diff options
Diffstat (limited to 'package/network/services/samba36/patches/025-CVE-2016-2112-v3-6.patch')
-rw-r--r-- | package/network/services/samba36/patches/025-CVE-2016-2112-v3-6.patch | 129 |
1 files changed, 0 insertions, 129 deletions
diff --git a/package/network/services/samba36/patches/025-CVE-2016-2112-v3-6.patch b/package/network/services/samba36/patches/025-CVE-2016-2112-v3-6.patch deleted file mode 100644 index 78e0a66979..0000000000 --- a/package/network/services/samba36/patches/025-CVE-2016-2112-v3-6.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 126e3e992bed7174d60ee19212db9b717647ab2e Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <asn@cryptomilk.org> -Date: Wed, 30 Mar 2016 16:55:44 +0200 -Subject: [PATCH 1/3] CVE-2016-2112: s3:ntlmssp: Implement missing - ntlmssp_have_feature() - -Signed-off-by: Andreas Schneider <asn@samba.org> ---- - source3/include/proto.h | 1 + - source3/libsmb/ntlmssp.c | 30 ++++++++++++++++++++++++++++++ - 2 files changed, 31 insertions(+) - ---- a/source3/include/proto.h -+++ b/source3/include/proto.h -@@ -1260,6 +1260,7 @@ NTSTATUS ntlmssp_set_password(struct ntl - NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ; - void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list); - void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature); -+bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature); - NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state, - const DATA_BLOB in, DATA_BLOB *out) ; - NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -162,6 +162,36 @@ NTSTATUS ntlmssp_set_domain(struct ntlms - return NT_STATUS_OK; - } - -+bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state, -+ uint32_t feature) -+{ -+ if (feature & NTLMSSP_FEATURE_SIGN) { -+ if (ntlmssp_state->session_key.length == 0) { -+ return false; -+ } -+ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { -+ return true; -+ } -+ } -+ -+ if (feature & NTLMSSP_FEATURE_SEAL) { -+ if (ntlmssp_state->session_key.length == 0) { -+ return false; -+ } -+ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { -+ return true; -+ } -+ } -+ -+ if (feature & NTLMSSP_FEATURE_SESSION_KEY) { -+ if (ntlmssp_state->session_key.length > 0) { -+ return true; -+ } -+ } -+ -+ return false; -+} -+ - /** - * Request features for the NTLMSSP negotiation - * ---- a/source3/libads/sasl.c -+++ b/source3/libads/sasl.c -@@ -261,6 +261,37 @@ static ADS_STATUS ads_sasl_spnego_ntlmss - /* we have a reference conter on ntlmssp_state, if we are signing - then the state will be kept by the signing engine */ - -+ if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SEAL) { -+ bool ok; -+ -+ ok = ntlmssp_have_feature(ntlmssp_state, -+ NTLMSSP_FEATURE_SEAL); -+ if (!ok) { -+ DEBUG(0,("The ntlmssp feature sealing request, but unavailable\n")); -+ TALLOC_FREE(ntlmssp_state); -+ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); -+ } -+ -+ ok = ntlmssp_have_feature(ntlmssp_state, -+ NTLMSSP_FEATURE_SIGN); -+ if (!ok) { -+ DEBUG(0,("The ntlmssp feature signing request, but unavailable\n")); -+ TALLOC_FREE(ntlmssp_state); -+ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); -+ } -+ -+ } else if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SIGN) { -+ bool ok; -+ -+ ok = ntlmssp_have_feature(ntlmssp_state, -+ NTLMSSP_FEATURE_SIGN); -+ if (!ok) { -+ DEBUG(0,("The gensec feature signing request, but unavailable\n")); -+ TALLOC_FREE(ntlmssp_state); -+ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); -+ } -+ } -+ - if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) { - ads->ldap.out.max_unwrapped = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED - NTLMSSP_SIG_SIZE; - ads->ldap.out.sig_size = NTLMSSP_SIG_SIZE; ---- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml -+++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml -@@ -34,11 +34,9 @@ - </para> - - <para> -- The default value is <emphasis>plain</emphasis> which is not irritable -- to KRB5 clock skew errors. That implies synchronizing the time -- with the KDC in the case of using <emphasis>sign</emphasis> or -- <emphasis>seal</emphasis>. -+ The default value is <emphasis>sign</emphasis>. That implies synchronizing the time -+ with the KDC in the case of using <emphasis>Kerberos</emphasis>. - </para> - </description> --<value type="default">plain</value> -+<value type="default">sign</value> - </samba:parameter> ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -5392,6 +5392,8 @@ static void init_globals(bool reinit_glo - Globals.ldap_debug_level = 0; - Globals.ldap_debug_threshold = 10; - -+ Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN; -+ - /* This is what we tell the afs client. in reality we set the token - * to never expire, though, when this runs out the afs client will - * forget the token. Set to 0 to get NEVERDATE.*/ |