From: Volker Lendecke <vl@samba.org>
Date: Tue, 13 Apr 2021 15:14:01 +0000 (+0000)
Subject: CVE-2020-25717 auth: Simplify DEBUG statements in make_auth3_context_for_ntlm()
X-Git-Tag: samba-4.13.14~230
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7a295b97e4321e9e98b3ff61b8bfb1250ff672e;p=thirdparty%2Fsamba.git

CVE-2020-25717 auth: Simplify DEBUG statements in make_auth3_context_for_ntlm()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 8536bf7fce41c43bbed25f7ed4ce5775a1b9c0d5)
---

diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index e8bb9d7821a..12f7917b38d 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -529,28 +529,28 @@ NTSTATUS make_auth3_context_for_ntlm(TALLOC_CTX *mem_ctx,
 				     struct auth_context **auth_context)
 {
 	const char *methods = NULL;
+	const char *role = NULL;
 
 	switch (lp_server_role()) {
 	case ROLE_ACTIVE_DIRECTORY_DC:
-		DEBUG(5,("Making default auth method list for server role = "
-			 "'active directory domain controller'\n"));
+		role = "'active directory domain controller'";
 		methods = "samba4";
 		break;
 	case ROLE_DOMAIN_MEMBER:
-		DEBUG(5,("Making default auth method list for server role = 'domain member'\n"));
+		role = "'domain member'";
 		methods = "anonymous sam winbind sam_ignoredomain";
 		break;
 	case ROLE_DOMAIN_BDC:
 	case ROLE_DOMAIN_PDC:
-		DEBUG(5,("Making default auth method list for DC\n"));
+		role = "'DC'";
 		methods = "anonymous sam winbind sam_ignoredomain";
 		break;
 	case ROLE_STANDALONE:
-		DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = yes\n"));
 		if (lp_encrypt_passwords()) {
+			role = "'standalone server', encrypt passwords = yes";
 			methods = "anonymous sam_ignoredomain";
 		} else {
-			DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = no\n"));
+			role = "'standalone server', encrypt passwords = no";
 			methods = "anonymous unix";
 		}
 		break;
@@ -559,6 +559,9 @@ NTSTATUS make_auth3_context_for_ntlm(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
+	DBG_INFO("Making default auth method list for server role = %s\n",
+		 role);
+
 	return make_auth_context_specific(mem_ctx, auth_context, methods);
 }