search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 7638abd) | patch
CVE-2022-32743 dsdb/modules/acl: Allow simultaneous sAMAccountName, dNSHostName,...
commite1c52ac05a9ff505d2e5eac2f1ece4e95844ee71
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Tue, 7 Jun 2022 05:38:55 +0000 (7 17:38 +1200)
committerDouglas Bagnall <dbagnall@samba.org>
Thu, 28 Jul 2022 22:47:38 +0000 (28 22:47 +0000)
treeb08ef59f9349434222dc7a7ed502c803913fb493tree | snapshot (tar.gz zip)
parent7638abd38a13f9d2b5c769eb12c70eacf49b3806commit | diff
CVE-2022-32743 dsdb/modules/acl: Allow simultaneous sAMAccountName, dNSHostName, and servicePrincipalName change

If the message changes the sAMAccountName, we'll check dNSHostName and
servicePrincipalName values against the new value of sAMAccountName,
rather than the account's current value. Similarly, if the message
changes the dNSHostName, we'll check servicePrincipalName values against
the new dNSHostName. This allows setting more than one of these
attributes simultaneously with validated write rights.

We now pass 'struct ldb_val' to acl_validate_spn_value() instead of
simple strings. Previously, we were relying on the data inside 'struct
ldb_val' having a terminating zero byte, even though this is not
guaranteed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
selftest/knownfail.d/netlogon-dns-host-name [deleted file] blob | blame | history
selftest/knownfail.d/validated-dns-host-name [deleted file] blob | blame | history
source4/dsdb/samdb/ldb_modules/acl.c diff | blob | blame | history
Samba GIT mirror