1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source4/kdc
Joseph Sutton 714cadfc40 CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding setpw structure
The target principal and realm fields of the setpw structure are
supposed to be optional, but in MIT Kerberos they are mandatory. For
better compatibility and ease of testing, fall back to parsing the
simpler (containing only the new password) structure if the MIT function
fails to decode it.

Although the target principal and realm fields should be optional, one
is not supposed to specified without the other, so we don't have to deal
with the case where only one is specified.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-27 10:52:36 +00:00
..
mit-kdb s4:mit-samba: Pass flags to mit_samba_get_pac() 2022-04-13 12:59:30 +00:00
db-glue.c s4:kdc: Add helper function to extract AES256 key and salt 2022-06-26 22:10:29 +00:00
db-glue.h s4:kdc: Add helper function to extract AES256 key and salt 2022-06-26 22:10:29 +00:00
hdb-samba4-plugin.c s4:kdc: Update to match updated Heimdal's new HDB version 2022-01-19 20:50:35 +00:00
hdb-samba4.c s4:kdc: Pass supported enctypes to samba_kdc_set_fixed_keys() 2022-03-24 09:19:33 +00:00
kdc-glue.c s4:kdc: Adapt to hdb_entry_ex removal 2022-03-01 22:34:35 +00:00
kdc-glue.h s4:kdc: Adapt to hdb_entry_ex removal 2022-03-01 22:34:35 +00:00
kdc-heimdal.c s4:kdc: make use of the 'kdc enable fast' option 2022-03-11 17:10:29 +00:00
kdc-proxy.c s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
kdc-proxy.h s4-kdc: Create a kdc-proxy.h header file 2016-06-18 23:32:27 +02:00
kdc-server.c s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
kdc-server.h s4-kdc: Allow to set the keytab_name in the kdc_server structure 2016-09-13 00:19:24 +02:00
kdc-service-mit.c s4:kdc: If we set the kerberos debug level to 10 write a trace file 2022-03-25 20:58:33 +00:00
kdc-service-mit.h s4-kdc: restore MIT KDC backend 2018-11-09 17:52:30 +01:00
kpasswd_glue.c dsdb: Remove LM hash parameter from samdb_set_password() and callers 2022-03-17 01:57:38 +00:00
kpasswd_glue.h kdc: Remove pre-check for existing NT and LM hash from kpasswd 2022-03-17 01:57:38 +00:00
kpasswd-helper.c dsdb: Remove LM hash parameter from samdb_set_password() and callers 2022-03-17 01:57:38 +00:00
kpasswd-helper.h s4-kdc: Add a kpasswd_samdb_set_password() helper function 2016-09-13 00:19:24 +02:00
kpasswd-service-heimdal.c kdc: Remove pre-check for existing NT and LM hash from kpasswd 2022-03-17 01:57:38 +00:00
kpasswd-service-mit.c CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding setpw structure 2022-07-27 10:52:36 +00:00
kpasswd-service.c s4:kpasswd: Check return code of cli_credentials_set_conf() 2021-06-29 02:19:35 +00:00
kpasswd-service.h s4-kdc: Add a new kpasswd service implementation 2016-09-13 00:19:25 +02:00
ktutil.c ktutil: Print the numeric enctype if krb5_enctype_to_string() fails 2021-08-06 05:53:44 +00:00
mit_kdc_irpc.c s4:kdc: avoid using sdb_entry_ex in netr_samlogon_generic_logon() 2022-03-24 09:19:33 +00:00
mit_kdc_irpc.h s4-kdc: Add MIT KRB5 based irpc service for PAC validation 2017-04-29 23:31:09 +02:00
mit_samba.c s4:mitkdc: Always set SDB_F_FOR_{TGS,AS}_REQ flag for DAL >= 9 2022-07-04 12:22:16 +00:00
mit_samba.h s4:mit-samba: Pass flags to mit_samba_get_pac() 2022-04-13 12:59:30 +00:00
pac-glue.c s4:kdc: Add asserted identity SID to identify whether S4U2Self has occurred 2022-04-13 13:54:27 +00:00
pac-glue.h s4:kdc: Add asserted identity SID to identify whether S4U2Self has occurred 2022-04-13 13:54:27 +00:00
samba_kdc.h s4:kdc: let samba_kdc_entry take references to sdb_entry and kdc_entry 2022-03-24 09:19:33 +00:00
sdb_to_hdb.c s4:kdc: remove unused sdb_entry_ex_to_hdb_entry_ex() 2022-03-24 09:19:33 +00:00
sdb_to_kdb.c s4:kdc: Add Smart Card and file based PKINIT support 2022-03-25 20:58:33 +00:00
sdb.c s4:kdc: add old and older keys to sdb_entry 2022-03-24 09:19:33 +00:00
sdb.h s4:kdc: add old and older keys to sdb_entry 2022-03-24 09:19:33 +00:00
wdc-samba4.c s4:kdc: Add asserted identity SID to identify whether S4U2Self has occurred 2022-04-13 13:54:27 +00:00
wscript_build s4:kdc: Add function to get user_info_dc from database 2022-03-18 11:55:30 +00:00