CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after...

Previously if there was a conflict, but the incoming object would still
win, this was not marked as a rename, and so inheritence was not done.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/selftest/knownfail.d/repl_secdesc b/selftest/knownfail.d/repl_secdesc
index 13a9ce458dda1691d534efb2c1b1d92fcf6263ac..9dd632d99ed3dd94a7c9899a80eed353d80a6dbd 100644 (file)
--- a/selftest/knownfail.d/repl_secdesc
+++ b/selftest/knownfail.d/repl_secdesc
@@ -1,2 +1 @@
-^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inheirt_renamed_object_in_conflict
 ^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inheirt_renamed_child_object

diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index c15361cdc1bd49c19a897aed884b4007757e59c0..535c631d8396921c6b3ff7b98811dfd33aa68614 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -6160,6 +6160,19 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
                 * replmd_replicated_apply_search_callback())
                 */
                ret = replmd_replicated_handle_rename(ar, msg, ar->req, &renamed);
+
+               /*
+                * This looks strange, but we must set this after any
+                * rename, otherwise the SD propegation will not
+                * happen (which might matter if we have a new parent)
+                *
+                * The additional case of calling
+                * replmd_op_name_modify_callback (below) is:
+                *  - a no-op if there was no name change
+                * and
+                *  - called in the default case regardless.
+                */
+               renamed = true;
        }
 
        if (ret != LDB_SUCCESS) {