CVE-2020-25717: s3:auth: start with authoritative = 1

This is not strictly needed, but makes it easier to audit
that we don't miss important places.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
[scabrero@samba.org Backported to 4.11 due to missing commits
 7f75dec865256049e99f7fcf46317cd2d53e95d1 and
 434030ba711e677fdd167a255d05c1cd4db943b7]

diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 0e9c423efefa718d02133d5b11a27f5cd927ced0..4ef2270cb34d68d39e0807739e20b4b1cdb2ce1e 100644 (file)
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -415,7 +415,7 @@ NTSTATUS auth_check_password_session_info(struct auth4_context *auth_context,
 {
        NTSTATUS nt_status;
        void *server_info;
-       uint8_t authoritative = 0;
+       uint8_t authoritative = 1;
 
        if (auth_context->check_ntlm_password_send != NULL) {
                struct tevent_context *ev = NULL;

diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c
index a71c75631d745de90ed48f04fb919e81f28443cd..bf7ccb4348c81634188ff6f8758d2b89122e9b94 100644 (file)
--- a/source3/auth/auth_samba4.c
+++ b/source3/auth/auth_samba4.c
@@ -118,7 +118,7 @@ static NTSTATUS check_samba4_security(const struct auth_context *auth_context,
        NTSTATUS nt_status;
        struct auth_user_info_dc *user_info_dc;
        struct auth4_context *auth4_context;
-       uint8_t authoritative = 0;
+       uint8_t authoritative = 1;
 
        nt_status = make_auth4_context_s4(auth_context, mem_ctx, &auth4_context);
        if (!NT_STATUS_IS_OK(nt_status)) {