CVE-2020-25717: s3:auth: start with authoritative = 1

This is not strictly needed, but makes it easier to audit
that we don't miss important places.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 0e9245fc23dc6e14317fae955c3aefbed80d9872..0bd81b25cd45b0f56c7335b6987fdf2eef83ad19 100644 (file)
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -418,7 +418,7 @@ NTSTATUS auth_check_password_session_info(struct auth4_context *auth_context,
 {
        NTSTATUS nt_status;
        void *server_info;
-       uint8_t authoritative = 0;
+       uint8_t authoritative = 1;
        struct tevent_context *ev = NULL;
        struct tevent_req *subreq = NULL;
        bool ok;

diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c
index 770e6a33190ff4fe7eef49abdf2a40405357adee..ff8dc94d2960fc63aa0fe499c85d75aafafc278d 100644 (file)
--- a/source3/auth/auth_samba4.c
+++ b/source3/auth/auth_samba4.c
@@ -120,7 +120,7 @@ static NTSTATUS check_samba4_security(
        NTSTATUS nt_status;
        struct auth_user_info_dc *user_info_dc;
        struct auth4_context *auth4_context;
-       uint8_t authoritative = 0;
+       uint8_t authoritative = 1;
        struct auth_serversupplied_info *server_info = NULL;
 
        nt_status = make_auth4_context_s4(auth_context, mem_ctx, &auth4_context);