Subject: [PATCH 33/34] CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated
|
||
|
|
on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN
|
||
|
|
|
||
|
|
Setting the LDB_HANDLE_FLAG_UNTRUSTED tells the acl_read module to operate on this request.
|
||
|
|
|
||
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
|
||
|
|
|
||
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||
|
|
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
||
|
|
|
||
|
|
Conflict: NA
|
||
|
|
Reference: https://attachments.samba.org/attachment.cgi?id=17821
|
||
|
|
---
|
||
|
|
lib/ldb-samba/ldb_matching_rules.c | 7 ++++++-
|
||
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/lib/ldb-samba/ldb_matching_rules.c b/lib/ldb-samba/ldb_matching_rules.c
|
||
|
|
index b86594c1823..59d1385f4e3 100644
|
||
|
|
--- a/lib/ldb-samba/ldb_matching_rules.c
|
||
|
|
+++ b/lib/ldb-samba/ldb_matching_rules.c
|
||
|
|
@@ -67,7 +67,12 @@ static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx,
|
||
|
|
* Note also that we don't have the original request
|
||
|
|
* here, so we can not apply controls or timeouts here.
|
||
|
|
*/
|
||
|
|
- ret = dsdb_search_dn(ldb, tmp_ctx, &res, to_visit->dn, attrs, 0);
|
||
|
|
+ ret = dsdb_search_dn(ldb,
|
||
|
|
+ tmp_ctx,
|
||
|
|
+ &res,
|
||
|
|
+ to_visit->dn,
|
||
|
|
+ attrs,
|
||
|
|
+ DSDB_MARK_REQ_UNTRUSTED);
|
||
|
|
if (ret != LDB_SUCCESS) {
|
||
|
|
talloc_free(tmp_ctx);
|
||
|
|
return ret;
|
||
|
|
--
|
||
|
|
2.25.1
|