| commit | 21d628e045712405663e77e6e01084234df6a99c | |
| author | Tim Beale <timbeale@catalyst.net.nz> | |
| Thu, 19 Jul 2018 04:03:36 +0000 (19 16:03 +1200) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Tue, 14 Aug 2018 11:57:15 +0000 (14 13:57 +0200) | ||
| tree | a27753d5f32b0f7e9657c71aa68067f53e118034 | treesnapshot (tar.gz zip) |
| parent | be4c0938b0f47d246d3aaacdc6c9a3fedf8ab6e0 | commitdiff |
CVE-2018-10919 security: Move object-specific access checks into separate function
Object-specific access checks refer to a specific section of the
MS-ADTS, and the code closely matches the spec. We need to extend this
logic to properly handle the Control-Access Right (CR), so it makes
sense to split the logic out into its own function.
This patch just moves the code, and should not alter the logic (apart
from ading in the boolean grant_access return variable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Object-specific access checks refer to a specific section of the
MS-ADTS, and the code closely matches the spec. We need to extend this
logic to properly handle the Control-Access Right (CR), so it makes
sense to split the logic out into its own function.
This patch just moves the code, and should not alter the logic (apart
from ading in the boolean grant_access return variable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
| libcli/security/access_check.c | diffblobblamehistory |