mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2022-38023 s4:rpc_server/netlogon: add talloc_stackframe() to dcesrv_netr_creds_server_step_check()
This will simplify the following changes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
parent
7baabbe981
commit
0e6a2ba83e
@ -637,6 +637,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
|
||||
struct netlogon_creds_CredentialState **creds_out)
|
||||
{
|
||||
struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
|
||||
TALLOC_CTX *frame = talloc_stackframe();
|
||||
NTSTATUS nt_status;
|
||||
int schannel = lpcfg_server_schannel(lp_ctx);
|
||||
bool schannel_global_required = (schannel == true);
|
||||
@ -680,6 +681,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
|
||||
if (schannel_required) {
|
||||
if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
|
||||
*creds_out = creds;
|
||||
TALLOC_FREE(frame);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -687,13 +689,15 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
|
||||
"%s request (opnum[%u]) without schannel from "
|
||||
"client_account[%s] client_computer_name[%s]\n",
|
||||
opname, opnum,
|
||||
log_escape(mem_ctx, creds->account_name),
|
||||
log_escape(mem_ctx, creds->computer_name));
|
||||
log_escape(frame, creds->account_name),
|
||||
log_escape(frame, creds->computer_name));
|
||||
DBG_ERR("CVE-2020-1472(ZeroLogon): Check if option "
|
||||
"'server require schannel:%s = no' is needed! \n",
|
||||
log_escape(mem_ctx, creds->account_name));
|
||||
"'server require schannel:%s = no' "
|
||||
"might be needed for a legacy client.\n",
|
||||
log_escape(frame, creds->account_name));
|
||||
TALLOC_FREE(creds);
|
||||
ZERO_STRUCTP(return_authenticator);
|
||||
TALLOC_FREE(frame);
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
@ -702,13 +706,14 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
|
||||
"%s request (opnum[%u]) WITH schannel from "
|
||||
"client_account[%s] client_computer_name[%s]\n",
|
||||
opname, opnum,
|
||||
log_escape(mem_ctx, creds->account_name),
|
||||
log_escape(mem_ctx, creds->computer_name));
|
||||
log_escape(frame, creds->account_name),
|
||||
log_escape(frame, creds->computer_name));
|
||||
DBG_ERR("CVE-2020-1472(ZeroLogon): "
|
||||
"Option 'server require schannel:%s = no' not needed!?\n",
|
||||
log_escape(mem_ctx, creds->account_name));
|
||||
log_escape(frame, creds->account_name));
|
||||
|
||||
*creds_out = creds;
|
||||
TALLOC_FREE(frame);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -718,24 +723,25 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
|
||||
"%s request (opnum[%u]) without schannel from "
|
||||
"client_account[%s] client_computer_name[%s]\n",
|
||||
opname, opnum,
|
||||
log_escape(mem_ctx, creds->account_name),
|
||||
log_escape(mem_ctx, creds->computer_name));
|
||||
log_escape(frame, creds->account_name),
|
||||
log_escape(frame, creds->computer_name));
|
||||
DBG_INFO("CVE-2020-1472(ZeroLogon): "
|
||||
"Option 'server require schannel:%s = no' still needed!\n",
|
||||
log_escape(mem_ctx, creds->account_name));
|
||||
log_escape(frame, creds->account_name));
|
||||
} else {
|
||||
DBG_ERR("CVE-2020-1472(ZeroLogon): "
|
||||
"%s request (opnum[%u]) without schannel from "
|
||||
"client_account[%s] client_computer_name[%s]\n",
|
||||
opname, opnum,
|
||||
log_escape(mem_ctx, creds->account_name),
|
||||
log_escape(mem_ctx, creds->computer_name));
|
||||
log_escape(frame, creds->account_name),
|
||||
log_escape(frame, creds->computer_name));
|
||||
DBG_ERR("CVE-2020-1472(ZeroLogon): Check if option "
|
||||
"'server require schannel:%s = no' might be needed!\n",
|
||||
log_escape(mem_ctx, creds->account_name));
|
||||
log_escape(frame, creds->account_name));
|
||||
}
|
||||
|
||||
*creds_out = creds;
|
||||
TALLOC_FREE(frame);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user