summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2017-08-29 15:24:14 +0200
committerKarolin Seeger <kseeger@samba.org>2017-09-13 09:19:48 -0700
commitb06322309752f3b666ad38f42ef2e96f1c41a24a (patch)
treed08ee602ed37032628efb7e27d4f6a4c618cec9f
parent95f6e5b574856453c3ef36ebe9ae86d8456e6404 (diff)
downloadsamba-b06322309752f3b666ad38f42ef2e96f1c41a24a.tar.gz
CVE-2017-12150: auth/credentials: cli_credentials_authentication_requested() should check for NTLM_CCACHE/SIGN/SEAL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat
-rw-r--r--auth/credentials/credentials.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 3b7d42a29a5..43e587aa5a0 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -25,6 +25,7 @@
#include "librpc/gen_ndr/samr.h" /* for struct samrPassword */
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_internal.h"
+#include "auth/gensec/gensec.h"
#include "libcli/auth/libcli_auth.h"
#include "tevent.h"
#include "param/param.h"
@@ -362,6 +363,8 @@ _PUBLIC_ bool cli_credentials_set_principal_callback(struct cli_credentials *cre
_PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *cred)
{
+ uint32_t gensec_features = 0;
+
if (cred->bind_dn) {
return true;
}
@@ -389,6 +392,19 @@ _PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *c
return true;
}
+ gensec_features = cli_credentials_get_gensec_features(cred);
+ if (gensec_features & GENSEC_FEATURE_NTLM_CCACHE) {
+ return true;
+ }
+
+ if (gensec_features & GENSEC_FEATURE_SIGN) {
+ return true;
+ }
+
+ if (gensec_features & GENSEC_FEATURE_SEAL) {
+ return true;
+ }
+
return false;
}
View Lorry Controller Status