git.samba.org - metze/samba/wip.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Thu, 12 Dec 2019 01:44:57 +0000 (14:44 +1300)
committer	Karolin Seeger <kseeger@samba.org>
	Tue, 21 Jan 2020 10:11:38 +0000 (10:11 +0000)
commit	2b1828276b365a30131ac6ea543ac344941b8088
tree	921881111e3d8d1005f692422d02c5588003963a	tree
parent	b7030f9a8bd67f454c17d065d9af9199748aa6d3	commit \| diff

CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs

We can not process on the basis of a DN, as the DN may have changed in a rename,
not only that this module can see, but also from repl_meta_data below.

Therefore remove all the complex tree-based change processing, leaving only
a tree-based sort of the possible objects to be changed, and a single
stopped_dn variable containing the DN to stop processing below (after
a no-op change).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

selftest/knownfail.d/repl_secdesc	[deleted file]	blob \| history
source4/dsdb/samdb/ldb_modules/acl_util.c		diff \| blob \| history
source4/dsdb/samdb/ldb_modules/descriptor.c		diff \| blob \| history
source4/dsdb/samdb/ldb_modules/repl_meta_data.c		diff \| blob \| history
source4/dsdb/samdb/samdb.h		diff \| blob \| history