From: Stefan Metzmacher Date: Tue, 15 Sep 2020 14:01:04 +0000 (+0200) Subject: CVE-2020-25717 winbind.idl: rename wbint_TransID.type to wbint_TransID.type_hint X-Git-Tag: samba-4.13.14~267 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=05b27742da44524e6007631a401dfef0b7180d53;p=thirdparty%2Fsamba.git CVE-2020-25717 winbind.idl: rename wbint_TransID.type to wbint_TransID.type_hint This makes it clear that it's a hint from the parent to the child. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539 Signed-off-by: Stefan Metzmacher Reviewed-by: Gary Lockyer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556 (cherry picked from commit 1576421dbdd2cfe9a47516224cb54bf15ba51132) --- diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl index 258dd284ad5..a2bc81a9333 100644 --- a/librpc/idl/winbind.idl +++ b/librpc/idl/winbind.idl @@ -40,7 +40,7 @@ interface winbind ); typedef struct { - id_type type; + id_type type_hint; uint32 domain_index; uint32 rid; unixid xid; diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c index e6698f94789..ff2135b4b50 100644 --- a/source3/winbindd/wb_sids2xids.c +++ b/source3/winbindd/wb_sids2xids.c @@ -222,7 +222,7 @@ static void wb_sids2xids_lookupsids_done(struct tevent_req *subreq) sid_copy(&dom_sid, sid); sid_split_rid(&dom_sid, &t->rid); - t->type = lsa_SidType_to_id_type(n->sid_type); + t->type_hint = lsa_SidType_to_id_type(n->sid_type); domain_index = init_lsa_ref_domain_list( state, &state->idmap_doms, domain_name, &dom_sid); if (domain_index == -1) { @@ -232,7 +232,7 @@ static void wb_sids2xids_lookupsids_done(struct tevent_req *subreq) t->domain_index = domain_index; t->xid.id = UINT32_MAX; - t->xid.type = t->type; + t->xid.type = ID_TYPE_NOT_SPECIFIED; } TALLOC_FREE(names); @@ -337,7 +337,6 @@ static void wb_sids2xids_done(struct tevent_req *subreq) for (i=0; inum_ids; i++) { if (dst->ids[i].domain_index == state->dom_index) { - dst->ids[i].type = src->ids[src_idx].type; dst->ids[i].xid = src->ids[src_idx].xid; src_idx += 1; } diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index 610195d9fb4..138863cb0db 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -200,7 +200,7 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p, sid_compose(m->sid, d->sid, ids[i].rid); m->status = ID_UNKNOWN; - m->xid = (struct unixid) { .type = ids[i].type }; + m->xid = (struct unixid) { .type = ids[i].type_hint }; } status = dom->methods->sids_to_unixids(dom, id_map_ptrs);