mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
This commit is contained in:
parent
4fb6867495
commit
70452c90a5
@ -263,6 +263,7 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
|
||||
const char *remote_machine = NULL;
|
||||
struct tevent_req *subreq;
|
||||
struct sesssetup_context *state;
|
||||
bool allow_raw = lpcfg_raw_ntlmv2_auth(req->smb_conn->lp_ctx);
|
||||
|
||||
sess->nt1.out.vuid = 0;
|
||||
sess->nt1.out.action = 0;
|
||||
@ -338,6 +339,15 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
|
||||
user_info->password.response.nt = sess->nt1.in.password2;
|
||||
user_info->password.response.nt.data = talloc_steal(user_info, sess->nt1.in.password2.data);
|
||||
|
||||
if (!allow_raw && user_info->password.response.nt.length >= 48) {
|
||||
/*
|
||||
* NTLMv2_RESPONSE has at least 48 bytes
|
||||
* and should only be supported via NTLMSSP.
|
||||
*/
|
||||
status = NT_STATUS_INVALID_PARAMETER;
|
||||
goto failed;
|
||||
}
|
||||
|
||||
subreq = auth_check_password_send(state,
|
||||
req->smb_conn->connection->event.ctx,
|
||||
state->auth_context,
|
||||
|
Loading…
Reference in New Issue
Block a user