Changeset 919 for vendor/current/source3/auth

Timestamp:

Jun 9, 2016, 2:17:22 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: apply latest security patches to vendor

File:

• vendor/current/source3/auth/auth_util.c (modified) (2 diffs)

vendor/current/source3/auth/auth_util.c

@@ -31 +31 @@
 #include "lib/winbind_util.h"
 #include "passdb.h"
+#include "../lib/tsocket/tsocket.h"
 
 #undef DBGC_CLASS
@@ -368 +369 @@
                                       DATA_BLOB lm_resp, DATA_BLOB nt_resp)
 {
+        bool allow_raw = lp_raw_ntlmv2_auth();
+
+        if (!allow_raw && nt_resp.length >= 48) {
+                /*
+                 * NTLMv2_RESPONSE has at least 48 bytes
+                 * and should only be supported via NTLMSSP.
+                 */
+                DEBUG(2,("Rejecting raw NTLMv2 authentication with "
+                         "user [%s\\%s]\n",
+                         client_domain, smb_name));
+                return NT_STATUS_INVALID_PARAMETER;
+        }
+
         return make_user_info_map(user_info, smb_name, 
                                   client_domain,