sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-09 08:58:35 +03:00
Code

s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()

Browse Source 
The domain join with VMWare Horizon Quickprep seems to use
netr_ServerAuthenticate3() with just the NEG_STRONG_KEYS
(and in addition the NEG_SUPPORTS_AES) just to verify a password.

Note: NETLOGON_NEG_SCHANNEL is an alias to NEG_AUTHENTICATED_RPC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13464 (maybe)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit fa5215ce5b93fb032df341e718d7011e619f0916)
This commit is contained in:
Stefan Metzmacher 2019-05-27 12:38:43 +02:00 committed by Karolin Seeger
parent 3bcaef67d2
commit a47fd552e1
1 changed files with 1 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
source3/rpc_server/netlogon/srv_netlog_nt.c
View File

@ -927,7 +927,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
srv_flgs |= NETLOGON_NEG_SUPPORTS_AES;
}
if (lp_server_schannel() != false) {
if (in_neg_flags & NETLOGON_NEG_SCHANNEL) {
srv_flgs |= NETLOGON_NEG_SCHANNEL;
}
@ -968,17 +968,6 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
goto out;
}
if ( (lp_server_schannel() == true) &&
((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
/* schannel must be used, but client did not offer it. */
DEBUG(0,("%s: schannel required but client failed "
"to offer it. Client was %s\n",
fn, r->in.account_name));
status = NT_STATUS_ACCESS_DENIED;
goto out;
}
status = get_md4pw(&mach_pwd,
r->in.account_name,
r->in.secure_channel_type,