git.ipfire.org Git - thirdparty/samba.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Fri, 13 Aug 2021 05:42:23 +0000 (17:42 +1200)
committer	Jule Anger <janger@samba.org>
	Tue, 9 Nov 2021 19:45:32 +0000 (19:45 +0000)
commit	f478aecc45efb56868bc7cec216f33e5db7ccf18
tree	3d97415a8226ef6d3cd877f5988c6c657e3f61db	tree \| snapshot
parent	9ef9746bca73a939ad04b1df07caeb70921bc3de	commit \| diff

CVE-2020-25722 dsdb: Restrict the setting of privileged attributes during LDAP add/modify

The remaining failures in the priv_attrs (not the strict one) test are
due to missing objectclass constraints on the administrator which should
be addressed, but are not a security issue.

A better test for confirming constraints between objectclass and
userAccountControl UF_NORMAL_ACCONT/UF_WORKSTATION_TRUST values would
be user_account_control.py.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14703
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14778
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14775

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest/knownfail.d/priv_attr		diff \| blob \| blame \| history
source4/dsdb/samdb/ldb_modules/samldb.c		diff \| blob \| blame \| history