sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code
a88bb04ca2
samba-mirror/source4/kdc
History
Joseph Sutton 958f2bce69 CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets 
If TGTs can be used as kpasswd tickets, the two-minute lifetime of a
authentic kpasswd ticket may be bypassed. Furthermore, kpasswd tickets
are not supposed to be cached, but using this flaw, a stolen credentials
cache containing a TGT may be used to change that account's password,
and thus is made more valuable to an attacker.

Since all TGTs should be issued with a REQUESTER_SID PAC buffer, and
service tickets without it, we assert the absence of this buffer to
ensure we're not accepting a TGT.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-27 10:52:36 +00:00
..
mit-kdb CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less 2022-07-27 10:52:36 +00:00
db-glue.c CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components 2022-07-27 10:52:36 +00:00
db-glue.h s4:kdc: Add helper function to extract AES256 key and salt 2022-06-26 22:10:29 +00:00
hdb-samba4-plugin.c CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal 2022-07-27 10:52:36 +00:00
hdb-samba4.c CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal 2022-07-27 10:52:36 +00:00
kdc-glue.c s4:kdc: Adapt to hdb_entry_ex removal 2022-03-01 22:34:35 +00:00
kdc-glue.h CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal 2022-07-27 10:52:36 +00:00
kdc-heimdal.c CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name 2022-07-27 10:52:36 +00:00
kdc-proxy.c s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
kdc-proxy.h s4-kdc: Create a kdc-proxy.h header file 2016-06-18 23:32:27 +02:00
kdc-server.c s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
kdc-server.h CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name 2022-07-27 10:52:36 +00:00
kdc-service-mit.c CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name 2022-07-27 10:52:36 +00:00
kdc-service-mit.h s4-kdc: restore MIT KDC backend 2018-11-09 17:52:30 +01:00
kpasswd_glue.c dsdb: Remove LM hash parameter from samdb_set_password() and callers 2022-03-17 01:57:38 +00:00
kpasswd_glue.h kdc: Remove pre-check for existing NT and LM hash from kpasswd 2022-03-17 01:57:38 +00:00
kpasswd-helper.c CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets 2022-07-27 10:52:36 +00:00
kpasswd-helper.h CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets 2022-07-27 10:52:36 +00:00
kpasswd-service-heimdal.c CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets 2022-07-27 10:52:36 +00:00
kpasswd-service-mit.c CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets 2022-07-27 10:52:36 +00:00
kpasswd-service.c CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd server principal into krb5_rd_req_ctx() 2022-07-27 10:52:36 +00:00
kpasswd-service.h s4-kdc: Add a new kpasswd service implementation 2016-09-13 00:19:25 +02:00
ktutil.c ktutil: Print the numeric enctype if krb5_enctype_to_string() fails 2021-08-06 05:53:44 +00:00
mit_kdc_irpc.c s4:kdc: avoid using sdb_entry_ex in netr_samlogon_generic_logon() 2022-03-24 09:19:33 +00:00
mit_kdc_irpc.h s4-kdc: Add MIT KRB5 based irpc service for PAC validation 2017-04-29 23:31:09 +02:00
mit_samba.c s4:mitkdc: Always set SDB_F_FOR_{TGS,AS}_REQ flag for DAL >= 9 2022-07-04 12:22:16 +00:00
mit_samba.h s4:mit-samba: Pass flags to mit_samba_get_pac() 2022-04-13 12:59:30 +00:00
pac-glue.c s4:kdc: Add asserted identity SID to identify whether S4U2Self has occurred 2022-04-13 13:54:27 +00:00
pac-glue.h s4:kdc: Add asserted identity SID to identify whether S4U2Self has occurred 2022-04-13 13:54:27 +00:00
samba_kdc.h CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less 2022-07-27 10:52:36 +00:00
sdb_to_hdb.c s4:kdc: remove unused sdb_entry_ex_to_hdb_entry_ex() 2022-03-24 09:19:33 +00:00
sdb_to_kdb.c s4:kdc: Add Smart Card and file based PKINIT support 2022-03-25 20:58:33 +00:00
sdb.c s4:kdc: add old and older keys to sdb_entry 2022-03-24 09:19:33 +00:00
sdb.h s4:kdc: add old and older keys to sdb_entry 2022-03-24 09:19:33 +00:00
wdc-samba4.c CVE-2022-2031 s4:kdc: Reject tickets during the last two minutes of their life 2022-07-27 10:52:36 +00:00
wscript_build CVE-2022-2031 s4:kpasswd: Require an initial ticket 2022-07-27 10:52:36 +00:00