CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the Applies-to attribute

Validate Writes and Control Access Rights only grant access if the object is of the type listed in the Right's appliesTo attribute. For example, even though a Validated-SPN access may be granted to a user object in the SD, it should only pass if the object is of class computer This patch enforces the appliesTo attribute classes for access checks from within the ldb stack. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14832 Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Nadezhda Ivanova <nivanova@symas.com> 2021-10-18 14:27:59 +0300
committer: Jule Anger <janger@samba.org> 2021-11-08 10:46:43 +0100
commit: 161b8fd92b47fb61ed3b2e4f9dcef7ebe7c57d66 (patch)
tree: 3e2ea4f65a82bc95566ea6831eb94fab99634d49 /selftest
parent: 47d0a33221993314196ac31c49771dd2440fd950 (diff)
download: samba-161b8fd92b47fb61ed3b2e4f9dcef7ebe7c57d66.tar.gz
1 files changed, 0 insertions, 1 deletions
diff --git a/selftest/knownfail.d/bug-14832 b/selftest/knownfail.d/bug-14832
deleted file mode 100644
index 059a1778e65..00000000000
--- a/selftest/knownfail.d/bug-14832
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.ldap.acl.python\(.*\).__main__.AclSPNTests.test_user_spn\(.*\)
-\ No newline at end of file
author	Nadezhda Ivanova <nivanova@symas.com>	2021-10-18 14:27:59 +0300
committer	Jule Anger <janger@samba.org>	2021-11-08 10:46:43 +0100
commit	161b8fd92b47fb61ed3b2e4f9dcef7ebe7c57d66 (patch)
tree	3e2ea4f65a82bc95566ea6831eb94fab99634d49 /selftest
parent	47d0a33221993314196ac31c49771dd2440fd950 (diff)
download	samba-161b8fd92b47fb61ed3b2e4f9dcef7ebe7c57d66.tar.gz