git.ipfire.org Git - thirdparty/samba.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Thu, 12 Dec 2019 01:44:57 +0000 (14:44 +1300)
committer	Karolin Seeger <kseeger@samba.org>
	Wed, 8 Jan 2020 10:31:41 +0000 (11:31 +0100)
commit	5884a9733099f5be05e2de5d3452a882b5c35c27
tree	b7cd968b3155230029a96e68a293ef0094750c63	tree
parent	da1d3a0c03c002f6d2ffc6cfc7c0c15a4baa1000	commit \| diff

CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs

We can not process on the basis of a DN, as the DN may have changed in a rename,
not only that this module can see, but also from repl_meta_data below.

Therefore remove all the complex tree-based change processing, leaving only
a tree-based sort of the possible objects to be changed, and a single
stopped_dn variable containing the DN to stop processing below (after
a no-op change).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

selftest/knownfail.d/repl_secdesc	[deleted file]	blob \| blame \| history
source4/dsdb/samdb/ldb_modules/acl_util.c		diff \| blob \| blame \| history
source4/dsdb/samdb/ldb_modules/descriptor.c		diff \| blob \| blame \| history
source4/dsdb/samdb/ldb_modules/repl_meta_data.c		diff \| blob \| blame \| history
source4/dsdb/samdb/samdb.h		diff \| blob \| blame \| history