git.samba.org - samba.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Thu, 12 Dec 2019 01:44:57 +0000 (14:44 +1300)
committer	Karolin Seeger <kseeger@samba.org>
	Fri, 10 Jan 2020 10:56:20 +0000 (11:56 +0100)
commit	16b377276ee82c04d069666e53deaa95a7633dd4
tree	fb9875b7a99e9c5f6318e6f3e109b122c4d6c7dd	tree
parent	7071888d5b556213be79545cac059a8b3f62baee	commit \| diff

CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs

We can not process on the basis of a DN, as the DN may have changed in a rename,
not only that this module can see, but also from repl_meta_data below.

Therefore remove all the complex tree-based change processing, leaving only
a tree-based sort of the possible objects to be changed, and a single
stopped_dn variable containing the DN to stop processing below (after
a no-op change).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

selftest/knownfail.d/repl_secdesc	[deleted file]	blob \| history
source4/dsdb/samdb/ldb_modules/acl_util.c		diff \| blob \| history
source4/dsdb/samdb/ldb_modules/descriptor.c		diff \| blob \| history
source4/dsdb/samdb/ldb_modules/repl_meta_data.c		diff \| blob \| history
source4/dsdb/samdb/samdb.h		diff \| blob \| history