| commit | bbfbbb9f6483d113c7b428109ee00c1c1aab4b02 | |
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | |
| Wed, 18 May 2022 04:06:31 +0000 (18 16:06 +1200) | ||
| committer | Jule Anger <janger@samba.org> | |
| Wed, 27 Jul 2022 10:52:36 +0000 (27 10:52 +0000) | ||
| tree | 929dc657a264632a293899b3686afb21498e12e6 | treesnapshot (tar.gz zip) |
| parent | e0c135e6c146b4bbbfbf9642c1b9c2d05c091963 | commitdiff |
CVE-2022-2031 gensec_krb5: Add helper function to check if client sent an initial ticket
This will be used in the kpasswd service to ensure that the client has
an initial ticket to kadmin/changepw, and not a service ticket.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This will be used in the kpasswd service to ensure that the client has
an initial ticket to kadmin/changepw, and not a service ticket.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
| source4/auth/gensec/gensec_krb5.c | diffblobblamehistory | |
| source4/auth/gensec/gensec_krb5_helpers.c | [new file with mode: 0644] | blob |
| source4/auth/gensec/gensec_krb5_helpers.h | [new file with mode: 0644] | blob |
| source4/auth/gensec/gensec_krb5_internal.h | [new file with mode: 0644] | blob |
| source4/auth/gensec/wscript_build | diffblobblamehistory |