CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2019-11-26 16:17:32 +1300
committer: Karolin Seeger <kseeger@samba.org> 2020-01-10 11:56:20 +0100
commit: 589d1e4846bbac0e5388af3ef0c6d6c41b5ff991 (patch)
tree: ed8e200a38c621ed60e9fa3a081b9fd0c1051ac5
parent: 17215b36b22d309a58a3b7bd08123f06e89657c9 (diff)
download: samba-589d1e4846bbac0e5388af3ef0c6d6c41b5ff991.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index fb2854438e1..7070affa645 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -876,6 +876,9 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
 			return ldb_oom(ldb);
 		}
 
+		/*
+		 * Force SD propagation on children of this record
+		 */
 		ret = dsdb_module_schedule_sd_propagation(module, nc_root,
 							  dn, false);
 		if (ret != LDB_SUCCESS) {
@@ -966,6 +969,10 @@ static int descriptor_rename(struct ldb_module *module, struct ldb_request *req)
 			return ldb_oom(ldb);
 		}
 
+		/*
+		 * Force SD propagation on this record (get a new
+		 * inherited SD from the potentially new parent
+		 */
 		ret = dsdb_module_schedule_sd_propagation(module, nc_root,
 							  newdn, true);
 		if (ret != LDB_SUCCESS) {
author	Andrew Bartlett <abartlet@samba.org>	2019-11-26 16:17:32 +1300
committer	Karolin Seeger <kseeger@samba.org>	2020-01-10 11:56:20 +0100
commit	589d1e4846bbac0e5388af3ef0c6d6c41b5ff991 (patch)
tree	ed8e200a38c621ed60e9fa3a081b9fd0c1051ac5
parent	17215b36b22d309a58a3b7bd08123f06e89657c9 (diff)
download	samba-589d1e4846bbac0e5388af3ef0c6d6c41b5ff991.tar.gz