43 lines
1.5 KiB
Diff
43 lines
1.5 KiB
Diff
From d079628a43f845522598be7efa0abf5e478549c6 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Fri, 8 Oct 2021 18:08:20 +0200
|
|
Subject: [PATCH 119/266] CVE-2020-25717: s3:auth: no longer let
|
|
check_account() autocreate local users
|
|
|
|
So far we autocreated local user accounts based on just the
|
|
account_name (just ignoring any domain part).
|
|
|
|
This only happens via a possible 'add user script',
|
|
which is not typically defined on domain members
|
|
and on NT4 DCs local users already exist in the
|
|
local passdb anyway.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
---
|
|
source3/auth/auth_util.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
Conflict:NA
|
|
Reference:https://git.samba.org/samba.git/?p=samba.git;a=patch;h=d079628a43f845522598be7efa0abf5e478549c6
|
|
|
|
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
|
|
index 4de4bc74374..99b85d47a5f 100644
|
|
--- a/source3/auth/auth_util.c
|
|
+++ b/source3/auth/auth_util.c
|
|
@@ -1898,7 +1898,7 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
|
|
return NT_STATUS_NO_MEMORY;
|
|
}
|
|
|
|
- passwd = smb_getpwnam(mem_ctx, dom_user, &real_username, true );
|
|
+ passwd = smb_getpwnam(mem_ctx, dom_user, &real_username, false);
|
|
if (!passwd) {
|
|
DEBUG(3, ("Failed to find authenticated user %s via "
|
|
"getpwnam(), denying access.\n", dom_user));
|
|
--
|
|
2.23.0
|
|
|