1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

CVE-2022-38023 testparm: warn about server/client schannel != yes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f964c0c357)
This commit is contained in:
Stefan Metzmacher 2022-11-30 15:13:47 +01:00
parent 03730459fe
commit 587ff282a9

View File

@ -598,11 +598,25 @@ static int do_global_checks(void)
ret = 1;
}
if (!lp_server_schannel()) {
if (lp_server_schannel() != true) { /* can be 'auto' */
fprintf(stderr,
"WARNING: You have configured 'server schannel = no'. "
"WARNING: You have not configured "
"'server schannel = yes' (the default). "
"Your server is vulernable to \"ZeroLogon\" "
"(CVE-2020-1472)\n\n");
"(CVE-2020-1472)\n"
"If required use individual "
"'server require schannel:COMPUTERACCOUNT$ = no' "
"options\n\n");
}
if (lp_client_schannel() != true) { /* can be 'auto' */
fprintf(stderr,
"WARNING: You have not configured "
"'client schannel = yes' (the default). "
"Your server is vulernable to \"ZeroLogon\" "
"(CVE-2020-1472)\n"
"If required use individual "
"'client schannel:NETBIOSDOMAIN = no' "
"options\n\n");
}
return ret;