1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/lib
Alexander Bokovoy 215bb9bd48 Do not fail checksums for RFC8009 types
While Active Directory does not support yet RFC 8009 encryption and
checksum types, it is possible to verify these checksums when running
with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA
domain controller which uses them by default.

[2023/06/16 21:51:04.923873, 10, pid=51149, effective(0, 0), real(0, 0)]
../../lib/krb5_wrap/krb5_samba.c:1496(smb_krb5_kt_open_relative)
  smb_krb5_open_keytab: resolving: FILE:/etc/samba/samba.keytab
[2023/06/16 21:51:04.924196,  2, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:66(check_pac_checksum)
  check_pac_checksum: Checksum Type 20 is not supported
[2023/06/16 21:51:04.924228,  5, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:353(kerberos_decode_pac)
  PAC Decode: Failed to verify the service signature: Invalid argument

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15635

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8e931fce12)

Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Tue Apr 16 12:24:55 UTC 2024 on atb-devel-224
2024-04-16 12:24:55 +00:00
..
addns lib:addns: Don’t call memcpy() with a NULL pointer 2023-05-05 02:54:31 +00:00
afs auth: Make more liberal use of SID index constants 2023-02-08 00:03:39 +00:00
async_req lib/async_req: let writev_send/recv use TEVENT_FD_ERROR 2023-10-24 09:36:37 +00:00
audit_logging lib:audit_logging: Initialize ‘tm’ structure 2023-09-27 02:43:28 +00:00
cmdline lib:cmdline: Fix code spelling 2023-12-21 20:21:34 +00:00
compression Use python.h from libreplace 2023-11-20 15:37:33 +00:00
crypto lib:crypto: Add tests for GKDI key derivation 2023-12-22 06:31:29 +00:00
dbwrap dbwrap: Simplify dbwrap_change_int32_atomic_action() 2023-08-14 19:53:37 +00:00
fuzzing fuzz: allow max size conditional ACE round-trip failure 2023-12-22 00:51:13 +00:00
krb5_wrap Do not fail checksums for RFC8009 types 2024-04-16 12:24:55 +00:00
ldb ldb: release 2.9.0 for use in Samba 4.20.x 2024-01-29 14:39:32 +00:00
ldb-samba Use python.h from libreplace 2023-11-20 15:37:33 +00:00
messaging lib:messaging: Fix code spelling 2023-04-11 09:06:36 +00:00
mscat lib:mscat: Remove unnecessary casts 2023-09-14 21:35:28 +00:00
param VERSION: move COPYRIGHT_STARTUP_MESSAGE as SAMBA_COPYRIGHT_STRING into version.h 2023-12-15 10:44:42 +00:00
printer_driver lib:printer_driver: Check return value of gp_inifile_enum_section() (CID 1444835) 2023-10-13 02:18:30 +00:00
pthreadpool lib:pthreadpool: Fix code spelling 2023-04-11 09:06:36 +00:00
replace lib:replace: Add python.h 2023-11-20 15:37:33 +00:00
smbconf Use python.h from libreplace 2023-11-20 15:37:33 +00:00
socket lib:socket: Add missing newlines to logging messages 2023-08-08 04:39:37 +00:00
talloc talloc: release 2.4.2 2024-01-29 14:39:32 +00:00
tdb tdb: release 1.4.10 2024-01-29 14:39:32 +00:00
tdb_wrap lib: Open tdb files with O_CLOEXEC 2021-06-04 16:47:34 +00:00
tdr util/charset: Rename utf16_len_n() to utf16_null_terminated_len_n() 2023-11-15 22:07:36 +00:00
tevent tevent: release 0.16.1 2024-01-29 14:39:32 +00:00
texpect texpect: don't ignore unknown options 2021-09-10 15:10:30 +00:00
torture lib/torture: Remove trailing whitespace 2023-12-08 02:28:33 +00:00
tsocket lib/tsocket: add tstream_bsd_fail_readv_first_error() 2023-10-24 09:36:37 +00:00
util time.c: fix ctime which was feeded with the mtime seconds 2024-01-16 14:37:31 +00:00
README various: Remove references to about to be deleted thirdparty/dnspython 2018-12-11 20:07:18 +01:00
wscript_build

compression - Various compression algorithms (MSZIP, lzxpress)
popt - Command-line option parsing library
replace - Provides replacements for standard (POSIX, C99) functions 
          not provided by the host platform.
subunit - Utilities and bindings for working with the Subunit test result 
          reporting protocol.
talloc - Hierarchical pool based memory allocator 
tdb - Simple but fast key/value database library, supporting multiple writers
torture - Simple unit testing helper library