CVE-2020-25720 s4:dsdb/descriptor: explain lack of dSHeuristics check

It is strange that sDRightsEffective pays no attention to the
dSHeuristics flags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 16 03:31:42 UTC 2022 on sn-devel-184

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index c9a2df6e02ea5cc650f434bbac48eb0a2ffc42dd..dd15dddfb5054bffac88c9b2ba05060b7eb304f5 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -502,6 +502,15 @@ static int acl_sDRightsEffective(struct ldb_module *module,
                if (ret == LDB_SUCCESS) {
                        flags |= SECINFO_OWNER | SECINFO_GROUP;
                }
+
+               /*
+                * This call is made with
+                * IMPLICIT_OWNER_READ_CONTROL_AND_WRITE_DAC_RIGHTS
+                * and without reference to the dSHeuristics via
+                * dsdb_block_owner_implicit_rights().  This is
+                * probably a Windows bug but for now we match
+                * exactly.
+                */
                ret = acl_check_access_on_attribute_implicit_owner(
                        module,
                        msg,