mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
This commit is contained in:
parent
fcdd15a93f
commit
398a21c57c
@ -99,6 +99,8 @@
|
||||
^samba4.rpc.netlogon.*.DatabaseRedo
|
||||
^samba4.rpc.drsuapi.*ncacn_ip_tcp.*validate # should only work with seal
|
||||
^samba4.rpc.drsuapi.*ncacn_ip_tcp.*bigendian # should only work with seal
|
||||
^samba4.rpc.samr.passwords.validate.*ncacn_ip_tcp.*with.validate # should only work with seal
|
||||
^samba4.rpc.samr.passwords.validate.*ncacn_ip_tcp.*with.bigendian # should only work with seal
|
||||
^samba4.base.charset.*.Testing partial surrogate
|
||||
^samba4.*.base.maximum_allowed # broken until we implement NTCREATEX_OPTIONS_BACKUP_INTENT
|
||||
.*net.api.delshare.* # DelShare isn't implemented yet
|
||||
|
@ -41,6 +41,14 @@
|
||||
#include "lib/util/tsort.h"
|
||||
#include "libds/common/flag_mapping.h"
|
||||
|
||||
#define DCESRV_INTERFACE_SAMR_BIND(call, iface) \
|
||||
dcesrv_interface_samr_bind(call, iface)
|
||||
static NTSTATUS dcesrv_interface_samr_bind(struct dcesrv_call_state *dce_call,
|
||||
const struct dcesrv_interface *iface)
|
||||
{
|
||||
return dcesrv_interface_bind_reject_connect(dce_call, iface);
|
||||
}
|
||||
|
||||
/* these query macros make samr_Query[User|Group|Alias]Info a bit easier to read */
|
||||
|
||||
#define QUERY_STRING(msg, field, attr) \
|
||||
|
Loading…
Reference in New Issue
Block a user