sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00
Code

CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw() helper function

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

[jsutton@samba.org Adapted entry to entry_ex->entry]
This commit is contained in:
Andreas Schneider 2022-05-24 09:54:18 +02:00 committed by Jule Anger
parent 91a1b0955a
commit 36d94ffb9c
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
source4/kdc/db-glue.c
View File

@ -816,6 +816,14 @@ static int principal_comp_strcmp(krb5_context context,
component, string, false);
}
static bool is_kadmin_changepw(krb5_context context,
krb5_const_principal principal)
{
return krb5_princ_size(context, principal) == 2 &&
(principal_comp_strcmp(context, principal, 0, "kadmin") == 0) &&
(principal_comp_strcmp(context, principal, 1, "changepw") == 0);
}
/*
* Construct an hdb_entry from a directory entry.
*/
@ -1110,11 +1118,9 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
* 'change password', as otherwise we could get into
* trouble, and not enforce the password expirty.
* Instead, only do it when request is for the kpasswd service */
if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER
&& krb5_princ_size(context, principal) == 2
&& (principal_comp_strcmp(context, principal, 0, "kadmin") == 0)
&& (principal_comp_strcmp(context, principal, 1, "changepw") == 0)
&& lpcfg_is_my_domain_or_realm(lp_ctx, realm)) {
if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER &&
is_kadmin_changepw(context, principal) &&
lpcfg_is_my_domain_or_realm(lp_ctx, realm)) {
entry_ex->entry.flags.change_pw = 1;
}