CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2019-11-26 16:17:32 +1300
committer: Karolin Seeger <kseeger@samba.org> 2020-01-08 11:31:41 +0100
commit: 68a91b11e40c3670a0c45c72067ccd886fdad530 (patch)
tree: 271153ddfb3138d18167048fcdf1689554250e20
parent: 971247385a4ab30709d2ed1728cce13dc59f4713 (diff)
download: samba-68a91b11e40c3670a0c45c72067ccd886fdad530.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index fb2854438e1..7070affa645 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -876,6 +876,9 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
 			return ldb_oom(ldb);
 		}
 
+		/*
+		 * Force SD propagation on children of this record
+		 */
 		ret = dsdb_module_schedule_sd_propagation(module, nc_root,
 							  dn, false);
 		if (ret != LDB_SUCCESS) {
@@ -966,6 +969,10 @@ static int descriptor_rename(struct ldb_module *module, struct ldb_request *req)
 			return ldb_oom(ldb);
 		}
 
+		/*
+		 * Force SD propagation on this record (get a new
+		 * inherited SD from the potentially new parent
+		 */
 		ret = dsdb_module_schedule_sd_propagation(module, nc_root,
 							  newdn, true);
 		if (ret != LDB_SUCCESS) {
author	Andrew Bartlett <abartlet@samba.org>	2019-11-26 16:17:32 +1300
committer	Karolin Seeger <kseeger@samba.org>	2020-01-08 11:31:41 +0100
commit	68a91b11e40c3670a0c45c72067ccd886fdad530 (patch)
tree	271153ddfb3138d18167048fcdf1689554250e20
parent	971247385a4ab30709d2ed1728cce13dc59f4713 (diff)
download	samba-68a91b11e40c3670a0c45c72067ccd886fdad530.tar.gz