[Pkg-samba-maint] [samba] 06/12: CVE-2017-12150: auth/credentials: cli_credentials_authentication_requested() should check for NTLM_CCACHE/SIGN/SEAL

[Mathieu Parent]

This is an automated email from the git hooks/post-receive script.

sathieu pushed a commit to branch master
in repository samba.

commit 68df4cffba4bfe945c18058689166b5dd1c17f1a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Aug 29 15:24:14 2017 +0200

    CVE-2017-12150: auth/credentials: cli_credentials_authentication_requested() should check for NTLM_CCACHE/SIGN/SEAL
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 auth/credentials/credentials.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 06648c7..5e3b5e8 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -25,6 +25,7 @@
 #include "librpc/gen_ndr/samr.h" /* for struct samrPassword */
 #include "auth/credentials/credentials.h"
 #include "auth/credentials/credentials_internal.h"
+#include "auth/gensec/gensec.h"
 #include "libcli/auth/libcli_auth.h"
 #include "tevent.h"
 #include "param/param.h"
@@ -300,6 +301,8 @@ _PUBLIC_ bool cli_credentials_set_principal_callback(struct cli_credentials *cre
 
 _PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *cred) 
 {
+	uint32_t gensec_features = 0;
+
 	if (cred->bind_dn) {
 		return true;
 	}
@@ -327,6 +330,19 @@ _PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *c
 		return true;
 	}
 
+	gensec_features = cli_credentials_get_gensec_features(cred);
+	if (gensec_features & GENSEC_FEATURE_NTLM_CCACHE) {
+		return true;
+	}
+
+	if (gensec_features & GENSEC_FEATURE_SIGN) {
+		return true;
+	}
+
+	if (gensec_features & GENSEC_FEATURE_SEAL) {
+		return true;
+	}
+
 	return false;
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git