1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-03-01 10:25:54 +01:00
parent 4fb6867495
commit 70452c90a5

View File

@ -263,6 +263,7 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
const char *remote_machine = NULL;
struct tevent_req *subreq;
struct sesssetup_context *state;
bool allow_raw = lpcfg_raw_ntlmv2_auth(req->smb_conn->lp_ctx);
sess->nt1.out.vuid = 0;
sess->nt1.out.action = 0;
@ -338,6 +339,15 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
user_info->password.response.nt = sess->nt1.in.password2;
user_info->password.response.nt.data = talloc_steal(user_info, sess->nt1.in.password2.data);
if (!allow_raw && user_info->password.response.nt.length >= 48) {
/*
* NTLMv2_RESPONSE has at least 48 bytes
* and should only be supported via NTLMSSP.
*/
status = NT_STATUS_INVALID_PARAMETER;
goto failed;
}
subreq = auth_check_password_send(state,
req->smb_conn->connection->event.ctx,
state->auth_context,