1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source4/auth
Joseph Sutton 9c4f7e4b33 s4:kdc: Don't modify cached user_info_dc SIDs
samba_kdc_get_pac_blobs() passes a pointer to a user_info_dc structure
obtained from samba_kdc_get_user_info_from_db() into
samba_add_asserted_identity(). The latter function modifies the SIDs of
the user_info_dc structure in order to add the Asserted Identity SID,
but samba_kdc_get_user_info_from_db() actually caches that structure
internally, meaning that subsequent calls will return the modified
structure.

We should not modify cached SIDs, so have
samba_kdc_get_user_info_from_db() return a pointer to constant data, and
copy the returned array of SIDs before adding the Asserted Identity SID.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 18:40:31 +00:00
..
gensec gensec: Align an integer type 2022-10-27 18:18:36 +00:00
kerberos s4:kdc: Add resource SID compression 2023-02-08 00:03:39 +00:00
ntlm auth: Make more liberal use of SID index constants 2023-02-08 00:03:39 +00:00
tests s4-auth: fix sam test binary ntstatus include path 2022-12-16 21:35:45 +00:00
auth.h s4: Add 'const' to some parameters 2023-02-08 00:03:39 +00:00
pyauth.c pyauth: add python binding for auth_session_info_set_unix() 2020-06-05 10:32:31 +00:00
pyauth.h
sam.c s4-auth: Free user_info_dc in KDC caller to authsam_update_user_info_dc() 2023-02-08 01:05:47 +00:00
samba_server_gensec.c s4:auth: use talloc_reparent() in samba_server_gensec_krb5_start() 2017-05-30 08:06:07 +02:00
session.c s4:kdc: Don't modify cached user_info_dc SIDs 2023-03-22 18:40:31 +00:00
session.h s4:kdc: Don't modify cached user_info_dc SIDs 2023-03-22 18:40:31 +00:00
system_session.c auth: Correct primary group handling 2023-02-08 00:03:40 +00:00
unix_token.c auth: Make more liberal use of SID index constants 2023-02-08 00:03:39 +00:00
wscript_build CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3() 2022-10-25 10:31:33 +00:00
wscript_configure s4:auth/gensec: remove unused and untested cyrus_sasl module 2015-06-23 22:12:08 +02:00