From: Stefan Metzmacher Date: Wed, 2 Oct 2024 14:44:26 +0000 (+0200) Subject: s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags X-Git-Tag: ldb-2.9.2~57 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=a73571c0747c7531824478ed9d4439cb08d176d8;p=thirdparty%2Fsamba.git s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags Only remove the unsupported flags from local_negotiate_flags for the next try... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall (cherry picked from commit 69b0cbd13d06fa640a900acab6757425b5b77cac) --- diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 3f69b849bb8..4e237d841f2 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -243,6 +243,14 @@ static void continue_srv_auth2(struct tevent_req *subreq) uint32_t rf = s->remote_negotiate_flags; const char *rn = NULL; + if ((lf & rf) == lf) { + /* + * without a change in flags + * there's no need to retry... + */ + s->dcerpc_schannel_auto = false; + } + if (!s->dcerpc_schannel_auto) { composite_error(c, s->a.out.result); return; @@ -277,7 +285,7 @@ static void continue_srv_auth2(struct tevent_req *subreq) "and retry! local[0x%08X] remote[0x%08X]\n", ln, rn, lf, rf)); - s->local_negotiate_flags = s->remote_negotiate_flags; + s->local_negotiate_flags &= s->remote_negotiate_flags; generate_random_buffer(s->credentials1.data, sizeof(s->credentials1.data)); @@ -292,14 +300,14 @@ static void continue_srv_auth2(struct tevent_req *subreq) return; } - s->creds->negotiate_flags = s->remote_negotiate_flags; - /* verify credentials */ if (!netlogon_creds_client_check(s->creds, s->a.out.return_credentials)) { composite_error(c, NT_STATUS_UNSUCCESSFUL); return; } + s->creds->negotiate_flags &= s->remote_negotiate_flags; + composite_done(c); }