View | Details | Raw Unified | Return to bug 39806 | Differences between
and this patch

Collapse All | Expand All

(-)a/source4/dns_server/dlz_bind9.c (-3 / +60 lines)
 Lines 63-68   struct dlz_bind9_data { Link Here 
63
	struct smb_krb5_context *smb_krb5_ctx;
63
	struct smb_krb5_context *smb_krb5_ctx;
64
	struct auth4_context *auth_context;
64
	struct auth4_context *auth_context;
65
	struct auth_session_info *session_info;
65
	struct auth_session_info *session_info;
66
	bool is_system_session;
66
	char *update_name;
67
	char *update_name;
67
68
68
	/* helper functions from the dlz_dlopen driver */
69
	/* helper functions from the dlz_dlopen driver */
 Lines 736-741   _PUBLIC_ void dlz_destroy(void *dbdata) Link Here 
736
	dlz_bind9_state_ref_count--;
737
	dlz_bind9_state_ref_count--;
737
	if (dlz_bind9_state_ref_count == 0) {
738
	if (dlz_bind9_state_ref_count == 0) {
738
		talloc_unlink(state, state->samdb);
739
		talloc_unlink(state, state->samdb);
740
		if (state->is_system_session) {
741
			state->session_info = NULL;
742
		}
739
		talloc_free(state);
743
		talloc_free(state);
740
		dlz_bind9_state = NULL;
744
		dlz_bind9_state = NULL;
741
	}
745
	}
 Lines 1268-1273   static bool b9_is_tombstoned(struct ldb_result *res) { Link Here 
1268
	return val != NULL;
1272
	return val != NULL;
1269
}
1273
}
1270
1274
1275
static char *b9_dn_fqdn(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) {
1276
	TALLOC_CTX *tmp_ctx  = talloc_new(mem_ctx);
1277
	unsigned int i;
1278
	char *fqdn = NULL;
1279
1280
	for (i = 0; i < ldb_dn_get_comp_num(dn); i++) {
1281
		const char *name = ldb_dn_get_component_name(dn, i);
1282
		const struct ldb_val *value = ldb_dn_get_component_val(dn, i);
1283
		if (ldb_attr_cmp(name, "dc") != 0) {
1284
			break;
1285
		}
1286
		if (fqdn) {
1287
			fqdn = talloc_asprintf(tmp_ctx, "%s.%s", fqdn,
1288
					       ldb_dn_escape_value(tmp_ctx,
1289
								   *value));
1290
		} else {
1291
			fqdn = ldb_dn_escape_value(tmp_ctx, *value);
1292
		}
1293
		if (!fqdn) {
1294
			break;
1295
		}
1296
	}
1297
1298
	if (fqdn != NULL) {
1299
		talloc_steal(mem_ctx, fqdn);
1300
	}
1301
1302
	talloc_free(tmp_ctx);
1303
	return fqdn;
1304
}
1305
1271
/*
1306
/*
1272
  authorize a zone update
1307
  authorize a zone update
1273
 */
1308
 */
 Lines 1285-1290   _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const Link Here 
1285
	NTSTATUS nt_status;
1320
	NTSTATUS nt_status;
1286
	struct gensec_security *gensec_ctx;
1321
	struct gensec_security *gensec_ctx;
1287
	struct auth_session_info *session_info;
1322
	struct auth_session_info *session_info;
1323
	bool is_system_session = false;
1288
	struct ldb_dn *dn;
1324
	struct ldb_dn *dn;
1289
	isc_result_t result;
1325
	isc_result_t result;
1290
	struct ldb_result *res;
1326
	struct ldb_result *res;
 Lines 1294-1300   _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const Link Here 
1294
1330
1295
	/* Remove cached credentials, if any */
1331
	/* Remove cached credentials, if any */
1296
	if (state->session_info) {
1332
	if (state->session_info) {
1297
		talloc_free(state->session_info);
1333
		if (!state->is_system_session) {
1334
			talloc_free(state->session_info);
1335
		}
1336
		state->is_system_session = false;
1298
		state->session_info = NULL;
1337
		state->session_info = NULL;
1299
	}
1338
	}
1300
	if (state->update_name) {
1339
	if (state->update_name) {
 Lines 1411-1416   _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const Link Here 
1411
		ldb_ret = dsdb_check_access_on_dn(state->samdb, tmp_ctx, dn,
1450
		ldb_ret = dsdb_check_access_on_dn(state->samdb, tmp_ctx, dn,
1412
						  session_info->security_token,
1451
						  session_info->security_token,
1413
						  access_mask, NULL);
1452
						  access_mask, NULL);
1453
1454
	/* Univention Specific: If a maschine tries to access a forward/zone
1455
	 * without the proper access-rights, but the FQDN as computed from the
1456
	 * DN and the actual FQDN of the requesting maschine match, a
1457
	 * modification is allowed and the privileges for this operation are
1458
	 * escalated to `SYSTEM`.
1459
	 */
1460
	if (ldb_ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
1461
		char *fqdn = b9_dn_fqdn(tmp_ctx, dn);
1462
		if (fqdn != NULL && strcmp(fqdn, name) == 0) {
1463
			session_info = system_session(state->lp);
1464
			is_system_session = true;
1465
			ldb_ret = LDB_SUCCESS;
1466
		}
1414
	}
1467
	}
1415
	if (ldb_ret != LDB_SUCCESS) {
1468
	if (ldb_ret != LDB_SUCCESS) {
1416
		state->log(ISC_LOG_INFO,
1469
		state->log(ISC_LOG_INFO,
 Lines 1427-1433   _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const Link Here 
1427
		talloc_free(tmp_ctx);
1480
		talloc_free(tmp_ctx);
1428
		return ISC_FALSE;
1481
		return ISC_FALSE;
1429
	}
1482
	}
1430
	state->session_info = talloc_steal(state, session_info);
1483
	state->is_system_session = is_system_session;
1484
	if (is_system_session) {
1485
		state->session_info = session_info;
1486
	} else {
1487
		state->session_info = talloc_steal(state, session_info);
1488
	}
1431
1489
1432
	state->log(ISC_LOG_INFO, "samba_dlz: allowing update of signer=%s name=%s tcpaddr=%s type=%s key=%s",
1490
	state->log(ISC_LOG_INFO, "samba_dlz: allowing update of signer=%s name=%s tcpaddr=%s type=%s key=%s",
1433
		   signer, name, tcpaddr, type, key);
1491
		   signer, name, tcpaddr, type, key);
1434
- 

Return to bug 39806