sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-03 01:18:10 +03:00
Code

libcli/auth: don't allow any unexpected upgrades of negotiate_flags

Browse Source 
Only remove the unsupported flags from state->current_flags for
the next try...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit a9040c8ce7)
This commit is contained in:
Stefan Metzmacher 2024-10-02 15:03:21 +02:00 committed by Jule Anger
parent 6f1d556b40
commit 48acce5da8
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libcli/auth/netlogon_creds_cli.c
View File

@ -1478,14 +1478,16 @@ static void netlogon_creds_cli_auth_srvauth_done(struct tevent_req *subreq)
}
if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
uint32_t tmp_flags = state->context->client.proposed_flags;
if ((state->current_flags == tmp_flags) &&
(state->creds->negotiate_flags != tmp_flags))
{
uint32_t prop_f = state->context->client.proposed_flags;
uint32_t cli_f = state->current_flags;
uint32_t srv_f = state->creds->negotiate_flags;
uint32_t nego_f = cli_f & srv_f;
if (cli_f == prop_f && nego_f != prop_f) {
/*
* lets retry with the negotiated flags
*/
state->current_flags = state->creds->negotiate_flags;
state->current_flags = nego_f;
netlogon_creds_cli_auth_challenge_start(req);
return;
}