diff options
author | Ralph Boehme <slow@samba.org> | 2018-02-15 17:43:43 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2018-03-13 10:23:10 +0100 |
commit | b152db938781f6fbd7882617f2c883ee141ae438 (patch) | |
tree | 279b618c4e26e328256ccbc7faf2cea22ce6f131 /source4/dsdb | |
parent | 93e11c7f4919cdea830d5d02b25ceff45cb95b2e (diff) | |
download | samba-b152db938781f6fbd7882617f2c883ee141ae438.tar.gz |
CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index b2aa20f4157..4bf9779d507 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -995,6 +995,26 @@ static int acl_check_password_rights(TALLOC_CTX *mem_ctx, goto checked; } + c = ldb_request_get_control(req, DSDB_CONTROL_PASSWORD_HASH_VALUES_OID); + if (c != NULL) { + /* + * The "DSDB_CONTROL_PASSWORD_HASH_VALUES_OID" control, without + * "DSDB_CONTROL_PASSWORD_CHANGE_OID" control means that we + * have a force password set. + * This control is used by the SAMR/NETLOGON/LSA password + * reset mechanisms. + * + * This control can't be used by real LDAP clients, + * the only caller is samdb_set_password_internal(), + * so we don't have to strict verification of the input. + */ + ret = acl_check_extended_right(tmp_ctx, sd, acl_user_token(module), + GUID_DRS_FORCE_CHANGE_PASSWORD, + SEC_ADS_CONTROL_ACCESS, + sid); + goto checked; + } + msg = ldb_msg_copy_shallow(tmp_ctx, req->op.mod.message); if (msg == NULL) { return ldb_module_oom(module); |