From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 26 Oct 2021 15:42:41 +0000 (+0200)
Subject: CVE-2020-25717: s4:auth_simple: start with authoritative = 1
X-Git-Tag: ldb-2.5.0~259
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76ec5f94091095bb1736a4582696ef6c4b37654c;p=thirdparty%2Fsamba.git

CVE-2020-25717: s4:auth_simple: start with authoritative = 1

This is not strictly needed, but makes it easier to audit
that we don't miss important places.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index 8df160cefc3..8301aec519c 100644
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -150,7 +150,7 @@ static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq)
 	const struct tsocket_address *local_address = user_info->local_host;
 	const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
 	struct auth_user_info_dc *user_info_dc = NULL;
-	uint8_t authoritative = 0;
+	uint8_t authoritative = 1;
 	uint32_t flags = 0;
 	NTSTATUS nt_status;