mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
This matches windows and prevents man in the middle downgrade attacks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
This commit is contained in:
parent
51aa7bd311
commit
80dae9afda
@ -97,6 +97,8 @@
|
||||
^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomainsEx
|
||||
^samba4.rpc.netlogon.*.GetPassword
|
||||
^samba4.rpc.netlogon.*.DatabaseRedo
|
||||
^samba4.rpc.drsuapi.*ncacn_ip_tcp.*validate # should only work with seal
|
||||
^samba4.rpc.drsuapi.*ncacn_ip_tcp.*bigendian # should only work with seal
|
||||
^samba4.base.charset.*.Testing partial surrogate
|
||||
^samba4.*.base.maximum_allowed # broken until we implement NTCREATEX_OPTIONS_BACKUP_INTENT
|
||||
.*net.api.delshare.* # DelShare isn't implemented yet
|
||||
|
@ -39,6 +39,14 @@
|
||||
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); \
|
||||
} while (0)
|
||||
|
||||
#define DCESRV_INTERFACE_DRSUAPI_BIND(call, iface) \
|
||||
dcesrv_interface_drsuapi_bind(call, iface)
|
||||
static NTSTATUS dcesrv_interface_drsuapi_bind(struct dcesrv_call_state *dce_call,
|
||||
const struct dcesrv_interface *iface)
|
||||
{
|
||||
return dcesrv_interface_bind_require_privacy(dce_call, iface);
|
||||
}
|
||||
|
||||
/*
|
||||
drsuapi_DsBind
|
||||
*/
|
||||
|
@ -145,9 +145,9 @@ else:
|
||||
# add tests to this list as they start passing, so we test
|
||||
# that they stay passing
|
||||
ncacn_np_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.handles", "rpc.samsync", "rpc.samba3-sessionkey", "rpc.samba3-getusername", "rpc.samba3-lsa", "rpc.samba3-bind", "rpc.samba3-netlogon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
|
||||
ncalrpc_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.drsuapi", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
|
||||
ncalrpc_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
|
||||
drs_rpc_tests = smbtorture4_testsuites("drs.rpc")
|
||||
ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.netlogon", "rpc.netlogon.admin", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext", "rpc.samr.passwords.validate"] + drs_rpc_tests
|
||||
ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.drsuapi", "rpc.netlogon", "rpc.netlogon.admin", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext", "rpc.samr.passwords.validate"] + drs_rpc_tests
|
||||
slow_ncacn_np_tests = ["rpc.samlogon", "rpc.samr", "rpc.samr.users", "rpc.samr.large-dc", "rpc.samr.users.privileges", "rpc.samr.passwords", "rpc.samr.passwords.pwdlastset", "rpc.samr.passwords.lockout", "rpc.samr.passwords.badpwdcount"]
|
||||
slow_ncacn_ip_tcp_tests = ["rpc.cracknames"]
|
||||
|
||||
@ -197,7 +197,10 @@ for transport in ["ncacn_np", "ncacn_ip_tcp"]:
|
||||
else:
|
||||
raise AssertionError("Invalid transport %r" % transport)
|
||||
for t in tests:
|
||||
plansmbtorture4testsuite(t, env, ["%s:$SERVER" % transport, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s" % (t, transport))
|
||||
bindoptions = ''
|
||||
if t == 'rpc.cracknames':
|
||||
bindoptions = 'seal'
|
||||
plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport,bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions))
|
||||
|
||||
# Tests for the DFS referral calls implementation
|
||||
for t in smbtorture4_testsuites("dfs."):
|
||||
|
Loading…
Reference in New Issue
Block a user