mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org Removed MIT KDC 1.20-specific knownfails]
This commit is contained in:
parent
705e7ff46d
commit
63d6af6ed7
@ -548,7 +548,6 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
|
||||
# Kpasswd tests
|
||||
#
|
||||
^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_canonicalize_realm_case.ad_dc
|
||||
^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_empty.ad_dc
|
||||
^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_no_canonicalize_realm_case.ad_dc
|
||||
^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_non_initial.ad_dc
|
||||
^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_ticket_lifetime.ad_dc
|
||||
|
@ -256,6 +256,7 @@ kdc_code kpasswd_process(struct kdc_server *kdc,
|
||||
&kpasswd_dec_reply,
|
||||
&error_string);
|
||||
if (code != 0) {
|
||||
ap_rep_blob = data_blob_null;
|
||||
error_code = code;
|
||||
goto reply;
|
||||
}
|
||||
@ -265,6 +266,7 @@ kdc_code kpasswd_process(struct kdc_server *kdc,
|
||||
&kpasswd_dec_reply,
|
||||
&enc_data_blob);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
ap_rep_blob = data_blob_null;
|
||||
error_code = KRB5_KPASSWD_HARDERROR;
|
||||
error_string = talloc_asprintf(tmp_ctx,
|
||||
"gensec_wrap failed - %s\n",
|
||||
|
Loading…
Reference in New Issue
Block a user