mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2022-38023 s4:rpc_server/netlogon: re-order checking in dcesrv_netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ec62151a2f
)
This commit is contained in:
parent
0c32166174
commit
88018634c7
@ -678,13 +678,27 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
|
||||
schannel_required = lp_bool(explicit_opt);
|
||||
}
|
||||
|
||||
if (schannel_required) {
|
||||
if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
|
||||
*creds_out = creds;
|
||||
TALLOC_FREE(frame);
|
||||
return NT_STATUS_OK;
|
||||
if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
|
||||
if (!schannel_required) {
|
||||
DBG_ERR("CVE-2020-1472(ZeroLogon): "
|
||||
"%s request (opnum[%u]) WITH schannel from "
|
||||
"client_account[%s] client_computer_name[%s]\n",
|
||||
opname, opnum,
|
||||
log_escape(frame, creds->account_name),
|
||||
log_escape(frame, creds->computer_name));
|
||||
}
|
||||
if (explicit_opt != NULL && !schannel_required) {
|
||||
DBG_ERR("CVE-2020-1472(ZeroLogon): "
|
||||
"Option 'server require schannel:%s = no' not needed!?\n",
|
||||
log_escape(frame, creds->account_name));
|
||||
}
|
||||
|
||||
*creds_out = creds;
|
||||
TALLOC_FREE(frame);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
if (schannel_required) {
|
||||
DBG_ERR("CVE-2020-1472(ZeroLogon): "
|
||||
"%s request (opnum[%u]) without schannel from "
|
||||
"client_account[%s] client_computer_name[%s]\n",
|
||||
@ -701,23 +715,6 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
|
||||
DBG_ERR("CVE-2020-1472(ZeroLogon): "
|
||||
"%s request (opnum[%u]) WITH schannel from "
|
||||
"client_account[%s] client_computer_name[%s]\n",
|
||||
opname, opnum,
|
||||
log_escape(frame, creds->account_name),
|
||||
log_escape(frame, creds->computer_name));
|
||||
DBG_ERR("CVE-2020-1472(ZeroLogon): "
|
||||
"Option 'server require schannel:%s = no' not needed!?\n",
|
||||
log_escape(frame, creds->account_name));
|
||||
|
||||
*creds_out = creds;
|
||||
TALLOC_FREE(frame);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
||||
if (explicit_opt != NULL) {
|
||||
DBG_INFO("CVE-2020-1472(ZeroLogon): "
|
||||
"%s request (opnum[%u]) without schannel from "
|
||||
|
Loading…
Reference in New Issue
Block a user