mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
kdc: Require that PAC_REQUESTER_SID buffer is present for TGTs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Nov 30 03:33:26 UTC 2021 on sn-devel-184
This commit is contained in:
parent
9bd2680485
commit
38c5bad4a8
@ -112,9 +112,3 @@
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_service_ticket
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_from_rodc_no_requester_sid
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_no_requester_sid
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_renew
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_rodc_renew
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_rodc_validate
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_validate
|
||||
|
@ -459,6 +459,12 @@ static krb5_error_code samba_wdc_reget_pac2(krb5_context context,
|
||||
talloc_free(mem_ctx);
|
||||
return EINVAL;
|
||||
}
|
||||
if (delegated_proxy_principal == NULL && requester_sid_idx == -1) {
|
||||
DEBUG(1, ("PAC_TYPE_REQUESTER_SID missing\n"));
|
||||
SAFE_FREE(types);
|
||||
talloc_free(mem_ctx);
|
||||
return KRB5KDC_ERR_TGT_REVOKED;
|
||||
}
|
||||
|
||||
/*
|
||||
* The server account may be set not to want the PAC.
|
||||
|
Loading…
Reference in New Issue
Block a user