1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source4/kdc
Joseph Sutton 74d8c3d584 CVE-2021-20251 s4:kdc: Check badPwdCount update return status
If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit bdfc9d96f8)

[jsutton@samba.org Fixed knownfail conflicts due to not having claims
 tests]

[jsutton@samba.org Fixed knownfail conflicts]
2022-09-18 16:46:09 +00:00
..
mit-kdb CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less 2022-07-24 09:23:56 +02:00
db-glue.c CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components 2022-07-24 09:23:56 +02:00
db-glue.h s4:kdc/hdb: Store and retrieve a FX-COOKIE value 2022-01-19 20:50:35 +00:00
hdb-samba4-plugin.c CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal 2022-07-24 09:23:56 +02:00
hdb-samba4.c CVE-2021-20251 s4:kdc: Check badPwdCount update return status 2022-09-18 16:46:09 +00:00
kdc-glue.c s4:kdc: Adapt to hdb_entry_ex removal 2022-03-02 10:26:31 +00:00
kdc-glue.h CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal 2022-07-24 09:23:56 +02:00
kdc-heimdal.c CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name 2022-07-24 09:23:56 +02:00
kdc-proxy.c s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
kdc-proxy.h s4-kdc: Create a kdc-proxy.h header file 2016-06-18 23:32:27 +02:00
kdc-server.c s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
kdc-server.h CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name 2022-07-24 09:23:56 +02:00
kdc-service-mit.c CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name 2022-07-24 09:23:56 +02:00
kdc-service-mit.h s4-kdc: restore MIT KDC backend 2018-11-09 17:52:30 +01:00
kpasswd_glue.c samdb: Add remote address to connect 2018-05-10 20:02:23 +02:00
kpasswd_glue.h s4-kdc_kpasswd: split out some code to a KPASSWD_GLUE subsystem. 2015-07-21 19:04:14 +02:00
kpasswd-helper.c CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets 2022-07-24 09:23:56 +02:00
kpasswd-helper.h CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets 2022-07-24 09:23:56 +02:00
kpasswd-service-heimdal.c CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets 2022-07-24 09:23:56 +02:00
kpasswd-service-mit.c CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets 2022-07-24 09:23:56 +02:00
kpasswd-service.c CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd server principal into krb5_rd_req_ctx() 2022-07-24 09:23:56 +02:00
kpasswd-service.h s4-kdc: Add a new kpasswd service implementation 2016-09-13 00:19:25 +02:00
ktutil.c ktutil: Print the numeric enctype if krb5_enctype_to_string() fails 2021-08-06 05:53:44 +00:00
mit_kdc_irpc.c s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
mit_kdc_irpc.h s4-kdc: Add MIT KRB5 based irpc service for PAC validation 2017-04-29 23:31:09 +02:00
mit_samba.c CVE-2022-2031 s4:kdc: Add MIT support for ATTRIBUTES_INFO and REQUESTER_SID PAC buffers 2022-07-24 09:23:55 +02:00
mit_samba.h s4:mitkdc: Add support for pac_attrs and requester_sid 2021-12-15 03:41:32 +00:00
pac-glue.c s4:kdc: tunnel the check_client_access status to hdb_samba4_audit() 2022-03-17 10:12:38 +00:00
pac-glue.h s4:kdc: Add PAC_ATTRIBUTES integration for Heimdal 2022-01-19 20:50:35 +00:00
samba_kdc.h CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less 2022-07-24 09:23:56 +02:00
sdb_to_hdb.c s4:kdc: Adapt to hdb_entry_ex removal 2022-03-02 10:26:31 +00:00
sdb_to_kdb.c CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag 2019-12-10 10:44:01 +00:00
sdb.c s4-kdc: Remove unused etypes from sdb structure 2016-09-26 06:08:09 +02:00
sdb.h s4:kdc: Add a HDB to SDB mask 2022-02-14 09:01:11 +00:00
wdc-samba4.c CVE-2022-2031 s4:kdc: Reject tickets during the last two minutes of their life 2022-07-24 09:23:56 +02:00
wscript_build CVE-2022-2031 s4:kpasswd: Require an initial ticket 2022-07-24 09:23:55 +02:00