From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 26 Oct 2021 15:42:41 +0000 (+0200)
Subject: CVE-2020-25717: s3:auth: start with authoritative = 1
X-Git-Tag: ldb-2.5.0~255
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27d20fc335c5df53bf6780d6296f1e4aef277311;p=thirdparty%2Fsamba.git

CVE-2020-25717: s3:auth: start with authoritative = 1

This is not strictly needed, but makes it easier to audit
that we don't miss important places.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 0e9245fc23d..0bd81b25cd4 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -418,7 +418,7 @@ NTSTATUS auth_check_password_session_info(struct auth4_context *auth_context,
 {
 	NTSTATUS nt_status;
 	void *server_info;
-	uint8_t authoritative = 0;
+	uint8_t authoritative = 1;
 	struct tevent_context *ev = NULL;
 	struct tevent_req *subreq = NULL;
 	bool ok;
diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c
index 770e6a33190..ff8dc94d296 100644
--- a/source3/auth/auth_samba4.c
+++ b/source3/auth/auth_samba4.c
@@ -120,7 +120,7 @@ static NTSTATUS check_samba4_security(
 	NTSTATUS nt_status;
 	struct auth_user_info_dc *user_info_dc;
 	struct auth4_context *auth4_context;
-	uint8_t authoritative = 0;
+	uint8_t authoritative = 1;
 	struct auth_serversupplied_info *server_info = NULL;
 
 	nt_status = make_auth4_context_s4(auth_context, mem_ctx, &auth4_context);