CVE-2018-14628: s4:setup: set the correct nTSecurityDescriptor on the…

… CN=Deleted Objects container This revealed a bug in our dirsync code, so we mark test_search_with_dirsync_deleted_objects as knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
gd · Oct 16, 2023 · 7f8b15f · 7f8b15f
1 parent 0c329a0
commit 7f8b15f
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 0 deletions.
diff --git a/selftest/knownfail.d/samba4.ldap.confidential_attr b/selftest/knownfail.d/samba4.ldap.confidential_attr
@@ -0,0 +1 @@
+^samba4.ldap.confidential_attr.python.*.__main__.*.test_search_with_dirsync_deleted_objects
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
@@ -34,6 +34,7 @@ isDeleted: TRUE
 isCriticalSystemObject: TRUE
 showInAdvancedViewOnly: TRUE
 systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
 
 # Computers located in "provision_computers*.ldif"
 # Users/Groups located in "provision_users*.ldif"

diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
@@ -14,6 +14,7 @@ description: Container for deleted objects
 isDeleted: TRUE
 isCriticalSystemObject: TRUE
 systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
 
 # Extended rights
 

diff --git a/source4/setup/provision_dnszones_add.ldif b/source4/setup/provision_dnszones_add.ldif
@@ -8,6 +8,7 @@ description: Deleted objects
 isDeleted: TRUE
 isCriticalSystemObject: TRUE
 systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
 
 dn: CN=LostAndFound,${ZONE_DN}
 objectClass: top