1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

CVE-2020-25717: s3:ntlm_auth: start with authoritative = 1

This is not strictly needed, but makes it easier to audit
that we don't miss important places.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2021-10-26 17:42:41 +02:00 committed by Jule Anger
parent 76ec5f9409
commit cc6d63100c
2 changed files with 7 additions and 7 deletions

View File

@ -1931,7 +1931,7 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod
TALLOC_FREE(mem_ctx); TALLOC_FREE(mem_ctx);
} else { } else {
uint8_t authoritative = 0; uint8_t authoritative = 1;
if (!domain) { if (!domain) {
domain = smb_xstrdup(get_winbind_domain()); domain = smb_xstrdup(get_winbind_domain());
@ -2447,7 +2447,7 @@ static bool check_auth_crap(void)
char *hex_lm_key; char *hex_lm_key;
char *hex_user_session_key; char *hex_user_session_key;
char *error_string; char *error_string;
uint8_t authoritative = 0; uint8_t authoritative = 1;
setbuf(stdout, NULL); setbuf(stdout, NULL);

View File

@ -54,7 +54,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which)
DATA_BLOB lm_response = data_blob(NULL, 24); DATA_BLOB lm_response = data_blob(NULL, 24);
DATA_BLOB nt_response = data_blob(NULL, 24); DATA_BLOB nt_response = data_blob(NULL, 24);
DATA_BLOB session_key = data_blob(NULL, 16); DATA_BLOB session_key = data_blob(NULL, 16);
uint8_t authoritative = 0; uint8_t authoritative = 1;
uchar lm_key[8]; uchar lm_key[8];
uchar user_session_key[16]; uchar user_session_key[16];
uchar lm_hash[16]; uchar lm_hash[16];
@ -177,7 +177,7 @@ static bool test_ntlm_in_lm(void)
NTSTATUS nt_status; NTSTATUS nt_status;
uint32_t flags = 0; uint32_t flags = 0;
DATA_BLOB nt_response = data_blob(NULL, 24); DATA_BLOB nt_response = data_blob(NULL, 24);
uint8_t authoritative = 0; uint8_t authoritative = 1;
uchar lm_key[8]; uchar lm_key[8];
uchar lm_hash[16]; uchar lm_hash[16];
uchar user_session_key[16]; uchar user_session_key[16];
@ -245,7 +245,7 @@ static bool test_ntlm_in_both(void)
uint32_t flags = 0; uint32_t flags = 0;
DATA_BLOB nt_response = data_blob(NULL, 24); DATA_BLOB nt_response = data_blob(NULL, 24);
DATA_BLOB session_key = data_blob(NULL, 16); DATA_BLOB session_key = data_blob(NULL, 16);
uint8_t authoritative = 0; uint8_t authoritative = 1;
uint8_t lm_key[8]; uint8_t lm_key[8];
uint8_t lm_hash[16]; uint8_t lm_hash[16];
uint8_t user_session_key[16]; uint8_t user_session_key[16];
@ -322,7 +322,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
DATA_BLOB lmv2_response = data_blob_null; DATA_BLOB lmv2_response = data_blob_null;
DATA_BLOB ntlmv2_session_key = data_blob_null; DATA_BLOB ntlmv2_session_key = data_blob_null;
DATA_BLOB names_blob = NTLMv2_generate_names_blob(NULL, get_winbind_netbios_name(), get_winbind_domain()); DATA_BLOB names_blob = NTLMv2_generate_names_blob(NULL, get_winbind_netbios_name(), get_winbind_domain());
uint8_t authoritative = 0; uint8_t authoritative = 1;
uchar user_session_key[16]; uchar user_session_key[16];
DATA_BLOB chall = get_challenge(); DATA_BLOB chall = get_challenge();
char *error_string; char *error_string;
@ -452,7 +452,7 @@ static bool test_plaintext(enum ntlm_break break_which)
char *password; char *password;
smb_ucs2_t *nt_response_ucs2; smb_ucs2_t *nt_response_ucs2;
size_t converted_size; size_t converted_size;
uint8_t authoritative = 0; uint8_t authoritative = 1;
uchar user_session_key[16]; uchar user_session_key[16];
uchar lm_key[16]; uchar lm_key[16];
static const uchar zeros[8] = { 0, }; static const uchar zeros[8] = { 0, };