Stefan Metzmacher 56018a50e7 s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos ... Even if the msDS-KeyVersionNumber of the main krbtgt account if larger than 65535, we need to have the 16 upper bits all zero in order to avoid mixing the keys with an RODC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14951 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (similar to commit ab0946a75d) Autobuild-User(v4-14-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-14-test): Tue Mar 29 10:32:05 UTC 2022 on sn-devel-184		2022-03-29 10:32:05 +00:00
..
mit-kdb	CVE-2020-25719 mit-samba: Rework PAC handling in kdb_samba_db_sign_auth_data()	2021-11-08 10:46:45 +01:00
db-glue.c	s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos	2022-03-29 10:32:05 +00:00
db-glue.h	CVE-2020-25719 kdc: Avoid races and multiple DB lookups in s4u2self check	2021-11-08 10:46:45 +01:00
hdb-samba4-plugin.c	kdc: Add belts-and-braces check that we fail if the hdb version changes	2014-01-20 22:26:49 +01:00
hdb-samba4.c	s4:kdc: redirect pre-authentication failured to an RWDC	2022-03-18 11:55:11 +00:00
kdc-glue.c	s4-kdc: move kdc_check_pac() to a new subsystem KDC-GLUE.	2015-07-21 19:04:14 +02:00
kdc-glue.h	s4-kdc: Create a kdc-proxy.h header file	2016-06-18 23:32:27 +02:00
kdc-heimdal.c	CVE-2020-25717: Add FreeIPA domain controller role	2021-11-08 10:46:43 +01:00
kdc-proxy.c	s4: rename source4/smbd/ to source4/samba/	2020-11-27 10:07:18 +00:00
kdc-proxy.h	s4-kdc: Create a kdc-proxy.h header file	2016-06-18 23:32:27 +02:00
kdc-server.c	s4: rename source4/smbd/ to source4/samba/	2020-11-27 10:07:18 +00:00
kdc-server.h	s4-kdc: Allow to set the keytab_name in the kdc_server structure	2016-09-13 00:19:24 +02:00
kdc-service-mit.c	s4: rename source4/smbd/ to source4/samba/	2020-11-27 10:07:18 +00:00
kdc-service-mit.h	s4-kdc: restore MIT KDC backend	2018-11-09 17:52:30 +01:00
kpasswd_glue.c	samdb: Add remote address to connect	2018-05-10 20:02:23 +02:00
kpasswd_glue.h	s4-kdc_kpasswd: split out some code to a KPASSWD_GLUE subsystem.	2015-07-21 19:04:14 +02:00
kpasswd-helper.c	samdb: Add remote address to connect	2018-05-10 20:02:23 +02:00
kpasswd-helper.h	s4-kdc: Add a kpasswd_samdb_set_password() helper function	2016-09-13 00:19:24 +02:00
kpasswd-service-heimdal.c	s4: rename source4/smbd/ to source4/samba/	2020-11-27 10:07:18 +00:00
kpasswd-service-mit.c	s4: rename source4/smbd/ to source4/samba/	2020-11-27 10:07:18 +00:00
kpasswd-service.c	s4: rename source4/smbd/ to source4/samba/	2020-11-27 10:07:18 +00:00
kpasswd-service.h	s4-kdc: Add a new kpasswd service implementation	2016-09-13 00:19:25 +02:00
ktutil.c	s4: Add kerberos tracing	2018-12-20 01:31:17 +01:00
mit_kdc_irpc.c	s4: rename source4/smbd/ to source4/samba/	2020-11-27 10:07:18 +00:00
mit_kdc_irpc.h	s4-kdc: Add MIT KRB5 based irpc service for PAC validation	2017-04-29 23:31:09 +02:00
mit_samba.c	CVE-2020-25719 s4:kdc: Add KDC support for PAC_REQUESTER_SID PAC buffer	2021-11-08 10:46:45 +01:00
mit_samba.h	CVE-2020-25719 mit-samba: Add mit_samba_princ_needs_pac()	2021-11-08 10:46:45 +01:00
pac-glue.c	CVE-2020-25719 s4:kdc: Add KDC support for PAC_REQUESTER_SID PAC buffer	2021-11-08 10:46:45 +01:00
pac-glue.h	CVE-2020-25719 s4:kdc: Add KDC support for PAC_REQUESTER_SID PAC buffer	2021-11-08 10:46:45 +01:00
samba_kdc.h	s4:kdc: remember is_krbtgt, is_rodc and is_trust samba_kdc_entry	2018-03-19 20:30:52 +01:00
sdb_to_hdb.c	s4-sdb: Generate etypes list out of keys list	2016-09-26 02:25:07 +02:00
sdb_to_kdb.c	CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag	2019-12-10 10:44:01 +00:00
sdb.c	s4-kdc: Remove unused etypes from sdb structure	2016-09-26 06:08:09 +02:00
sdb.h	kdc: Remind us that these values need to match other values	2020-08-07 03:23:44 +00:00
wdc-samba4.c	CVE-2020-25719 s4:kdc: Add KDC support for PAC_REQUESTER_SID PAC buffer	2021-11-08 10:46:45 +01:00
wscript_build	waf: Allow building with MIT KRB5 >= 1.20	2021-10-26 12:00:28 +00:00