CVE-2020-25717: s3:auth: start with authoritative = 1

This is not strictly needed, but makes it easier to audit
that we don't miss important places.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 8af7448103454ed1ec51432be11caea4f72e596c..8044e6d8af0b20e96fa8f075355d69a25a6f89d2 100644 (file)
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -416,7 +416,7 @@ NTSTATUS auth_check_password_session_info(struct auth4_context *auth_context,
 {
        NTSTATUS nt_status;
        void *server_info;
-       uint8_t authoritative = 0;
+       uint8_t authoritative = 1;
        struct tevent_context *ev = NULL;
        struct tevent_req *subreq = NULL;
        bool ok;

diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c
index 418e2cfa56d17098beef7c8320b5f694482f1a09..d964160414f5732adae7a90ce3ae581f1197c978 100644 (file)
--- a/source3/auth/auth_samba4.c
+++ b/source3/auth/auth_samba4.c
@@ -119,7 +119,7 @@ static NTSTATUS check_samba4_security(
        NTSTATUS nt_status;
        struct auth_user_info_dc *user_info_dc;
        struct auth4_context *auth4_context;
-       uint8_t authoritative = 0;
+       uint8_t authoritative = 1;
        struct auth_serversupplied_info *server_info = NULL;
 
        nt_status = make_auth4_context_s4(auth_context, mem_ctx, &auth4_context);