sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code
decacb0e7e
samba-mirror/auth
History
Alexander Bokovoy 8e931fce12 Do not fail checksums for RFC8009 types 
While Active Directory does not support yet RFC 8009 encryption and
checksum types, it is possible to verify these checksums when running
with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA
domain controller which uses them by default.

[2023/06/16 21:51:04.923873, 10, pid=51149, effective(0, 0), real(0, 0)]
../../lib/krb5_wrap/krb5_samba.c:1496(smb_krb5_kt_open_relative)
  smb_krb5_open_keytab: resolving: FILE:/etc/samba/samba.keytab
[2023/06/16 21:51:04.924196,  2, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:66(check_pac_checksum)
  check_pac_checksum: Checksum Type 20 is not supported
[2023/06/16 21:51:04.924228,  5, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:353(kerberos_decode_pac)
  PAC Decode: Failed to verify the service signature: Invalid argument

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-08 03:00:39 +00:00
..
credentials auth/credentials: Remove use of pytalloc_get_type() of NDR types in pycredentials 2024-03-28 01:50:41 +00:00
gensec auth:gensec: Zero digest array in error case 2023-12-08 02:28:33 +00:00
kerberos Do not fail checksums for RFC8009 types 2024-04-08 03:00:39 +00:00
ntlmssp auth: Fix code spelling 2023-09-11 02:42:41 +00:00
auth_log.c auth: Add functionality to log client and server policy information 2023-06-25 23:29:32 +00:00
auth_sam_reply.c auth: Fix code spelling 2023-09-11 02:42:41 +00:00
auth_sam_reply.h s4:kdc: Add resource SID compression 2023-02-08 00:03:39 +00:00
auth_util.c CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and auth_session_info 2022-07-27 10:52:36 +00:00
auth_util.h auth: Add necessary decoration to auth/auth_util.h 2019-04-03 16:55:27 +00:00
authn_policy_impl.h s4:kdc: Add helper functions to create optional int64 values 2023-06-15 05:29:28 +00:00
authn_policy.c s4:kdc: Move NTLM device restrictions to ‘authn_policy_util’ 2023-06-15 05:29:28 +00:00
authn_policy.h s4:kdc: Move NTLM device restrictions to ‘authn_policy_util’ 2023-06-15 05:29:28 +00:00
common_auth.h s4:kdc: Add a flag indicating that the device should be added to Authenticated Users 2023-10-24 00:54:31 +00:00
wbc_auth_util.c auth: Make more liberal use of SID index constants 2023-02-08 00:03:39 +00:00
wscript_build auth: Move authn_policy code into auth subsystem 2023-06-15 05:29:28 +00:00