CVE-2022-38023 s4:rpc_server/netlogon: re-order checking in dcesrv_netr_creds_server_...

author Stefan Metzmacher <metze@samba.org>

Wed, 30 Nov 2022 11:37:03 +0000 (12:37 +0100)

committer Stefan Metzmacher <metze@samba.org>

Tue, 13 Dec 2022 20:37:58 +0000 (21:37 +0100)
author Stefan Metzmacher <metze@samba.org>
Wed, 30 Nov 2022 11:37:03 +0000 (12:37 +0100)
committer Stefan Metzmacher <metze@samba.org>
Tue, 13 Dec 2022 20:37:58 +0000 (21:37 +0100)
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c

index 5dfd84d939d92baf0c4381984172420e3d412e56..637be93dacc986b07bf2af4c09922e821ed1114f 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -675,13 +675,27 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
                 schannel_required = lp_bool(explicit_opt);
         }
  
-       if (schannel_required) {
-               if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
-                       *creds_out = creds;
-                       TALLOC_FREE(frame);
-                       return NT_STATUS_OK;
+       if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
+               if (!schannel_required) {
+                       DBG_ERR("CVE-2020-1472(ZeroLogon): "
+                               "%s request (opnum[%u]) WITH schannel from "
+                               "client_account[%s] client_computer_name[%s]\n",
+                               opname, opnum,
+                               log_escape(frame, creds->account_name),
+                               log_escape(frame, creds->computer_name));
+               }
+               if (explicit_opt != NULL && !schannel_required) {
+                       DBG_ERR("CVE-2020-1472(ZeroLogon): "
+                               "Option 'server require schannel:%s = no' not needed!?\n",
+                               log_escape(frame, creds->account_name));
                 }
  
+               *creds_out = creds;
+               TALLOC_FREE(frame);
+               return NT_STATUS_OK;
+       }
+
+       if (schannel_required) {
                 DBG_ERR("CVE-2020-1472(ZeroLogon): "
                         "%s request (opnum[%u]) without schannel from "
                         "client_account[%s] client_computer_name[%s]\n",
@@ -698,23 +712,6 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
                 return NT_STATUS_ACCESS_DENIED;
         }
  
-       if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
-               DBG_ERR("CVE-2020-1472(ZeroLogon): "
-                       "%s request (opnum[%u]) WITH schannel from "
-                       "client_account[%s] client_computer_name[%s]\n",
-                       opname, opnum,
-                       log_escape(frame, creds->account_name),
-                       log_escape(frame, creds->computer_name));
-               DBG_ERR("CVE-2020-1472(ZeroLogon): "
-                       "Option 'server require schannel:%s = no' not needed!?\n",
-                       log_escape(frame, creds->account_name));
-
-               *creds_out = creds;
-               TALLOC_FREE(frame);
-               return NT_STATUS_OK;
-       }
-
-
         if (explicit_opt != NULL) {
                 DBG_INFO("CVE-2020-1472(ZeroLogon): "
                          "%s request (opnum[%u]) without schannel from "
author	Stefan Metzmacher <metze@samba.org>
	Wed, 30 Nov 2022 11:37:03 +0000 (12:37 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 13 Dec 2022 20:37:58 +0000 (21:37 +0100)