From 353d3df3dd56e691b6a968c9b716f2a31e8bcfc4 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Mon, 27 Feb 2023 13:31:44 +1300 Subject: CVE-2023-0614 s4-acl: Avoid calling dsdb_module_am_system() if we can help it If the AS_SYSTEM control is present, we know we have system privileges, and have no need to call dsdb_module_am_system(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/acl_read.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index 8ca8607b925..6dcc3c9b36e 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -860,7 +860,7 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) int ret; struct aclread_context *ac; struct ldb_request *down_req; - struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); + bool am_system; struct ldb_result *res; struct aclread_private *p; bool need_sd = false; @@ -877,11 +877,16 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) ldb = ldb_module_get_ctx(module); p = talloc_get_type(ldb_module_get_private(module), struct aclread_private); + am_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID) != NULL; + if (!am_system) { + am_system = dsdb_module_am_system(module); + } + /* skip access checks if we are system or system control is supplied * or this is not LDAP server request */ if (!p || !p->enabled || - dsdb_module_am_system(module) - || as_system || !is_untrusted) { + am_system || + !is_untrusted) { return ldb_next_request(module, req); } /* no checks on special dn */ -- cgit v1.2.1