sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() reject a PAC in standalone mode

Browse Source 
We should be strict in standalone mode, that we only support MIT realms
without a PAC in order to keep the code sane.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2021-10-05 18:12:49 +02:00 committed by Jule Anger
parent 3ed0e5b924
commit 2609e4297e
1 changed files with 9 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
source3/auth/auth_generic.c
View File

@ -48,8 +48,6 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
{
enum server_role server_role = lp_server_role();
TALLOC_CTX *tmp_ctx;
struct PAC_LOGON_INFO *logon_info = NULL;
struct netr_SamInfo3 *info3_copy = NULL;
bool is_mapped;
bool is_guest;
char *ntuser;
@ -203,19 +201,20 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
/* This is the standalone legacy code path */
if (pac_blob != NULL) {
#ifdef HAVE_KRB5
status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
NULL, NULL, 0, &logon_info);
#else
status = NT_STATUS_ACCESS_DENIED;
#endif
/*
* In standalone mode we don't expect a PAC!
* we only support MIT realms
*/
status = NT_STATUS_BAD_TOKEN_TYPE;
DBG_WARNING("Unexpected PAC for [%s] in standalone mode - %s\n",
princ_name, nt_errstr(status));
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
}
status = get_user_from_kerberos_info(tmp_ctx, rhost,
princ_name, logon_info,
princ_name, NULL,
&is_mapped, &is_guest,
&ntuser, &ntdomain,
&username, &pw);
@ -226,19 +225,9 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
goto done;
}
/* Get the info3 from the PAC data if we have it */
if (logon_info) {
status = create_info3_from_pac_logon_info(tmp_ctx,
logon_info,
&info3_copy);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
}
status = make_session_info_krb5(mem_ctx,
ntuser, ntdomain, username, pw,
info3_copy, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
NULL, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",