| commit | 9ef9746bca73a939ad04b1df07caeb70921bc3de | |
| author | Andrew Bartlett <abartlet@samba.org> | |
| Wed, 11 Aug 2021 23:10:09 +0000 (12 11:10 +1200) | ||
| committer | Jule Anger <janger@samba.org> | |
| Tue, 9 Nov 2021 19:45:32 +0000 (9 19:45 +0000) | ||
| tree | 4ab023fb9fdad41231a4a8a6a3fb4d314e87a7b6 | treesnapshot (tar.gz zip) |
| parent | 93e5902369c22d625fa2e48b3eafe043dc17e3ba | commitdiff |
CVE-2020-25722 dsdb: Move krbtgt password setup after the point of checking if any passwords are changed
This allows the add of an RODC, before setting the password, to avoid
this module, which helps isolate testing of security around the
msDS-SecondaryKrbTgtNumber attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14703
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This allows the add of an RODC, before setting the password, to avoid
this module, which helps isolate testing of security around the
msDS-SecondaryKrbTgtNumber attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14703
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
| selftest/knownfail.d/priv_attr | diffblobblamehistory | |
| source4/dsdb/samdb/ldb_modules/password_hash.c | diffblobblamehistory |