sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code
samba-mirror/source4
History
Joseph Sutton 7b57cfb1a9 s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request 
I’m not sure exactly how this check was supposed to work. But in any
case, within fast_unwrap_request() the Heimdal KDC replaces the outer
padata with the padata from the inner FAST request. Hence, this check
does not accomplish anything useful: at no point should the KDC plugin
see the outer padata.

A couple of unwanted consequences resulted from this check. One was that
a client who sent empty FX‐FAST padata within the inner FAST request
would receive the *Authentication Authority* Asserted Identity SID
instead of the *Service* Asserted Identity SID. Another consequence was
that a client could in the same manner bypass the restriction on
performing S4U2Self with an RODC‐issued TGT.

Overall, samba_wdc_is_s4u2self_req() is somewhat of a hack. But the
Heimdal plugin API gives us nothing better to work with.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5c580dbdb3e6a70c8d2f5059e2b7293a7e780414)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15477
2023-09-22 20:11:08 +00:00
..
auth
python: Remove const from PyList_AsStringList()
2023-08-04 07:02:15 +00:00
cldap_server
cldap_server: Align integer types
2022-12-12 21:16:33 +00:00
client
s4:client: Fix shellcheck errors in test_smbclient.sh
2022-08-22 14:20:36 +00:00
cluster
dbwrap: Remove calls to loadparm
2018-04-24 01:53:19 +02:00
dns_server
s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal()
2023-06-02 12:20:09 +00:00
dsdb
s4-dsdb: Improve logging for drs_ObjectIdentifier_to_dn_and_nc_root()
2023-08-21 08:11:11 +00:00
echo_server
s4: rename source4/smbd/ to source4/samba/
2020-11-27 10:07:18 +00:00
include
lib: Remove smb_threads from includes.h
2022-04-26 21:41:29 +00:00
kdc
s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request
2023-09-22 20:11:08 +00:00
ldap_server
s4:ldap_server: let ldapsrv_call_writev_start use conn_idle_time to limit the time
2022-10-19 17:13:39 +00:00
lib
s4:lib/events: let s4_event_context_init() use samba_tevent_context_init()
2023-01-18 16:26:36 +00:00
libcli
s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext()
2023-08-11 08:48:12 +00:00
libnet
s4:libnet: correctly handle gnutls_pbkdf2() errors
2022-12-14 13:35:20 +00:00
librpc
s3-librpc: add ads.idl and convert ads_struct to talloc.
2022-12-16 20:38:32 +00:00
nbt_server
lib: Remove idtree from samba_util.h
2023-01-10 00:28:37 +00:00
ntp_signd
s4: rename source4/smbd/ to source4/samba/
2020-11-27 10:07:18 +00:00
ntvfs
lib: Remove idtree from samba_util.h
2023-01-10 00:28:37 +00:00
param
python: whitespace fixes
2022-10-03 20:03:32 +00:00
rpc_server
s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root
2023-08-21 09:12:14 +00:00
samba
Happy New Year 2023!
2023-01-01 00:24:02 +00:00
script
s4:script: Fix shellcheck errors in find_unused_options.sh
2022-08-22 14:20:36 +00:00
scripting
samba-tool: binary uses samba_tool function
2022-09-08 22:34:36 +00:00
selftest
winbind: Test wbinfo -u with more than 1000 users
2023-05-12 15:05:18 +00:00
setup
CVE-2023-0614 ldb: Prevent disclosure of confidential attributes
2023-03-20 10:03:50 +01:00
smb_server
lib: Remove idtree from samba_util.h
2023-01-10 00:28:37 +00:00
torture
libsmb: Fix test for smbc_getxattr
2023-09-06 09:28:02 +00:00
utils
s4:utils: Fix shellcheck errors in test_samba_tool.sh
2022-08-22 20:35:36 +00:00
winbind
CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message
2022-07-27 10:52:36 +00:00
wrepl_server
s4: rename source4/smbd/ to source4/samba/
2020-11-27 10:07:18 +00:00
.clang_complete
.valgrind_suppressions
wscript_build
s4:client: Migrate cifsdd to new cmdline option parser
2021-06-16 00:34:38 +00:00