55 lines
1.7 KiB
Diff
55 lines
1.7 KiB
Diff
From 28ac3faa51c66b005a90c527393fa7c2d43d4c31 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Wed, 30 Nov 2022 15:13:47 +0100
|
|
Subject: [PATCH 28/29] CVE-2022-38023 testparm: warn about server/client
|
|
schannel != yes
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
(cherry picked from commit f964c0c357214637f80d0089723b9b11d1b38f7e)
|
|
|
|
Conflict: NA
|
|
Reference: https://attachments.samba.org/attachment.cgi?id=17698
|
|
---
|
|
source3/utils/testparm.c | 20 +++++++++++++++++---
|
|
1 file changed, 17 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
|
|
index 58ba46bc15fb..dd8acb58ff71 100644
|
|
--- a/source3/utils/testparm.c
|
|
+++ b/source3/utils/testparm.c
|
|
@@ -598,11 +598,25 @@ static int do_global_checks(void)
|
|
ret = 1;
|
|
}
|
|
|
|
- if (!lp_server_schannel()) {
|
|
+ if (lp_server_schannel() != true) { /* can be 'auto' */
|
|
fprintf(stderr,
|
|
- "WARNING: You have configured 'server schannel = no'. "
|
|
+ "WARNING: You have not configured "
|
|
+ "'server schannel = yes' (the default). "
|
|
"Your server is vulernable to \"ZeroLogon\" "
|
|
- "(CVE-2020-1472)\n\n");
|
|
+ "(CVE-2020-1472)\n"
|
|
+ "If required use individual "
|
|
+ "'server require schannel:COMPUTERACCOUNT$ = no' "
|
|
+ "options\n\n");
|
|
+ }
|
|
+ if (lp_client_schannel() != true) { /* can be 'auto' */
|
|
+ fprintf(stderr,
|
|
+ "WARNING: You have not configured "
|
|
+ "'client schannel = yes' (the default). "
|
|
+ "Your server is vulernable to \"ZeroLogon\" "
|
|
+ "(CVE-2020-1472)\n"
|
|
+ "If required use individual "
|
|
+ "'client schannel:NETBIOSDOMAIN = no' "
|
|
+ "options\n\n");
|
|
}
|
|
|
|
return ret;
|
|
--
|
|
2.34.1
|