| commit | eddf0a5c6fa06cc6348217ae339b7fb9ef88b80d | |
| author | Stefan Metzmacher <metze@samba.org> | |
| Mon, 4 Oct 2021 15:29:34 +0000 (4 17:29 +0200) | ||
| committer | Joseph Sutton <josephsutton@catalyst.net.nz> | |
| Wed, 3 Nov 2021 21:09:04 +0000 (4 10:09 +1300) | ||
| tree | ef3afe2466dbfc3f8b4534c5b8b9411fe2a38026 | treesnapshot (tar.gz zip) |
| parent | ff062e2b0ae4063fb807ddfe2fa172bae0d2eec5 | commitdiff |
CVE-2020-25717: s4:auth/ntlm: make sure auth_check_password() defaults to r->out.authoritative = true
We need to make sure that temporary failures don't trigger a fallback
to the local SAM that silently ignores the domain name part for users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We need to make sure that temporary failures don't trigger a fallback
to the local SAM that silently ignores the domain name part for users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| source4/auth/ntlm/auth.c | diffblobblamehistory |