sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-25 17:57:42 +03:00
Code

Don't sign NTP packets to disabled accounts

Browse Source 
(As this would allow an offline attack on their password)

Andrew Bartlett
(This used to be commit e28481fc0976231c6f4cb7a5f7c7708f4becdb18)
This commit is contained in:
Andrew Bartlett 2008-06-19 09:34:04 +10:00
parent cceabcd2a4
commit 221b69af84
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
source4/ntp_signd/ntp_signd.c
View File

@ -123,9 +123,10 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input)
struct signed_reply signed_reply;
enum ndr_err_code ndr_err;
struct ldb_result *res;
const char *attrs[] = { "unicodePwd", NULL };
const char *attrs[] = { "unicodePwd", "userAccountControl", NULL };
struct MD5Context ctx;
struct samr_Password *nt_hash;
uint32_t user_account_control;
int ret;
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
@ -184,6 +185,14 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input)
return signing_failure(ntp_signdconn, sign_request.packet_id);
}
user_account_control = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0);
if (user_account_control & UF_ACCOUNTDISABLE) {
DEBUG(1, ("Account for SID [%s] is disabled\n", dom_sid_string(tmp_ctx, sid)));
talloc_free(tmp_ctx);
return NT_STATUS_ACCESS_DENIED;
}
nt_hash = samdb_result_hash(tmp_ctx, res->msgs[0], "unicodePwd");
if (!nt_hash) {
DEBUG(1, ("No unicodePwd found on record of SID %s for NTP signing\n", dom_sid_string(tmp_ctx, sid)));