diff options
author | Nadezhda Ivanova <nivanova@symas.com> | 2021-10-18 14:27:59 +0300 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2021-11-08 10:46:43 +0100 |
commit | 161b8fd92b47fb61ed3b2e4f9dcef7ebe7c57d66 (patch) | |
tree | 3e2ea4f65a82bc95566ea6831eb94fab99634d49 /selftest | |
parent | 47d0a33221993314196ac31c49771dd2440fd950 (diff) | |
download | samba-161b8fd92b47fb61ed3b2e4f9dcef7ebe7c57d66.tar.gz |
CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the Applies-to attribute
Validate Writes and Control Access Rights only grant access if the
object is of the type listed in the Right's appliesTo attribute. For
example, even though a Validated-SPN access may be granted to a user
object in the SD, it should only pass if the object is of class
computer This patch enforces the appliesTo attribute classes for
access checks from within the ldb stack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14832
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'selftest')
-rw-r--r-- | selftest/knownfail.d/bug-14832 | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/selftest/knownfail.d/bug-14832 b/selftest/knownfail.d/bug-14832 deleted file mode 100644 index 059a1778e65..00000000000 --- a/selftest/knownfail.d/bug-14832 +++ /dev/null @@ -1 +0,0 @@ -^samba4.ldap.acl.python\(.*\).__main__.AclSPNTests.test_user_spn\(.*\)
\ No newline at end of file |