From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 26 Oct 2021 15:42:41 +0000 (+0200)
Subject: CVE-2020-25717: s3:auth: start with authoritative = 1
X-Git-Tag: samba-4.13.14~157
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a946f2758fc4cd5d9ceb6c411f1db1b8f04a50a;p=thirdparty%2Fsamba.git

CVE-2020-25717: s3:auth: start with authoritative = 1

This is not strictly needed, but makes it easier to audit
that we don't miss important places.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 8af74481034..8044e6d8af0 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -416,7 +416,7 @@ NTSTATUS auth_check_password_session_info(struct auth4_context *auth_context,
 {
 	NTSTATUS nt_status;
 	void *server_info;
-	uint8_t authoritative = 0;
+	uint8_t authoritative = 1;
 	struct tevent_context *ev = NULL;
 	struct tevent_req *subreq = NULL;
 	bool ok;
diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c
index 418e2cfa56d..d964160414f 100644
--- a/source3/auth/auth_samba4.c
+++ b/source3/auth/auth_samba4.c
@@ -119,7 +119,7 @@ static NTSTATUS check_samba4_security(
 	NTSTATUS nt_status;
 	struct auth_user_info_dc *user_info_dc;
 	struct auth4_context *auth4_context;
-	uint8_t authoritative = 0;
+	uint8_t authoritative = 1;
 	struct auth_serversupplied_info *server_info = NULL;
 
 	nt_status = make_auth4_context_s4(auth_context, mem_ctx, &auth4_context);