68 lines
2.5 KiB
Diff
68 lines
2.5 KiB
Diff
From 47f8a529885d321c4f787832d5934757656e8094 Mon Sep 17 00:00:00 2001
|
|
From: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Date: Tue, 6 Sep 2022 19:23:13 +1200
|
|
Subject: [PATCH 2/4] CVE-2023-0225 CVE-2020-25720 pydsdb: Add dsHeuristics
|
|
constant definitions
|
|
|
|
We want to be able to use these values in Python tests.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
|
|
|
|
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit cc709077822a39227174b91ed2345c2bd603f61f)
|
|
|
|
[abartlet@samba.org This patch is needed for a clean backport of
|
|
CVE-2023-0225 as these constants are used in the acl_modify test
|
|
even when this behaviour is not itself used.]
|
|
|
|
Conflict: NA
|
|
Reference: https://attachments.samba.org/attachment.cgi?id=17833
|
|
---
|
|
source4/dsdb/pydsdb.c | 30 ++++++++++++++++++++++++++++++
|
|
1 file changed, 30 insertions(+)
|
|
|
|
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
|
|
index bcfc7e95478..626d849a561 100644
|
|
--- a/source4/dsdb/pydsdb.c
|
|
+++ b/source4/dsdb/pydsdb.c
|
|
@@ -1665,6 +1665,36 @@ MODULE_INIT_FUNC(dsdb)
|
|
ADD_DSDB_FLAG(DS_NTDSDSA_OPT_DISABLE_NTDSCONN_XLATE);
|
|
ADD_DSDB_FLAG(DS_NTDSDSA_OPT_DISABLE_SPN_REGISTRATION);
|
|
|
|
+ /* dsHeuristics character indexes (see MS-ADTS 7.1.1.2.4.1.2) */
|
|
+ ADD_DSDB_FLAG(DS_HR_SUPFIRSTLASTANR);
|
|
+ ADD_DSDB_FLAG(DS_HR_SUPLASTFIRSTANR);
|
|
+ ADD_DSDB_FLAG(DS_HR_DOLISTOBJECT);
|
|
+ ADD_DSDB_FLAG(DS_HR_DONICKRES);
|
|
+ ADD_DSDB_FLAG(DS_HR_LDAP_USEPERMMOD);
|
|
+ ADD_DSDB_FLAG(DS_HR_HIDEDSID);
|
|
+ ADD_DSDB_FLAG(DS_HR_BLOCK_ANONYMOUS_OPS);
|
|
+ ADD_DSDB_FLAG(DS_HR_ALLOW_ANON_NSPI);
|
|
+ ADD_DSDB_FLAG(DS_HR_USER_PASSWORD_SUPPORT);
|
|
+ ADD_DSDB_FLAG(DS_HR_TENTH_CHAR);
|
|
+ ADD_DSDB_FLAG(DS_HR_SPECIFY_GUID_ON_ADD);
|
|
+ ADD_DSDB_FLAG(DS_HR_NO_STANDARD_SD);
|
|
+ ADD_DSDB_FLAG(DS_HR_ALLOW_NONSECURE_PWD_OPS);
|
|
+ ADD_DSDB_FLAG(DS_HR_NO_PROPAGATE_ON_NOCHANGE);
|
|
+ ADD_DSDB_FLAG(DS_HR_COMPUTE_ANR_STATS);
|
|
+ ADD_DSDB_FLAG(DS_HR_ADMINSDEXMASK);
|
|
+ ADD_DSDB_FLAG(DS_HR_KVNOEMUW2K);
|
|
+
|
|
+ ADD_DSDB_FLAG(DS_HR_TWENTIETH_CHAR);
|
|
+ ADD_DSDB_FLAG(DS_HR_ATTR_AUTHZ_ON_LDAP_ADD);
|
|
+ ADD_DSDB_FLAG(DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS);
|
|
+ ADD_DSDB_FLAG(DS_HR_THIRTIETH_CHAR);
|
|
+ ADD_DSDB_FLAG(DS_HR_FOURTIETH_CHAR);
|
|
+ ADD_DSDB_FLAG(DS_HR_FIFTIETH_CHAR);
|
|
+ ADD_DSDB_FLAG(DS_HR_SIXTIETH_CHAR);
|
|
+ ADD_DSDB_FLAG(DS_HR_SEVENTIETH_CHAR);
|
|
+ ADD_DSDB_FLAG(DS_HR_EIGHTIETH_CHAR);
|
|
+ ADD_DSDB_FLAG(DS_HR_NINETIETH_CHAR);
|
|
+
|
|
ADD_DSDB_FLAG(NTDSCONN_KCC_GC_TOPOLOGY);
|
|
ADD_DSDB_FLAG(NTDSCONN_KCC_RING_TOPOLOGY);
|
|
ADD_DSDB_FLAG(NTDSCONN_KCC_MINIMIZE_HOPS_TOPOLOGY);
|
|
--
|
|
2.25.1
|