From 7c63aa69594c41f302acfb85dba332b45388869f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 27 Jun 2023 14:39:18 +1200 Subject: [PATCH] s4-rpc_server/drsuapi: Avoid modification to ncRoot input variable in GetNCChanges This tries to avoid it appearing that ncRoot is a value that can be trusted and used internally by not updating it and instead leaving it just as an input/echo-back value. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 548f141f11e89d335d8f9d74ab6925fa6b90fb84) --- source4/rpc_server/drsuapi/getncchanges.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 92fa7ba7575..c3806f9e6de 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -3185,7 +3185,6 @@ allowed: getnc_state->ncRoot_guid = samdb_result_guid(res->msgs[0], "objectGUID"); - ncRoot->guid = getnc_state->ncRoot_guid; /* find out if we are to replicate Schema NC */ ret = ldb_dn_compare_base(ldb_get_schema_basedn(sam_ctx), @@ -3195,8 +3194,6 @@ allowed: TALLOC_FREE(res); } - ncRoot->guid = getnc_state->ncRoot_guid; - /* we need the session key for encrypting password attributes */ status = dcesrv_auth_session_key(dce_call, &session_key); if (!NT_STATUS_IS_OK(status)) { @@ -3378,11 +3375,19 @@ allowed: if (r->out.ctr->ctr6.naming_context == NULL) { return WERR_NOT_ENOUGH_MEMORY; } + + /* + * Match Windows and echo back the original values from the request, even if + * they say DummyDN for the string NC + */ *r->out.ctr->ctr6.naming_context = *ncRoot; /* find the SID if there is one */ dsdb_find_sid_by_dn(sam_ctx, getnc_state->ncRoot_dn, &r->out.ctr->ctr6.naming_context->sid); + /* Set GUID */ + r->out.ctr->ctr6.naming_context->guid = getnc_state->ncRoot_guid; + dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, &ctr); r->out.ctr->ctr6.mapping_ctr = *ctr; -- 2.47.2