From ce2930d2d2ddcb40b6d44852aa3409ad6d64bedf Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 12 Aug 2021 21:53:16 +1200
Subject: [PATCH] CVE-2020-25722 s4/cracknames: add comment pointing to samldb
 spn handling

These need to stay a little bit in sync. The reverse comment is there.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/dsdb/samdb/cracknames.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 7313a3247c7..4852a0ef9bd 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -81,6 +81,12 @@ static enum drsuapi_DsNameStatus LDB_lookup_spn_alias(struct ldb_context *ldb_ct
 						      const char *alias_from,
 						      char **alias_to)
 {
+	/*
+	 * Some of the logic of this function is mirrored in find_spn_alias()
+	 * in source4/dsdb.samdb/ldb_modules/samldb.c. If you change this to
+	 * not return the first matched alias, you will need to rethink that
+	 * function too.
+	 */
 	unsigned int i;
 	int ret;
 	struct ldb_result *res;
-- 
2.47.3