Stefan Metzmacher 151b6145e1 CVE-2020-25719 CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or member) ...

AD domains always provide a PAC unless UF_NO_AUTH_DATA_REQUIRED is set
on the service account, which can only be explicitly configured,
but that's an invalid configuration!

We still try to support standalone servers in an MIT realm,
as legacy setup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

[jsutton@samba.org Removed knownfail entries]

2021-11-08 10:46:43 +01:00

..

credentials

CVE-2020-25722 selftest: allow for future failures in BindTests.test_virtual_email_account_style_bind

2021-11-08 10:46:42 +01:00

gensec

CVE-2020-25719 CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or member)

2021-11-08 10:46:43 +01:00

kerberos

auth/kerberos: add auth4_context_{for,get}_PAC_DATA_CTR() helpers

2020-02-10 16:32:36 +00:00

ntlmssp

CVE-2020-25717: auth/ntlmssp: start with authoritative = 1

2021-11-08 10:46:43 +01:00

auth_log.c

auth auth_log: csbuild unused parm transport_protection

2019-06-13 07:16:22 +00:00

auth_sam_reply.c

Add PrimaryGroupId to group array in DC response

2019-07-03 13:52:55 +00:00

auth_sam_reply.h

auth: add auth_user_info_copy() function

2018-03-15 21:54:17 +01:00

auth_util.c

auth: move copy_session_info() from source3 into the global auth context

2018-10-11 10:28:17 +02:00

auth_util.h

auth: Add necessary decoration to auth/auth_util.h

2019-04-03 16:55:27 +00:00

common_auth.h

auth: Simplify struct auth4_context

2020-01-06 23:34:00 +00:00

wbc_auth_util.c

auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6

2016-06-30 03:30:26 +02:00

wscript_build

auth: move copy_session_info() from source3 into the global auth context

2018-10-11 10:28:17 +02:00