search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 8b9fe09) | patch
CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal
commit04e452890ada8390828aa4c5c87ceefe44daa50f
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Wed, 18 May 2022 04:56:01 +0000 (18 16:56 +1200)
committerJule Anger <janger@samba.org>
Sun, 24 Jul 2022 09:55:51 +0000 (24 11:55 +0200)
tree090818c9da72c20e61c60c26591bdc63cc950ccdtree | snapshot (tar.gz zip)
parent8b9fe095b91ce62338829a6ac7012170e6af8898commit | diff
CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal

Since this principal goes through the samba_kdc_fetch_server() path,
setting the canonicalisation flag would cause the principal to be
replaced with the sAMAccountName; this meant requests to
kadmin/changepw@REALM would result in a ticket to krbtgt@REALM. Now we
properly handle canonicalisation for the kadmin/changepw principal.

View with 'git show -b'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
[jsutton@samba.org Adapted entry to entry_ex->entry; removed MIT KDC
 1.20-specific knownfails]
selftest/knownfail.d/kadmin_changepw [deleted file] blob | blame | history
selftest/knownfail_heimdal_kdc diff | blob | blame | history
source4/kdc/db-glue.c diff | blob | blame | history
Samba GIT mirror