From a07e040c8c8515d0ffc2a6cce31a4f0124e42023 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 1 Mar 2002 22:45:23 +0000 Subject: SECURITY FIXES: Remove a stray 'unbecome_root()' in the ntdomain an auth failure case. Only allow trust accounts to request a challange in srv_netlogon_nt.c. Currently any user can be the 'machine' for the domain logon. MERGE for 2.2. Andrew Bartlett (This used to be commit 0242d0e17827b05d8cd270f675d2595fa67fd5b9) --- source3/auth/auth_domain.c | 10 ++++------ source3/rpc_server/srv_netlog_nt.c | 8 +++++++- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index c7bfea4f6a..6c858e056c 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -401,14 +401,14 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; - char *p, *pserver; + char *password_server; unsigned char trust_passwd[16]; time_t last_change_time; char *domain = lp_workgroup(); if (!user_info || !server_info || !auth_context) { DEBUG(1,("check_ntdomain_security: Critical variables not present. Failing.\n")); - return NT_STATUS_LOGON_FAILURE; + return NT_STATUS_INVALID_PARAMETER; } /* @@ -430,7 +430,6 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, if (!secrets_fetch_trust_account_password(domain, trust_passwd, &last_change_time)) { DEBUG(0, ("check_domain_security: could not fetch trust account password for domain %s\n", lp_workgroup())); - unbecome_root(); return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } @@ -445,13 +444,12 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, * PDC/BDC. Contact each in turn and try and authenticate. */ - pserver = lp_passwordserver(); - p = pserver; + password_server = lp_passwordserver(); nt_status = domain_client_validate(mem_ctx, user_info, domain, (uchar *)auth_context->challenge.data, server_info, - p, trust_passwd, last_change_time); + password_server, trust_passwd, last_change_time); return nt_status; } diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index d382f12fcf..07f414e8fc 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -169,6 +169,7 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct) SAM_ACCOUNT *sampass = NULL; const uint8 *pass; BOOL ret; + uint32 acct_ctrl; #if 0 /* @@ -202,7 +203,12 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct) return False; } - if (!(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) && ((pass=pdb_get_nt_passwd(sampass)) != NULL)) { + acct_ctrl = pdb_get_acct_ctrl(sampass); + if (!(acct_ctrl & ACB_DISABLED) && + ((acct_ctrl & ACB_DOMTRUST) || + (acct_ctrl & ACB_WSTRUST) || + (acct_ctrl & ACB_SVRTRUST)) && + ((pass=pdb_get_nt_passwd(sampass)) != NULL)) { memcpy(md4pw, pass, 16); dump_data(5, md4pw, 16); pdb_free_sam(&sampass); -- cgit