samba.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Joseph Sutton <josephsutton@catalyst.net.nz>	2022-05-26 16:39:20 +1200
committer	Jule Anger <janger@samba.org>	2022-07-27 10:52:36 +0000
commit	484c6980befb86f7d81d708829ed4ceb819538eb (patch)
tree	bdaa438097c2adeca4699c3c9f1aac0a7c786fa6 /python
parent	2d3bd2d9ab16732d936da58109f7c977505dccd7 (diff)
download	samba-484c6980befb86f7d81d708829ed4ceb819538eb.tar.gz samba-484c6980befb86f7d81d708829ed4ceb819538eb.tar.bz2 samba-484c6980befb86f7d81d708829ed4ceb819538eb.zip

CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal

This plugin is now only used by the kpasswd service. Thus, ensuring we only look up the kadmin/changepw principal means we can't be fooled into accepting tickets for other service principals. We make sure not to specify a specific kvno, to ensure that we do not accept RODC-issued tickets. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>

Diffstat (limited to 'python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: