From 221b69af846c876957ed3f8bab23e2f51574eb87 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 19 Jun 2008 09:34:04 +1000 Subject: Don't sign NTP packets to disabled accounts (As this would allow an offline attack on their password) Andrew Bartlett (This used to be commit e28481fc0976231c6f4cb7a5f7c7708f4becdb18) --- source4/ntp_signd/ntp_signd.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'source4/ntp_signd') diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c index fdd97e475c..c1ac7dbcf4 100644 --- a/source4/ntp_signd/ntp_signd.c +++ b/source4/ntp_signd/ntp_signd.c @@ -123,9 +123,10 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input) struct signed_reply signed_reply; enum ndr_err_code ndr_err; struct ldb_result *res; - const char *attrs[] = { "unicodePwd", NULL }; + const char *attrs[] = { "unicodePwd", "userAccountControl", NULL }; struct MD5Context ctx; struct samr_Password *nt_hash; + uint32_t user_account_control; int ret; NT_STATUS_HAVE_NO_MEMORY(tmp_ctx); @@ -184,6 +185,14 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input) return signing_failure(ntp_signdconn, sign_request.packet_id); } + user_account_control = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0); + + if (user_account_control & UF_ACCOUNTDISABLE) { + DEBUG(1, ("Account for SID [%s] is disabled\n", dom_sid_string(tmp_ctx, sid))); + talloc_free(tmp_ctx); + return NT_STATUS_ACCESS_DENIED; + } + nt_hash = samdb_result_hash(tmp_ctx, res->msgs[0], "unicodePwd"); if (!nt_hash) { DEBUG(1, ("No unicodePwd found on record of SID %s for NTP signing\n", dom_sid_string(tmp_ctx, sid))); -- cgit