samba.git/libcli/auth, branch talloc-2.3.2 Unnamed repository; edit this file 'description' to name the repository. CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init() 2020-09-18T12:48:38+00:00 Stefan Metzmacher metze@samba.org 2020-09-16T14:17:29+00:00 d3123858fb59046e826cf2c7ec2a3839e6508624 This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation: 7. If none of the first 5 bytes of the client challenge is unique, the server MUST fail session-key negotiation without further processing of the following steps. It lets ./zerologon_tester.py from https://github.com/SecuraBV/CVE-2020-1472.git report: "Attack failed. Target is probably patched." BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:

 7. If none of the first 5 bytes of the client challenge is unique, the
    server MUST fail session-key negotiation without further processing of
    the following steps.

It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values 2020-09-18T12:48:38+00:00 Stefan Metzmacher metze@samba.org 2020-09-16T14:15:26+00:00 53528c71ffdb3377c4e73ac596c8507bc3898e83 This is the check Windows is using, so we won't generate challenges, which are rejected by Windows DCs (and future Samba DCs). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c 2020-09-18T12:48:38+00:00 Stefan Metzmacher metze@samba.org 2020-09-16T14:08:38+00:00 46642fd32d91b008615b859cfdf946f63b1ca0aa This will avoid getting rejected by the server if we generate a weak challenge. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
This will avoid getting rejected by the server if we generate
a weak challenge.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge() 2020-09-18T12:48:38+00:00 Stefan Metzmacher metze@samba.org 2020-09-16T14:04:57+00:00 b813cdcac377210c3ab18e0d0a0c1a76870b1d74 It's good to have just a single isolated function that will generate random challenges, in future we can add some logic in order to avoid weak values, which are likely to be rejected by a server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth 2020-05-04T02:59:31+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-02T23:18:03+00:00 f467727db5ff6a6e58d9b590e4d443a1d974b679 Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth: Avoid casts in ntlm_check.c 2020-01-06T03:12:19+00:00 Volker Lendecke vl@samba.org 2020-01-03T13:24:13+00:00 e4ad0013787a726bfc3d1ba3644b60a6c77ace37 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon Jan 6 03:12:20 UTC 2020 on sn-devel-184 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon Jan  6 03:12:20 UTC 2020 on sn-devel-184
auth: Check for talloc failure in smb_sess_key_ntlmv2() 2020-01-06T01:47:30+00:00 Volker Lendecke vl@samba.org 2020-01-03T13:04:02+00:00 e02d24c0875eb04a53c19119148f5203374382e0 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
auth: Slightly simplify smb_pwd_check_ntlmv1() 2020-01-06T01:47:30+00:00 Volker Lendecke vl@samba.org 2020-01-03T13:10:00+00:00 4014d91b9a68aa2161421896a82d84e4211e480e Do an early return for the failure case Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Do an early return for the failure case

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
auth: Check for talloc failure in smb_pwd_check_ntlmv1() 2020-01-06T01:47:30+00:00 Volker Lendecke vl@samba.org 2020-01-03T13:04:02+00:00 2bd941cc12245728b374edc0f71f5938c887a566 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
auth: Slightly simplify smb_pwd_check_ntlmv2() 2020-01-06T01:47:30+00:00 Volker Lendecke vl@samba.org 2020-01-03T13:10:00+00:00 b78cc8210d3fe75af5236a16841060bbcc553cde Do an early return for the failure case Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Do an early return for the failure case

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>