diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-11-20 14:06:18 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-04-12 19:25:22 +0200 |
commit | 2063692367429d0767153b6a0d22627cb2c27d5f (patch) | |
tree | 0c4576e300380df406a64a346b34f99cf3765417 /nsswitch/winbind_struct_protocol.h | |
parent | 83c71586dc4d46ecc4a129e23f11aa192ca8002f (diff) | |
download | samba-2063692367429d0767153b6a0d22627cb2c27d5f.tar.gz |
CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
We don't need to change the protocol version because:
1. An old client may provide the "initial_blob"
(which was and is still ignored when going
via the wbcCredentialCache() function)
and the new winbindd won't use new_spnego.
2. A new client will just get a zero byte
from an old winbindd. As it uses talloc_zero() to
create struct winbindd_response.
3. Changing the version number would introduce problems
with backports to older Samba versions.
New clients which are capable of using the new_spnego field
will use "negotiate_blob" instead of "initial_blob".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'nsswitch/winbind_struct_protocol.h')
-rw-r--r-- | nsswitch/winbind_struct_protocol.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h index 622dcfef232..84829d2da74 100644 --- a/nsswitch/winbind_struct_protocol.h +++ b/nsswitch/winbind_struct_protocol.h @@ -488,6 +488,7 @@ struct winbindd_response { struct { uint8_t session_key[16]; uint32_t auth_blob_len; /* blob in extra_data */ + uint8_t new_spnego; } ccache_ntlm_auth; struct { fstring dc_unc; |