1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

CVE-2022-38023 s4:rpc_server/netlogon: re-order checking in dcesrv_netr_creds_server_step_check()

This will simplify the following changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ec62151a2f)
This commit is contained in:
Stefan Metzmacher 2022-11-30 12:37:03 +01:00
parent 0c32166174
commit 88018634c7

View File

@ -678,13 +678,27 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
schannel_required = lp_bool(explicit_opt);
}
if (schannel_required) {
if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
*creds_out = creds;
TALLOC_FREE(frame);
return NT_STATUS_OK;
if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
if (!schannel_required) {
DBG_ERR("CVE-2020-1472(ZeroLogon): "
"%s request (opnum[%u]) WITH schannel from "
"client_account[%s] client_computer_name[%s]\n",
opname, opnum,
log_escape(frame, creds->account_name),
log_escape(frame, creds->computer_name));
}
if (explicit_opt != NULL && !schannel_required) {
DBG_ERR("CVE-2020-1472(ZeroLogon): "
"Option 'server require schannel:%s = no' not needed!?\n",
log_escape(frame, creds->account_name));
}
*creds_out = creds;
TALLOC_FREE(frame);
return NT_STATUS_OK;
}
if (schannel_required) {
DBG_ERR("CVE-2020-1472(ZeroLogon): "
"%s request (opnum[%u]) without schannel from "
"client_account[%s] client_computer_name[%s]\n",
@ -701,23 +715,6 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
return NT_STATUS_ACCESS_DENIED;
}
if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
DBG_ERR("CVE-2020-1472(ZeroLogon): "
"%s request (opnum[%u]) WITH schannel from "
"client_account[%s] client_computer_name[%s]\n",
opname, opnum,
log_escape(frame, creds->account_name),
log_escape(frame, creds->computer_name));
DBG_ERR("CVE-2020-1472(ZeroLogon): "
"Option 'server require schannel:%s = no' not needed!?\n",
log_escape(frame, creds->account_name));
*creds_out = creds;
TALLOC_FREE(frame);
return NT_STATUS_OK;
}
if (explicit_opt != NULL) {
DBG_INFO("CVE-2020-1472(ZeroLogon): "
"%s request (opnum[%u]) without schannel from "