From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 1 Oct 2021 02:59:28 +0000 (+1300)
Subject: CVE-2020-25718 dsdb: Bring sid_helper.c into common code as rodc_helper.c
X-Git-Tag: samba-4.13.14~45
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4cb7155917e48fcdbb6c4d78e172010ce5255755;p=thirdparty%2Fsamba.git

CVE-2020-25718 dsdb: Bring sid_helper.c into common code as rodc_helper.c

These common routines will assist the KDC to do the same access
checking as the RPC servers need to do regarding which accounts
a RODC can act with regard to.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
---

diff --git a/source4/rpc_server/common/sid_helper.c b/source4/dsdb/common/rodc_helper.c
similarity index 99%
rename from source4/rpc_server/common/sid_helper.c
rename to source4/dsdb/common/rodc_helper.c
index c6e7fbeb7ab..09aa3f5e710 100644
--- a/source4/rpc_server/common/sid_helper.c
+++ b/source4/dsdb/common/rodc_helper.c
@@ -23,7 +23,6 @@
 #include "rpc_server/dcerpc_server.h"
 #include "librpc/gen_ndr/ndr_security.h"
 #include "source4/dsdb/samdb/samdb.h"
-#include "rpc_server/common/sid_helper.h"
 #include "libcli/security/security.h"
 
 /*
diff --git a/source4/dsdb/wscript_build b/source4/dsdb/wscript_build
index dbe58859a14..98364667b66 100644
--- a/source4/dsdb/wscript_build
+++ b/source4/dsdb/wscript_build
@@ -13,7 +13,7 @@ bld.SAMBA_LIBRARY('samdb',
 	)
 
 bld.SAMBA_LIBRARY('samdb-common',
-	source='common/util.c common/util_trusts.c common/util_groups.c common/util_samr.c common/dsdb_dn.c common/dsdb_access.c common/util_links.c',
+	source='common/util.c common/util_trusts.c common/util_groups.c common/util_samr.c common/dsdb_dn.c common/dsdb_access.c common/util_links.c common/rodc_helper.c',
 	autoproto='common/proto.h',
 	private_library=True,
 	deps='ldb NDR_DRSBLOBS util_ldb LIBCLI_AUTH samba-hostconfig samba_socket cli-ldap-common flag_mapping UTIL_RUNCMD'
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 8a5243aba52..28223104c94 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -31,7 +31,6 @@
 #include "libcli/security/security.h"
 #include "libcli/security/session.h"
 #include "rpc_server/drsuapi/dcesrv_drsuapi.h"
-#include "rpc_server/common/sid_helper.h"
 #include "../libcli/drsuapi/drsuapi.h"
 #include "lib/util/binsearch.h"
 #include "lib/util/tsort.h"
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index f4cce12207e..a38e78a37e7 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -42,7 +42,6 @@
 #include "librpc/gen_ndr/ndr_winbind.h"
 #include "librpc/gen_ndr/ndr_winbind_c.h"
 #include "lib/socket/netif.h"
-#include "rpc_server/common/sid_helper.h"
 #include "lib/util/util_str_escape.h"
 
 #define DCESRV_INTERFACE_NETLOGON_BIND(context, iface) \
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
index de55ad6239a..765ae7ba62a 100644
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -7,17 +7,10 @@ bld.SAMBA_SUBSYSTEM('DCERPC_SHARE',
 	enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER'),
 	)
 
-bld.SAMBA_SUBSYSTEM('DCERPC_SID_HELPER',
-	source='common/sid_helper.c',
-	autoproto='common/sid_helper.h',
-	deps='ldb',
-	enabled=bld.AD_DC_BUILD_IS_ENABLED(),
-	)
-
 bld.SAMBA_SUBSYSTEM('DCERPC_COMMON',
 	source='common/server_info.c common/forward.c common/loadparm.c',
 	autoproto='common/proto.h',
-	deps='ldb DCERPC_SHARE DCERPC_SID_HELPER',
+	deps='ldb DCERPC_SHARE',
 	enabled=bld.AD_DC_BUILD_IS_ENABLED()
 	)