CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN

Setting the LDB_HANDLE_FLAG_UNTRUSTED tells the acl_read module to operate on this request. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
author: Andrew Bartlett <abartlet@samba.org> 2023-03-02 17:24:15 +1300
committer: Andrew Bartlett <abartlet@samba.org> 2023-04-05 02:10:35 +0000
commit: dfe7b05730425e9f1b0616bb7757dbf77bae6cd2 (patch)
tree: 45c43b7f509619780cb8a08e47a92c30d709cca2 /lib/ldb-samba
parent: 9b8dd83fd0270a25b24bec87fce25c965c6ad7a0 (diff)
download: samba-dfe7b05730425e9f1b0616bb7757dbf77bae6cd2.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/ldb-samba/ldb_matching_rules.c b/lib/ldb-samba/ldb_matching_rules.c
index b86594c1823..59d1385f4e3 100644
--- a/lib/ldb-samba/ldb_matching_rules.c
+++ b/lib/ldb-samba/ldb_matching_rules.c
@@ -67,7 +67,12 @@ static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx,
 	 * Note also that we don't have the original request
 	 * here, so we can not apply controls or timeouts here.
 	 */
-	ret = dsdb_search_dn(ldb, tmp_ctx, &res, to_visit->dn, attrs, 0);
+	ret = dsdb_search_dn(ldb,
+			     tmp_ctx,
+			     &res,
+			     to_visit->dn,
+			     attrs,
+			     DSDB_MARK_REQ_UNTRUSTED);
 	if (ret != LDB_SUCCESS) {
 		talloc_free(tmp_ctx);
 		return ret;
author	Andrew Bartlett <abartlet@samba.org>	2023-03-02 17:24:15 +1300
committer	Andrew Bartlett <abartlet@samba.org>	2023-04-05 02:10:35 +0000
commit	dfe7b05730425e9f1b0616bb7757dbf77bae6cd2 (patch)
tree	45c43b7f509619780cb8a08e47a92c30d709cca2 /lib/ldb-samba
parent	9b8dd83fd0270a25b24bec87fce25c965c6ad7a0 (diff)
download	samba-dfe7b05730425e9f1b0616bb7757dbf77bae6cd2.tar.gz