From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 16 Sep 2022 02:18:37 +0000 (+1200)
Subject: CVE-2020-25720 s4:dsdb/descriptor: explain lack of dSHeuristics check
X-Git-Tag: talloc-2.4.0~991
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc64ea24daa649dc8de4a212c7abfbe111095655;p=thirdparty%2Fsamba.git

CVE-2020-25720 s4:dsdb/descriptor: explain lack of dSHeuristics check

It is strange that sDRightsEffective pays no attention to the
dSHeuristics flags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 16 03:31:42 UTC 2022 on sn-devel-184
---

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index c9a2df6e02e..dd15dddfb50 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -502,6 +502,15 @@ static int acl_sDRightsEffective(struct ldb_module *module,
 		if (ret == LDB_SUCCESS) {
 			flags |= SECINFO_OWNER | SECINFO_GROUP;
 		}
+
+		/*
+		 * This call is made with
+		 * IMPLICIT_OWNER_READ_CONTROL_AND_WRITE_DAC_RIGHTS
+		 * and without reference to the dSHeuristics via
+		 * dsdb_block_owner_implicit_rights().  This is
+		 * probably a Windows bug but for now we match
+		 * exactly.
+		 */
 		ret = acl_check_access_on_attribute_implicit_owner(
 			module,
 			msg,