CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2019-11-26 16:17:32 +1300
committer: Karolin Seeger <kseeger@samba.org> 2020-01-21 10:11:38 +0000
commit: 5d714c1cea1beadc9ca07935217e0174d9d48ac6 (patch)
tree: 3c88acb3a13df0d54541ceff574d795decdfc6b7 /source4
parent: 545d205e5b203983855c10558ad3a326c13b712e (diff)
download: samba-5d714c1cea1beadc9ca07935217e0174d9d48ac6.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index fb2854438e1..7070affa645 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -876,6 +876,9 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
 			return ldb_oom(ldb);
 		}
 
+		/*
+		 * Force SD propagation on children of this record
+		 */
 		ret = dsdb_module_schedule_sd_propagation(module, nc_root,
 							  dn, false);
 		if (ret != LDB_SUCCESS) {
@@ -966,6 +969,10 @@ static int descriptor_rename(struct ldb_module *module, struct ldb_request *req)
 			return ldb_oom(ldb);
 		}
 
+		/*
+		 * Force SD propagation on this record (get a new
+		 * inherited SD from the potentially new parent
+		 */
 		ret = dsdb_module_schedule_sd_propagation(module, nc_root,
 							  newdn, true);
 		if (ret != LDB_SUCCESS) {
author	Andrew Bartlett <abartlet@samba.org>	2019-11-26 16:17:32 +1300
committer	Karolin Seeger <kseeger@samba.org>	2020-01-21 10:11:38 +0000
commit	5d714c1cea1beadc9ca07935217e0174d9d48ac6 (patch)
tree	3c88acb3a13df0d54541ceff574d795decdfc6b7 /source4
parent	545d205e5b203983855c10558ad3a326c13b712e (diff)
download	samba-5d714c1cea1beadc9ca07935217e0174d9d48ac6.tar.gz