packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0031-CVE-2022-38023.patch
xinghe c24b46a73b add patch for fix CVE-2022-38023
2023-04-03 09:21:42 +00:00

81 lines
2.7 KiB
Diff
Raw Blame History

From 4118bd2e1b1a31717f4c5355be5d83c121fa85dc Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Wed, 21 Dec 2022 18:17:57 +0100
Subject: [PATCH 32/40] CVE-2022-38023 s3:rpc_server/netlogon: re-order
checking in netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17736
---
source3/rpc_server/netlogon/srv_netlog_nt.c | 40 ++++++++++-----------
1 file changed, 19 insertions(+), 21 deletions(-)
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 8e907e60f7e..ba73fe3fa58 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1122,13 +1122,27 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
schannel_required = lp_bool(explicit_opt);
}
- if (schannel_required) {
- if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
- *creds_out = creds;
- TALLOC_FREE(frame);
- return NT_STATUS_OK;
+ if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
+ if (!schannel_required) {
+ DBG_ERR("CVE-2020-1472(ZeroLogon): "
+ "%s request (opnum[%u]) WITH schannel from "
+ "client_account[%s] client_computer_name[%s]\n",
+ opname, opnum,
+ log_escape(frame, creds->account_name),
+ log_escape(frame, creds->computer_name));
+ }
+ if (explicit_opt != NULL && !schannel_required) {
+ DBG_ERR("CVE-2020-1472(ZeroLogon): "
+ "Option 'server require schannel:%s = no' not needed!?\n",
+ log_escape(frame, creds->account_name));
}
+ *creds_out = creds;
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
+
+ if (schannel_required) {
DBG_ERR("CVE-2020-1472(ZeroLogon): "
"%s request (opnum[%u]) without schannel from "
"client_account[%s] client_computer_name[%s]\n",
@@ -1155,22 +1169,6 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
warned_global_once = true;
}
- if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
- DBG_ERR("CVE-2020-1472(ZeroLogon): "
- "%s request (opnum[%u]) WITH schannel from "
- "client_account[%s] client_computer_name[%s]\n",
- opname, opnum,
- log_escape(frame, creds->account_name),
- log_escape(frame, creds->computer_name));
- DBG_ERR("CVE-2020-1472(ZeroLogon): "
- "Option 'server require schannel:%s = no' not needed!?\n",
- log_escape(frame, creds->account_name));
-
- *creds_out = creds;
- TALLOC_FREE(frame);
- return NT_STATUS_OK;
- }
-
if (explicit_opt != NULL) {
DBG_INFO("CVE-2020-1472(ZeroLogon): "
"%s request (opnum[%u]) without schannel from "
--
2.39.0
Reference in New Issue View Git Blame Copy Permalink