1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/auth
Stefan Metzmacher e2d271cb6b CVE-2020-25719 CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or member)
AD domains always provide a PAC unless UF_NO_AUTH_DATA_REQUIRED is set
on the service account, which can only be explicitly configured,
but that's an invalid configuration!

We still try to support standalone servers in an MIT realm,
as legacy setup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

[jsutton@samba.org Removed knownfail entries]
2021-11-09 19:45:33 +00:00
..
credentials CVE-2020-25722 selftest: allow for future failures in BindTests.test_virtual_email_account_style_bind 2021-11-09 19:45:32 +00:00
gensec CVE-2020-25719 CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or member) 2021-11-09 19:45:33 +00:00
kerberos auth/kerberos: add auth4_context_{for,get}_PAC_DATA_CTR() helpers 2020-02-10 16:32:36 +00:00
ntlmssp CVE-2020-25717: auth/ntlmssp: start with authoritative = 1 2021-11-09 19:45:32 +00:00
auth_log.c auth auth_log: csbuild unused parm transport_protection 2019-06-13 07:16:22 +00:00
auth_sam_reply.c Add PrimaryGroupId to group array in DC response 2019-07-03 13:52:55 +00:00
auth_sam_reply.h auth: add auth_user_info_copy() function 2018-03-15 21:54:17 +01:00
auth_util.c auth: move copy_session_info() from source3 into the global auth context 2018-10-11 10:28:17 +02:00
auth_util.h auth: Add necessary decoration to auth/auth_util.h 2019-04-03 16:55:27 +00:00
common_auth.h auth: Simplify struct auth4_context 2020-01-06 23:34:00 +00:00
wbc_auth_util.c auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6 2016-06-30 03:30:26 +02:00
wscript_build auth: move copy_session_info() from source3 into the global auth context 2018-10-11 10:28:17 +02:00