git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
bbc9a16
)
CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
author
Stefan Metzmacher
<metze@samba.org>
Fri, 7 Aug 2015 11:52:48 +0000
(13:52 +0200)
committer
Stefan Metzmacher
<metze@samba.org>
Wed, 30 Mar 2016 02:08:51 +0000
(
04:08
+0200)
This prevents man in the middle downgrade attacks.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
source4/rpc_server/netlogon/dcerpc_netlogon.c
patch
|
blob
|
history
diff --git
a/source4/rpc_server/netlogon/dcerpc_netlogon.c
b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 14811b51d23f90bcbc80fc53a0aa328eb1855f9a..919945e7eb32588dfb09211da913bf8dde5500ce 100644
(file)
--- a/
source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/
source4/rpc_server/netlogon/dcerpc_netlogon.c
@@
-41,6
+41,14
@@
#include "librpc/gen_ndr/ndr_irpc.h"
#include "lib/socket/netif.h"
+#define DCESRV_INTERFACE_NETLOGON_BIND(call, iface) \
+ dcesrv_interface_netlogon_bind(call, iface)
+static NTSTATUS dcesrv_interface_netlogon_bind(struct dcesrv_call_state *dce_call,
+ const struct dcesrv_interface *iface)
+{
+ return dcesrv_interface_bind_reject_connect(dce_call, iface);
+}
+
static struct memcache *global_challenge_table;
struct netlogon_server_pipe_state {