CVE-2017-12150: auth/credentials: cli_credentials_authentication_requested() should...

author Stefan Metzmacher <metze@samba.org>

Tue, 29 Aug 2017 13:24:14 +0000 (15:24 +0200)

committer Karolin Seeger <kseeger@samba.org>

Wed, 20 Sep 2017 11:04:10 +0000 (13:04 +0200)
author Stefan Metzmacher <metze@samba.org>
Tue, 29 Aug 2017 13:24:14 +0000 (15:24 +0200)
committer Karolin Seeger <kseeger@samba.org>
Wed, 20 Sep 2017 11:04:10 +0000 (13:04 +0200)
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c

index 105c73c141bccdccdcf291b1284280af28142580..4f3042e315241551cf0d446eea0f2cb36ae18f62 100644 (file)
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -25,6 +25,7 @@
  #include "librpc/gen_ndr/samr.h" /* for struct samrPassword */
  #include "auth/credentials/credentials.h"
  #include "auth/credentials/credentials_internal.h"
+#include "auth/gensec/gensec.h"
  #include "libcli/auth/libcli_auth.h"
  #include "tevent.h"
  #include "param/param.h"
@@ -300,6 +301,8 @@ _PUBLIC_ bool cli_credentials_set_principal_callback(struct cli_credentials *cre
  
  _PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *cred) 
  {
+       uint32_t gensec_features = 0;
+
         if (cred->bind_dn) {
                 return true;
         }
@@ -327,6 +330,19 @@ _PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *c
                 return true;
         }
  
+       gensec_features = cli_credentials_get_gensec_features(cred);
+       if (gensec_features & GENSEC_FEATURE_NTLM_CCACHE) {
+               return true;
+       }
+
+       if (gensec_features & GENSEC_FEATURE_SIGN) {
+               return true;
+       }
+
+       if (gensec_features & GENSEC_FEATURE_SEAL) {
+               return true;
+       }
+
         return false;
  }
author	Stefan Metzmacher <metze@samba.org>
	Tue, 29 Aug 2017 13:24:14 +0000 (15:24 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Wed, 20 Sep 2017 11:04:10 +0000 (13:04 +0200)