CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSI...

Setting the LDB_HANDLE_FLAG_UNTRUSTED tells the acl_read module to operate on this request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/lib/ldb-samba/ldb_matching_rules.c b/lib/ldb-samba/ldb_matching_rules.c
index b86594c18237fc78e424f18c8c6b1f949d06477e..59d1385f4e367893352003623a223d80d29487af 100644 (file)
--- a/lib/ldb-samba/ldb_matching_rules.c
+++ b/lib/ldb-samba/ldb_matching_rules.c
@@ -67,7 +67,12 @@ static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx,
         * Note also that we don't have the original request
         * here, so we can not apply controls or timeouts here.
         */
-       ret = dsdb_search_dn(ldb, tmp_ctx, &res, to_visit->dn, attrs, 0);
+       ret = dsdb_search_dn(ldb,
+                            tmp_ctx,
+                            &res,
+                            to_visit->dn,
+                            attrs,
+                            DSDB_MARK_REQ_UNTRUSTED);
        if (ret != LDB_SUCCESS) {
                talloc_free(tmp_ctx);
                return ret;