diff options
| -rw-r--r-- | source4/libcli/auth/smbencrypt.c | 14 | ||||
| -rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 3 | ||||
| -rw-r--r-- | source4/rpc_server/samr/samr_password.c | 10 | ||||
| -rw-r--r-- | source4/smb_server/smb/signing.c | 9 | ||||
| -rw-r--r-- | source4/torture/rpc/netlogon.c | 4 | ||||
| -rw-r--r-- | source4/torture/rpc/remote_pac.c | 2 |
6 files changed, 27 insertions, 15 deletions
diff --git a/source4/libcli/auth/smbencrypt.c b/source4/libcli/auth/smbencrypt.c index 7de9627302..b50f003b91 100644 --- a/source4/libcli/auth/smbencrypt.c +++ b/source4/libcli/auth/smbencrypt.c @@ -497,10 +497,10 @@ bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flag returned password including termination. ************************************************************/ bool decode_pw_buffer(uint8_t in_buffer[516], char *new_pwrd, - int new_pwrd_size, uint32_t *new_pw_len, - int string_flags) + int new_pwrd_size, int string_flags) { int byte_len=0; + ssize_t converted_pw_len; /* the incoming buffer can be any alignment. */ string_flags |= STR_NOALIGN; @@ -526,13 +526,17 @@ bool decode_pw_buffer(uint8_t in_buffer[516], char *new_pwrd, } /* decode into the return buffer. Buffer length supplied */ - *new_pw_len = pull_string(lp_iconv_convenience(global_loadparm), new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size, + converted_pw_len = pull_string(lp_iconv_convenience(global_loadparm), new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size, byte_len, string_flags); + if (converted_pw_len == -1) { + return false; + } + #ifdef DEBUG_PASSWORD DEBUG(100,("decode_pw_buffer: new_pwrd: ")); - dump_data(100, (const uint8_t *)new_pwrd, *new_pw_len); - DEBUG(100,("multibyte len:%d\n", *new_pw_len)); + dump_data(100, (const uint8_t *)new_pwrd, converted_pw_len); + DEBUG(100,("multibyte len:%d\n", converted_pw_len)); DEBUG(100,("original char len:%d\n", byte_len/2)); #endif diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 6f4287f9d8..cceb2a62ac 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -337,7 +337,6 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal struct ldb_context *sam_ctx; NTSTATUS nt_status; char new_pass[512]; - uint32_t new_pass_len; bool ret; struct samr_CryptPassword password_buf; @@ -358,7 +357,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal creds_arcfour_crypt(creds, password_buf.data, 516); ret = decode_pw_buffer(password_buf.data, new_pass, sizeof(new_pass), - &new_pass_len, STR_UNICODE); + STR_UNICODE); if (!ret) { DEBUG(3,("netr_ServerPasswordSet2: failed to decode password buffer\n")); return NT_STATUS_ACCESS_DENIED; diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index b78a9ceaa7..5b8e92583b 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -243,7 +243,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, data_blob_free(&lm_pwd_blob); if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass), - &new_pass_len, STR_ASCII)) { + STR_ASCII)) { ldb_transaction_cancel(sam_ctx); DEBUG(3,("samr: failed to decode password buffer\n")); return NT_STATUS_WRONG_PASSWORD; @@ -321,7 +321,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, { NTSTATUS status; char new_pass[512]; - uint32_t new_pass_len; struct ldb_context *sam_ctx = NULL; struct ldb_dn *user_dn; int ret; @@ -386,7 +385,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, data_blob_free(&nt_pwd_blob); if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass), - &new_pass_len, STR_UNICODE)) { + STR_UNICODE)) { DEBUG(3,("samr: failed to decode password buffer\n")); status = NT_STATUS_WRONG_PASSWORD; goto failed; @@ -519,7 +518,6 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, { NTSTATUS nt_status; char new_pass[512]; - uint32_t new_pass_len; DATA_BLOB session_key = data_blob(NULL, 0); nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key); @@ -530,7 +528,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, arcfour_crypt_blob(pwbuf->data, 516, &session_key); if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass), - &new_pass_len, STR_UNICODE)) { + STR_UNICODE)) { DEBUG(3,("samr: failed to decode password buffer\n")); return NT_STATUS_WRONG_PASSWORD; } @@ -583,7 +581,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, arcfour_crypt_blob(pwbuf->data, 516, &co_session_key); if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass), - &new_pass_len, STR_UNICODE)) { + STR_UNICODE)) { DEBUG(3,("samr: failed to decode password buffer\n")); return NT_STATUS_WRONG_PASSWORD; } diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c index ee4531c8f6..21dc99b165 100644 --- a/source4/smb_server/smb/signing.c +++ b/source4/smb_server/smb/signing.c @@ -118,10 +118,19 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn) smb_conn->signing.mandatory_signing = true; break; case SMB_SIGNING_AUTO: + /* If we are a domain controller, SMB signing is + * really important, as it can prevent a number of + * attacks on communications between us and the + * clients */ + if (lp_server_role(smb_conn->lp_ctx) == ROLE_DOMAIN_CONTROLLER) { smb_conn->signing.allow_smb_signing = true; smb_conn->signing.mandatory_signing = true; } else { + /* However, it really sucks (no sendfile, CPU + * overhead) performance-wise when used on a + * file server, so disable it by default (auto + * is the default) on non-DCs */ smb_conn->signing.allow_smb_signing = false; } break; diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 5ec2c29a20..2522062696 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -250,6 +250,10 @@ static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context torture_assert(tctx, creds_client_check(creds, &credentials3), "Credential chaining failed"); torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags); + + /* Prove that requesting a challenge again won't break it */ + status = dcerpc_netr_ServerReqChallenge(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge"); *creds_out = creds; return true; diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c index b32881cc69..25368d239a 100644 --- a/source4/torture/rpc/remote_pac.c +++ b/source4/torture/rpc/remote_pac.c @@ -68,8 +68,6 @@ static bool test_PACVerify(struct torture_context *tctx, TALLOC_CTX *tmp_ctx = talloc_new(tctx); - int i; - torture_assert(tctx, tmp_ctx != NULL, "talloc_new() failed"); if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, |