samba.git/source4/heimdal/lib, branch talloc-2.1.10 Unnamed repository; edit this file 'description' to name the repository. CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation 2017-07-12T15:44:50+00:00 Jeffrey Altman jaltman@secure-endpoints.com 2017-04-12T19:40:42+00:00 3799a32e41134a2dff797ebeacf5abdb8d332e6e In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894 (based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 12 17:44:50 CEST 2017 on sn-devel-144 
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'.  Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 12 17:44:50 CEST 2017 on sn-devel-144
strerror_r: provide XSI-compliant strerror_r 2017-06-13T16:38:14+00:00 Gary Lockyer gary@catalyst.net.nz 2017-06-01T01:26:38+00:00 378ae342c4e2e6b5bafbe54067d35344746be41b Provide a XSI-compliant strerror_r on GNU based systems. The default GNU strerror_r is not XSI-compliant, this patch wraps the GNU-specific call in an XSI-compliant wrapper. This reverts 18ed32ce0821d11c0c06d82c07ba1c27b0c2b886 which tried to make Heimdal use roken, rather than libreplace for strerror_r. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Provide a XSI-compliant strerror_r on GNU based systems.
The default GNU strerror_r is not XSI-compliant, this patch wraps the
GNU-specific call in an XSI-compliant wrapper.

This reverts 18ed32ce0821d11c0c06d82c07ba1c27b0c2b886 which tried to
make Heimdal use roken, rather than libreplace for strerror_r.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
heimdal: Pass extra information to hdb_auth_status() to log success and failures 2017-03-29T00:37:28+00:00 Andrew Bartlett abartlet@samba.org 2017-02-21T01:07:54+00:00 f498ba77df2313e78863e5f2706840c43e232a96 We now pass on the original client name and the client address to allow consistent audit logging in Samba across multiple protocols. We use config->db[0] to find the first database to record incorrect users. Signed-off-by: Andrew Bartlett <abartlet@samba.org> 
We now pass on the original client name and the client address to allow
consistent audit logging in Samba across multiple protocols.

We use config->db[0] to find the first database to record incorrect
users.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Correct "updateing" typos. 2017-02-22T07:26:23+00:00 Chris Lamb chris@chris-lamb.co.uk 2017-02-17T20:00:39+00:00 fccdf34a0f7ebe510769743a99b9ef2da2a20045 Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> 
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Correct "unavaible" typos. 2017-02-22T07:26:23+00:00 Chris Lamb chris@chris-lamb.co.uk 2017-02-17T20:00:31+00:00 5c20790272456e547afb0ad72fb9284e2f14de30 Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> 
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Correct "allignment" typos. 2017-02-22T07:26:23+00:00 Chris Lamb chris@chris-lamb.co.uk 2017-02-17T20:00:26+00:00 8fcc49ecd44e69d7f9ada212c63896e0dcf488a4 Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> 
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Correct "paramaters" typos. 2017-02-22T07:26:23+00:00 Chris Lamb chris@chris-lamb.co.uk 2017-02-17T20:00:21+00:00 e0366ea49d5daa8fbf8b2ca22b1d3c77cc2daf9a Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> 
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Correct "explicity" typos. 2017-02-22T07:26:23+00:00 Chris Lamb chris@chris-lamb.co.uk 2017-02-17T20:00:16+00:00 45b14b18fe3f01ae8ea22afcd112205b8a4cf9bc Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> 
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Correct "encyption" typos. 2017-02-22T07:26:23+00:00 Chris Lamb chris@chris-lamb.co.uk 2017-02-17T20:00:10+00:00 6e2869ab1003f9411bc6fe20f6756d36c05a22f9 Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> 
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Correct "existence" typos. 2017-02-22T07:26:22+00:00 Chris Lamb chris@chris-lamb.co.uk 2017-02-17T19:56:18+00:00 5482e5426e09667d26e04dd0c6e0107e46e1028f Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> 
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>