CVE-2020-25718 s4-rpc_server: Explain why we use DSDB_SEARCH_SHOW_EXTENDED_DN in...

author Andrew Bartlett <abartlet@samba.org>

Fri, 1 Oct 2021 01:31:00 +0000 (14:31 +1300)

committer Joseph Sutton <josephsutton@catalyst.net.nz>

Thu, 4 Nov 2021 03:58:11 +0000 (16:58 +1300)
author Andrew Bartlett <abartlet@samba.org>
Fri, 1 Oct 2021 01:31:00 +0000 (14:31 +1300)
committer Joseph Sutton <josephsutton@catalyst.net.nz>
Thu, 4 Nov 2021 03:58:11 +0000 (16:58 +1300)
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c

index 3ec5acb5353d3022a7099d7e7624d09415f84919..8a5243aba528bc541e61a7d7a6d7a8bcd876c788 100644 (file)
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -1251,7 +1251,11 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
                                  dom_sid_string(mem_ctx, user_sid));
         if (!ldb_dn_validate(rodc_dn)) goto failed;
  
-       /* do the two searches we need */
+       /*
+        * do the two searches we need
+        * We need DSDB_SEARCH_SHOW_EXTENDED_DN as we get a SID lists
+        * out of the extended DNs
+        */
         ret = dsdb_search_dn(b_state->sam_ctx_system, mem_ctx, &rodc_res, rodc_dn, rodc_attrs,
                              DSDB_SEARCH_SHOW_EXTENDED_DN);
         if (ret != LDB_SUCCESS || rodc_res->count != 1) goto failed;
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c

index 211da0bb654339977a53be151d8ab009dedb7adb..9cd32bb247260d7e4f2f72b19669cda82627cb18 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -2862,7 +2862,11 @@ static bool sam_rodc_access_check(struct ldb_context *sam_ctx,
                                  dom_sid_string(mem_ctx, user_sid));
         if (!ldb_dn_validate(rodc_dn)) goto denied;
  
-       /* do the two searches we need */
+       /*
+        * do the two searches we need
+        * We need DSDB_SEARCH_SHOW_EXTENDED_DN as we get a SID list
+        * out of the extended DNs
+        */
         ret = dsdb_search_dn(sam_ctx, mem_ctx, &rodc_res, rodc_dn, rodc_attrs,
                              DSDB_SEARCH_SHOW_EXTENDED_DN);
         if (ret != LDB_SUCCESS || rodc_res->count != 1) goto denied;
author	Andrew Bartlett <abartlet@samba.org>
	Fri, 1 Oct 2021 01:31:00 +0000 (14:31 +1300)
committer	Joseph Sutton <josephsutton@catalyst.net.nz>
	Thu, 4 Nov 2021 03:58:11 +0000 (16:58 +1300)
source4/rpc_server/drsuapi/getncchanges.c		patch \| blob \| history
source4/rpc_server/netlogon/dcerpc_netlogon.c		patch \| blob \| history