sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
215bb9bd48
samba-mirror/auth
History
Alexander Bokovoy 215bb9bd48 Do not fail checksums for RFC8009 types 
While Active Directory does not support yet RFC 8009 encryption and
checksum types, it is possible to verify these checksums when running
with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA
domain controller which uses them by default.

[2023/06/16 21:51:04.923873, 10, pid=51149, effective(0, 0), real(0, 0)]
../../lib/krb5_wrap/krb5_samba.c:1496(smb_krb5_kt_open_relative)
  smb_krb5_open_keytab: resolving: FILE:/etc/samba/samba.keytab
[2023/06/16 21:51:04.924196,  2, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:66(check_pac_checksum)
  check_pac_checksum: Checksum Type 20 is not supported
[2023/06/16 21:51:04.924228,  5, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:353(kerberos_decode_pac)
  PAC Decode: Failed to verify the service signature: Invalid argument

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15635

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8e931fce12)

Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Tue Apr 16 12:24:55 UTC 2024 on atb-devel-224
2024-04-16 12:24:55 +00:00
..
credentials auth:creds: Add cli_credentials_get_domain_and_obtained() 2023-12-10 21:24:38 +00:00
gensec auth:gensec: Zero digest array in error case 2023-12-08 02:28:33 +00:00
kerberos Do not fail checksums for RFC8009 types 2024-04-16 12:24:55 +00:00
ntlmssp auth: Fix code spelling 2023-09-11 02:42:41 +00:00
auth_log.c auth: Add functionality to log client and server policy information 2023-06-25 23:29:32 +00:00
auth_sam_reply.c auth: Fix code spelling 2023-09-11 02:42:41 +00:00
auth_sam_reply.h s4:kdc: Add resource SID compression 2023-02-08 00:03:39 +00:00
auth_util.c CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and auth_session_info 2022-07-27 10:52:36 +00:00
auth_util.h auth: Add necessary decoration to auth/auth_util.h 2019-04-03 16:55:27 +00:00
authn_policy_impl.h s4:kdc: Add helper functions to create optional int64 values 2023-06-15 05:29:28 +00:00
authn_policy.c s4:kdc: Move NTLM device restrictions to ‘authn_policy_util’ 2023-06-15 05:29:28 +00:00
authn_policy.h s4:kdc: Move NTLM device restrictions to ‘authn_policy_util’ 2023-06-15 05:29:28 +00:00
common_auth.h s4:kdc: Add a flag indicating that the device should be added to Authenticated Users 2023-10-24 00:54:31 +00:00
wbc_auth_util.c auth: Make more liberal use of SID index constants 2023-02-08 00:03:39 +00:00
wscript_build auth: Move authn_policy code into auth subsystem 2023-06-15 05:29:28 +00:00