summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-06-19 09:34:04 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-06-19 09:34:04 +1000
commit221b69af846c876957ed3f8bab23e2f51574eb87 (patch)
treed3b255573e965e2944f4d84c3786b3793d755cc5
parentcceabcd2a4a4282aee8562852de32b29038e12a3 (diff)
downloadsamba-221b69af846c876957ed3f8bab23e2f51574eb87.tar.gz
samba-221b69af846c876957ed3f8bab23e2f51574eb87.tar.bz2
samba-221b69af846c876957ed3f8bab23e2f51574eb87.zip
Don't sign NTP packets to disabled accounts
(As this would allow an offline attack on their password) Andrew Bartlett (This used to be commit e28481fc0976231c6f4cb7a5f7c7708f4becdb18)
-rw-r--r--source4/ntp_signd/ntp_signd.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c
index fdd97e475c..c1ac7dbcf4 100644
--- a/source4/ntp_signd/ntp_signd.c
+++ b/source4/ntp_signd/ntp_signd.c
@@ -123,9 +123,10 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input)
struct signed_reply signed_reply;
enum ndr_err_code ndr_err;
struct ldb_result *res;
- const char *attrs[] = { "unicodePwd", NULL };
+ const char *attrs[] = { "unicodePwd", "userAccountControl", NULL };
struct MD5Context ctx;
struct samr_Password *nt_hash;
+ uint32_t user_account_control;
int ret;
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
@@ -184,6 +185,14 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input)
return signing_failure(ntp_signdconn, sign_request.packet_id);
}
+ user_account_control = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0);
+
+ if (user_account_control & UF_ACCOUNTDISABLE) {
+ DEBUG(1, ("Account for SID [%s] is disabled\n", dom_sid_string(tmp_ctx, sid)));
+ talloc_free(tmp_ctx);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
nt_hash = samdb_result_hash(tmp_ctx, res->msgs[0], "unicodePwd");
if (!nt_hash) {
DEBUG(1, ("No unicodePwd found on record of SID %s for NTP signing\n", dom_sid_string(tmp_ctx, sid)));