diff options
author | Ralph Boehme <slow@samba.org> | 2018-02-15 17:38:31 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2018-03-13 10:23:10 +0100 |
commit | 9e7dc491fe59cb37dac14896af13f878da749876 (patch) | |
tree | 2a9df30d91d3668e79cf12eae0ac49abe9b28d08 /source4/dsdb | |
parent | be3c583e541e8467090c1e9c2f162c623c60ddb0 (diff) | |
download | samba-9e7dc491fe59cb37dac14896af13f878da749876.tar.gz |
CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index edc6733c7ab..c1655f9eeba 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -1016,14 +1016,24 @@ static int acl_check_password_rights(TALLOC_CTX *mem_ctx, sid); goto checked; } - else if (rep_attr_cnt > 0 || (add_attr_cnt != del_attr_cnt)) { + + if (rep_attr_cnt > 0) { ret = acl_check_extended_right(tmp_ctx, sd, acl_user_token(module), GUID_DRS_FORCE_CHANGE_PASSWORD, SEC_ADS_CONTROL_ACCESS, sid); goto checked; } - else if (add_attr_cnt == 1 && del_attr_cnt == 1) { + + if (add_attr_cnt != del_attr_cnt) { + ret = acl_check_extended_right(tmp_ctx, sd, acl_user_token(module), + GUID_DRS_FORCE_CHANGE_PASSWORD, + SEC_ADS_CONTROL_ACCESS, + sid); + goto checked; + } + + if (add_attr_cnt == 1 && del_attr_cnt == 1) { ret = acl_check_extended_right(tmp_ctx, sd, acl_user_token(module), GUID_DRS_USER_CHANGE_PASSWORD, SEC_ADS_CONTROL_ACCESS, |