From 88018634c78b589185e877e6d7e4f10894c32a0b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 30 Nov 2022 12:37:03 +0100
Subject: [PATCH] CVE-2022-38023 s4:rpc_server/netlogon: re-order checking in
 dcesrv_netr_creds_server_step_check()

This will simplify the following changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ec62151a2fb49ecbeaa3bf924f49a956832b735e)
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 41 +++++++++----------
 1 file changed, 19 insertions(+), 22 deletions(-)

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 95fd1526d5a..33063942e16 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -678,13 +678,27 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
 		schannel_required = lp_bool(explicit_opt);
 	}
 
-	if (schannel_required) {
-		if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
-			*creds_out = creds;
-			TALLOC_FREE(frame);
-			return NT_STATUS_OK;
+	if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
+		if (!schannel_required) {
+			DBG_ERR("CVE-2020-1472(ZeroLogon): "
+				"%s request (opnum[%u]) WITH schannel from "
+				"client_account[%s] client_computer_name[%s]\n",
+				opname, opnum,
+				log_escape(frame, creds->account_name),
+				log_escape(frame, creds->computer_name));
+		}
+		if (explicit_opt != NULL && !schannel_required) {
+			DBG_ERR("CVE-2020-1472(ZeroLogon): "
+				"Option 'server require schannel:%s = no' not needed!?\n",
+				log_escape(frame, creds->account_name));
 		}
 
+		*creds_out = creds;
+		TALLOC_FREE(frame);
+		return NT_STATUS_OK;
+	}
+
+	if (schannel_required) {
 		DBG_ERR("CVE-2020-1472(ZeroLogon): "
 			"%s request (opnum[%u]) without schannel from "
 			"client_account[%s] client_computer_name[%s]\n",
@@ -701,23 +715,6 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
-		DBG_ERR("CVE-2020-1472(ZeroLogon): "
-			"%s request (opnum[%u]) WITH schannel from "
-			"client_account[%s] client_computer_name[%s]\n",
-			opname, opnum,
-			log_escape(frame, creds->account_name),
-			log_escape(frame, creds->computer_name));
-		DBG_ERR("CVE-2020-1472(ZeroLogon): "
-			"Option 'server require schannel:%s = no' not needed!?\n",
-			log_escape(frame, creds->account_name));
-
-		*creds_out = creds;
-		TALLOC_FREE(frame);
-		return NT_STATUS_OK;
-	}
-
-
 	if (explicit_opt != NULL) {
 		DBG_INFO("CVE-2020-1472(ZeroLogon): "
 			 "%s request (opnum[%u]) without schannel from "