From a07e040c8c8515d0ffc2a6cce31a4f0124e42023 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 1 Mar 2002 22:45:23 +0000
Subject: SECURITY FIXES:

Remove a stray 'unbecome_root()' in the ntdomain an auth failure case.

Only allow trust accounts to request a challange in srv_netlogon_nt.c.
Currently any user can be the 'machine' for the domain logon.  MERGE for 2.2.

Andrew Bartlett
(This used to be commit 0242d0e17827b05d8cd270f675d2595fa67fd5b9)
---
 source3/rpc_server/srv_netlog_nt.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index d382f12fcf..07f414e8fc 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -169,6 +169,7 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct)
 	SAM_ACCOUNT *sampass = NULL;
 	const uint8 *pass;
 	BOOL ret;
+	uint32 acct_ctrl;
 
 #if 0
     /*
@@ -202,7 +203,12 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct)
 		return False;
 	}
 
-	if (!(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) && ((pass=pdb_get_nt_passwd(sampass)) != NULL)) {
+	acct_ctrl = pdb_get_acct_ctrl(sampass);
+	if (!(acct_ctrl & ACB_DISABLED) &&
+	    ((acct_ctrl & ACB_DOMTRUST) ||
+	     (acct_ctrl & ACB_WSTRUST) ||
+	     (acct_ctrl & ACB_SVRTRUST)) &&
+	    ((pass=pdb_get_nt_passwd(sampass)) != NULL)) {
 		memcpy(md4pw, pass, 16);
 		dump_data(5, md4pw, 16);
  		pdb_free_sam(&sampass);
-- 
cgit