packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0032-CVE-2023-0614.patch

49 lines
1.6 KiB
Diff
Raw Blame History

From d857b406e44254b37aa91d0c8d226e417ce123ce Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 2 Mar 2023 16:31:17 +1300
Subject: [PATCH 30/34] CVE-2023-0614 dsdb: Add DSDB_MARK_REQ_UNTRUSTED
This will allow our dsdb helper search functions to mark the new
request as untrusted, forcing read ACL evaluation (per current behaviour).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17821
---
source4/dsdb/common/util.c | 4 ++++
source4/dsdb/common/util.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index b556f06cb63..39b29cd2a0c 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -4878,6 +4878,10 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
}
}
+ if (dsdb_flags & DSDB_MARK_REQ_UNTRUSTED) {
+ ldb_req_mark_untrusted(req);
+ }
+
return LDB_SUCCESS;
}
diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h
index e1854644d53..5bb96d60b3c 100644
--- a/source4/dsdb/common/util.h
+++ b/source4/dsdb/common/util.h
@@ -43,6 +43,7 @@
#define DSDB_MODIFY_PARTIAL_REPLICA 0x04000
#define DSDB_PASSWORD_BYPASS_LAST_SET 0x08000
#define DSDB_REPLMD_VANISH_LINKS 0x10000
+#define DSDB_MARK_REQ_UNTRUSTED 0x20000
bool is_attr_in_list(const char * const * attrs, const char *attr);
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink