SECURITY FIXES:

Remove a stray 'unbecome_root()' in the ntdomain an auth failure case.

Only allow trust accounts to request a challange in srv_netlogon_nt.c.
Currently any user can be the 'machine' for the domain logon.  MERGE for 2.2.

Andrew Bartlett
(This used to be commit 0242d0e17827b05d8cd270f675d2595fa67fd5b9)

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index c7bfea4f6a8015b7c37878919cd25844184a653e..6c858e056c57d489a05b01f7c6cf91fa16251ae3 100644 (file)
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -401,14 +401,14 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
                                        auth_serversupplied_info **server_info)
 {
        NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
-       char *p, *pserver;
+       char *password_server;
        unsigned char trust_passwd[16];
        time_t last_change_time;
        char *domain = lp_workgroup();
 
        if (!user_info || !server_info || !auth_context) {
                DEBUG(1,("check_ntdomain_security: Critical variables not present.  Failing.\n"));
-               return NT_STATUS_LOGON_FAILURE;
+               return NT_STATUS_INVALID_PARAMETER;
        }
 
        /* 
@@ -430,7 +430,6 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
        if (!secrets_fetch_trust_account_password(domain, trust_passwd, &last_change_time))
        {
                DEBUG(0, ("check_domain_security: could not fetch trust account password for domain %s\n", lp_workgroup()));
-               unbecome_root();
                return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
        }
 
@@ -445,13 +444,12 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
         * PDC/BDC. Contact each in turn and try and authenticate.
         */
 
-       pserver = lp_passwordserver();
-       p = pserver;
+       password_server = lp_passwordserver();
 
        nt_status = domain_client_validate(mem_ctx, user_info, domain,
                                           (uchar *)auth_context->challenge.data, 
                                           server_info, 
-                                          p, trust_passwd, last_change_time);
+                                          password_server, trust_passwd, last_change_time);
        
        return nt_status;
 }

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index d382f12fcfa0f718817e663053e3822f99cc0771..07f414e8fcf02eea8876a6d238be7dc10e9cdd76 100644 (file)
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -169,6 +169,7 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct)
        SAM_ACCOUNT *sampass = NULL;
        const uint8 *pass;
        BOOL ret;
+       uint32 acct_ctrl;
 
 #if 0
     /*
@@ -202,7 +203,12 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct)
                return False;
        }
 
-       if (!(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) && ((pass=pdb_get_nt_passwd(sampass)) != NULL)) {
+       acct_ctrl = pdb_get_acct_ctrl(sampass);
+       if (!(acct_ctrl & ACB_DISABLED) &&
+           ((acct_ctrl & ACB_DOMTRUST) ||
+            (acct_ctrl & ACB_WSTRUST) ||
+            (acct_ctrl & ACB_SVRTRUST)) &&
+           ((pass=pdb_get_nt_passwd(sampass)) != NULL)) {
                memcpy(md4pw, pass, 16);
                dump_data(5, md4pw, 16);
                pdb_free_sam(&sampass);