diff options
| author | Stefan Metzmacher <metze@samba.org> | 2022-11-30 12:37:03 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2022-12-13 21:37:58 +0100 |
| commit | 643b4c1b95e40e46af14afa60aa42b0fcf1cf446 (patch) | |
| tree | f13afc63309ef1dc1b2d472247637b7ad2f0adac | |
| parent | b9269801ed6bc034da924cdedd0b6a2938a1379f (diff) | |
| download | samba-643b4c1b95e40e46af14afa60aa42b0fcf1cf446.tar.gz | |
CVE-2022-38023 s4:rpc_server/netlogon: re-order checking in dcesrv_netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ec62151a2fb49ecbeaa3bf924f49a956832b735e)
| -rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 41 |
1 files changed, 19 insertions, 22 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 5dfd84d939d..637be93dacc 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -675,13 +675,27 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc schannel_required = lp_bool(explicit_opt); } - if (schannel_required) { - if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { - *creds_out = creds; - TALLOC_FREE(frame); - return NT_STATUS_OK; + if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { + if (!schannel_required) { + DBG_ERR("CVE-2020-1472(ZeroLogon): " + "%s request (opnum[%u]) WITH schannel from " + "client_account[%s] client_computer_name[%s]\n", + opname, opnum, + log_escape(frame, creds->account_name), + log_escape(frame, creds->computer_name)); + } + if (explicit_opt != NULL && !schannel_required) { + DBG_ERR("CVE-2020-1472(ZeroLogon): " + "Option 'server require schannel:%s = no' not needed!?\n", + log_escape(frame, creds->account_name)); } + *creds_out = creds; + TALLOC_FREE(frame); + return NT_STATUS_OK; + } + + if (schannel_required) { DBG_ERR("CVE-2020-1472(ZeroLogon): " "%s request (opnum[%u]) without schannel from " "client_account[%s] client_computer_name[%s]\n", @@ -698,23 +712,6 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc return NT_STATUS_ACCESS_DENIED; } - if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { - DBG_ERR("CVE-2020-1472(ZeroLogon): " - "%s request (opnum[%u]) WITH schannel from " - "client_account[%s] client_computer_name[%s]\n", - opname, opnum, - log_escape(frame, creds->account_name), - log_escape(frame, creds->computer_name)); - DBG_ERR("CVE-2020-1472(ZeroLogon): " - "Option 'server require schannel:%s = no' not needed!?\n", - log_escape(frame, creds->account_name)); - - *creds_out = creds; - TALLOC_FREE(frame); - return NT_STATUS_OK; - } - - if (explicit_opt != NULL) { DBG_INFO("CVE-2020-1472(ZeroLogon): " "%s request (opnum[%u]) without schannel from " |