samba/backport-0035-CVE-2022-38023.patch

From e46fdd96cf0cea2415e7dfd49d7f204c53bac762 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Wed, 4 Jan 2023 17:23:41 +0100
Subject: [PATCH 37/40] CVE-2022-38023 s3:rpc_server/netlogon: Rename variable

This will simplify the following changes.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17736
---
 source3/rpc_server/netlogon/srv_netlog_nt.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index a66b929b479..b7c8e2c928e 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1071,9 +1071,10 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p,
 {
 	TALLOC_CTX *frame = talloc_stackframe();
 	NTSTATUS status;
+	const char *explicit_opt = NULL;
 	bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
 	bool schannel_required = schannel_global_required;
-	const char *explicit_opt = NULL;
+	bool schannel_explicitly_set = false;
 	int CVE_2020_1472_warn_level = lp_parm_int(GLOBAL_SECTION_SNUM,
 		"CVE_2020_1472", "warn_about_unused_debug_level", DBGLVL_ERR);
 	int CVE_2020_1472_error_level = lp_parm_int(GLOBAL_SECTION_SNUM,
@@ -1112,11 +1113,12 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p,
 	if (explicit_opt != NULL) {
 		schannel_required = lp_bool(explicit_opt);
 	}
+	schannel_explicitly_set = explicit_opt != NULL;
 
 	if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
 		status = NT_STATUS_OK;
 
-		if (explicit_opt != NULL && !schannel_required) {
+		if (schannel_explicitly_set && !schannel_required) {
 			dbg_lvl = MIN(dbg_lvl, CVE_2020_1472_warn_level);
 		} else if (!schannel_required) {
 			dbg_lvl = MIN(dbg_lvl, DBGLVL_INFO);
@@ -1131,7 +1133,7 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p,
 		      log_escape(frame, creds->computer_name),
 		      nt_errstr(status)));
 
-		if (explicit_opt != NULL && !schannel_required) {
+		if (schannel_explicitly_set && !schannel_required) {
 			DEBUG(CVE_2020_1472_warn_level, (
 			      "CVE-2020-1472(ZeroLogon): "
 			      "Option 'server require schannel:%s = no' not needed for '%s'!\n",
@@ -1146,7 +1148,7 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p,
 	if (schannel_required) {
 		status = NT_STATUS_ACCESS_DENIED;
 
-		if (explicit_opt != NULL) {
+		if (schannel_explicitly_set) {
 			dbg_lvl = MIN(dbg_lvl, DBGLVL_NOTICE);
 		} else {
 			dbg_lvl = MIN(dbg_lvl, CVE_2020_1472_error_level);
@@ -1160,7 +1162,7 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p,
 		      log_escape(frame, creds->account_name),
 		      log_escape(frame, creds->computer_name),
 		      nt_errstr(status)));
-		if (explicit_opt != NULL) {
+		if (schannel_explicitly_set) {
 			D_NOTICE("CVE-2020-1472(ZeroLogon): Option "
 				"'server require schannel:%s = yes' "
 				"rejects access for client.\n",
@@ -1188,7 +1190,7 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p,
 
 	status = NT_STATUS_OK;
 
-	if (explicit_opt != NULL) {
+	if (schannel_explicitly_set) {
 		dbg_lvl = MIN(dbg_lvl, DBGLVL_INFO);
 	} else {
 		dbg_lvl = MIN(dbg_lvl, CVE_2020_1472_error_level);
@@ -1203,7 +1205,7 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p,
 	      log_escape(frame, creds->computer_name),
 	      nt_errstr(status)));
 
-	if (explicit_opt != NULL) {
+	if (schannel_explicitly_set) {
 		D_INFO("CVE-2020-1472(ZeroLogon): Option "
 		       "'server require schannel:%s = no' "
 		       "still needed for '%s'!\n",
-- 
2.39.0