s4-dsdb: Require that the NTDS object is an nTDSDSA objectclass

This should avoid a user being able to specify the GUID of a different type of object. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit adb776149e5ac0eb346992775610627106e1a986)
author: Andrew Bartlett <abartlet@samba.org> 2023-01-25 15:18:47 +1300
committer: Jule Anger <janger@samba.org> 2023-02-03 09:35:08 +0000
commit: fba94e5d50433e8869e72d0ae2bb68fa2abab03e (patch)
tree: cfa4c594acf0a7b9dd8b9ada1fbc492cb03eb121
parent: bcb89bd81d4e51fbd06e205816e0b891dc0c1889 (diff)
download: samba-fba94e5d50433e8869e72d0ae2bb68fa2abab03e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 43fa670006d..a30ae662c1e 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -3578,7 +3578,7 @@ int samdb_get_ntds_obj_by_guid(TALLOC_CTX *mem_ctx,
 			  LDB_SCOPE_SUBTREE,
 			  attrs,
 			  DSDB_SEARCH_ONE_ONLY,
-			  "objectGUID=%s",
+			  "(&(objectGUID=%s)(objectClass=nTDSDSA))",
 			  guid_str);
 	if (ret != LDB_SUCCESS) {
 		return ret;
author	Andrew Bartlett <abartlet@samba.org>	2023-01-25 15:18:47 +1300
committer	Jule Anger <janger@samba.org>	2023-02-03 09:35:08 +0000
commit	fba94e5d50433e8869e72d0ae2bb68fa2abab03e (patch)
tree	cfa4c594acf0a7b9dd8b9ada1fbc492cb03eb121
parent	bcb89bd81d4e51fbd06e205816e0b891dc0c1889 (diff)
download	samba-fba94e5d50433e8869e72d0ae2bb68fa2abab03e.tar.gz