CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables

We now give an error when required flags are missing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2015-12-01 11:01:24 +0100
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:22 +0200
commit: 2843f012b6bfb6d56e11b1723c0b35531ebf669f (patch)
tree: 68bbcbb1381d2e237f973f85d3c9213e3cb2a89d /auth/ntlmssp/ntlmssp_client.c
parent: 61ec7f069d777e2688657b490c07ce7499bd7221 (diff)
download: samba-2843f012b6bfb6d56e11b1723c0b35531ebf669f.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index bf3b8c0dd5f..c8b7c432f8a 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -168,6 +168,9 @@ NTSTATUS gensec_ntlmssp_resume_ccache(struct gensec_security *gensec_security,
 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
 	}
 
+	ntlmssp_state->neg_flags |= ntlmssp_state->required_flags;
+	ntlmssp_state->conf_flags = ntlmssp_state->neg_flags;
+
 	if (DEBUGLEVEL >= 10) {
 		struct NEGOTIATE_MESSAGE *negotiate = talloc(
 			ntlmssp_state, struct NEGOTIATE_MESSAGE);
@@ -669,6 +672,9 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
 		ntlmssp_state->use_ccache = true;
 	}
 
+	ntlmssp_state->neg_flags |= ntlmssp_state->required_flags;
+	ntlmssp_state->conf_flags = ntlmssp_state->neg_flags;
+
 	return NT_STATUS_OK;
 }
author	Stefan Metzmacher <metze@samba.org>	2015-12-01 11:01:24 +0100
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:22 +0200
commit	2843f012b6bfb6d56e11b1723c0b35531ebf669f (patch)
tree	68bbcbb1381d2e237f973f85d3c9213e3cb2a89d /auth/ntlmssp/ntlmssp_client.c
parent	61ec7f069d777e2688657b490c07ce7499bd7221 (diff)
download	samba-2843f012b6bfb6d56e11b1723c0b35531ebf669f.tar.gz